2 files changed, 11 insertions, 7 deletions

diff --git a/system/security/content/nsCSPContext.cpp b/system/security/content/nsCSPContext.cpp
index ec698b91d..544fe118b 100644
--- a/system/security/content/nsCSPContext.cpp
+++ b/system/security/content/nsCSPContext.cpp
@@ -1309,6 +1309,7 @@ NS_IMETHODIMP
 nsCSPContext::Permits(nsIURI* aURI,
                       CSPDirective aDir,
                       bool aSpecific,
+                      bool aSendViolationReports,
                       bool* outPermits)
 {
   // Can't perform check without aURI
@@ -1323,13 +1324,13 @@ nsCSPContext::Permits(nsIURI* aURI,
                                 false,    // not redirected.
                                 false,    // not a preload.
                                 aSpecific,
-                                true,     // send violation reports
+                                aSendViolationReports,
                                 true,     // send blocked URI in violation reports
                                 false);   // not parser created
 
   if (CSPCONTEXTLOGENABLED()) {
-      CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %d, isAllowed: %s",
-                     aURI->GetSpecOrDefault().get(), aDir,
+      CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %s, isAllowed: %s",
+                     aURI->GetSpecOrDefault().get(), CSP_CSPDirectiveToString(aDir),
                      *outPermits ? "allow" : "deny"));
   }
 
diff --git a/system/security/content/nsIContentSecurityPolicy.idl b/system/security/content/nsIContentSecurityPolicy.idl
index da4297f33..e76c39c44 100644
--- a/system/security/content/nsIContentSecurityPolicy.idl
+++ b/system/security/content/nsIContentSecurityPolicy.idl
@@ -252,9 +252,6 @@ interface nsIContentSecurityPolicy : nsISerializable
   /**
    * Checks if a specific directive permits loading of a URI.
    *
-   * NOTE: Calls to this may trigger violation reports when queried, so the
-   * return value should not be cached.
-   *
    * @param aURI
    *    The URI about to be loaded or used.
    * @param aDir
@@ -266,11 +263,17 @@ interface nsIContentSecurityPolicy : nsISerializable
    *    "false" allows CSP to fall back to default-src.  This function
    *    behaves the same for both values of canUseDefault when querying
    *    directives that don't fall-back.
+   * @param aSendViolationReports
+   *    If `true` and the uri is not allowed then trigger violation reports.
+   *    This should be `false` for caching or preloads.
    * @return
    *    Whether or not the provided URI is allowed by CSP under the given
    *    directive. (block the pending operation if false).
    */
-  boolean permits(in nsIURI aURI, in CSPDirective aDir, in boolean aSpecific);
+  boolean permits(in nsIURI aURI,
+                  in CSPDirective aDir,
+                  in boolean aSpecific,
+                  in boolean aSendViolationReports);
 
   /**
    * Delegate method called by the service when sub-elements of the protected