From 9ef50065928d5bfb3ff0ee80330615a1ebc4cc21 Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Tue, 12 Jul 2022 12:48:06 +0000
Subject: Issue #1959 - Don't apply CSPs to explicit data documents and images.

This resolves #1959
---
 dom/base/nsDocument.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp
index 95827151db..f5df30ffed 100644
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -2504,6 +2504,21 @@ nsDocument::InitCSP(nsIChannel* aChannel)
     return NS_OK;
   }
 
+  // If this is explicitly loaded as a data document, no need to set a CSP.
+  if (mLoadedAsData) {
+    return NS_OK;
+  }
+  
+  // If this is an image, no need to set a CSP.
+  // If we don't do this, SVG images will be parsed as normal XML documents and
+  // subject to served CSPs, which might block internally applied inline styles.
+  // See UXP issue #1959.
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+  if (loadInfo->GetExternalContentPolicyType() ==
+      nsIContentPolicy::TYPE_IMAGE) {
+    return NS_OK;
+  }
+
   nsAutoCString tCspHeaderValue, tCspROHeaderValue;
 
   nsCOMPtr<nsIHttpChannel> httpChannel;
@@ -2532,7 +2547,6 @@ nsDocument::InitCSP(nsIChannel* aChannel)
 
   // Check if this is a signed content to apply default CSP.
   bool applySignedContentCSP = false;
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
   if (loadInfo && loadInfo->GetVerifySignedContent()) {
     applySignedContentCSP = true;
   }
-- 
cgit v1.2.3