Add a check to prevent a crash when CSP directives are used with chrome content

Chrome content uses System Principle and this kind of speculative preloading of CSP just won't work.
author: Matt A. Tobin <email@mattatobin.com> 2018-06-02 09:44:18 -0400
committer: Matt A. Tobin <email@mattatobin.com> 2018-06-02 09:44:18 -0400
commit: 7d9e2a108478d1fc79aa25b2ac56b62249e31dc5 (patch)
tree: 9853374fa43ba3e85ba5ad2f115eac4a9deeabc3 /parser
parent: 571b7cdbed4dfbccef83e9208422e58eea504b6f (diff)
download: uxp-7d9e2a108478d1fc79aa25b2ac56b62249e31dc5.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
index b0eabb13d6..4684496985 100644
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1041,12 +1041,17 @@ nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP)
 
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 
-  nsIPrincipal* principal = mDocument->NodePrincipal();
+  nsCOMPtr<nsIPrincipal> principal = mDocument->NodePrincipal();
   nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
   nsCOMPtr<nsIDOMDocument> domDoc = do_QueryInterface(mDocument);
   nsresult rv = principal->EnsurePreloadCSP(domDoc, getter_AddRefs(preloadCsp));
   NS_ENSURE_SUCCESS_VOID(rv);
 
+  if (!preloadCsp) {
+    // XXX: System principals can't preload CSP. We're done here.
+    return;
+  }
+
   // please note that meta CSPs and CSPs delivered through a header need
   // to be joined together.
   rv = preloadCsp->AppendPolicy(aCSP,
author	Matt A. Tobin <email@mattatobin.com>	2018-06-02 09:44:18 -0400
committer	Matt A. Tobin <email@mattatobin.com>	2018-06-02 09:44:18 -0400
commit	7d9e2a108478d1fc79aa25b2ac56b62249e31dc5 (patch)
tree	9853374fa43ba3e85ba5ad2f115eac4a9deeabc3 /parser
parent	571b7cdbed4dfbccef83e9208422e58eea504b6f (diff)
download	uxp-7d9e2a108478d1fc79aa25b2ac56b62249e31dc5.tar.gz