$this->verifyPostBodyOk();
$report = $this->getReport();
- $flags = $this->getFlags( $report );
+ $flags = $this->getFlags( $report, $userAgent );
$warningText = $this->generateLogLine( $flags, $report );
$this->logReport( $flags, $warningText, [
* Get extra notes about the report.
*
* @param array $report The CSP report
+ * @param string $userAgent
* @return array
*/
- private function getFlags( $report ) {
+ private function getFlags( $report, $userAgent ) {
$reportOnly = $this->getParameter( 'reportonly' );
$source = $this->getParameter( 'source' );
$falsePositives = $this->getConfig()->get( 'CSPFalsePositiveUrls' );
}
if (
- ( isset( $report['blocked-uri'] ) &&
- isset( $falsePositives[$report['blocked-uri']] ) )
- || ( isset( $report['source-file'] ) &&
- isset( $falsePositives[$report['source-file']] ) )
+ (
+ ContentSecurityPolicy::falsePositiveBrowser( $userAgent ) &&
+ $report['blocked-uri'] === "self"
+ ) ||
+ (
+ isset( $report['blocked-uri'] ) &&
+ isset( $falsePositives[$report['blocked-uri']] )
+ ) ||
+ (
+ isset( $report['source-file'] ) &&
+ isset( $falsePositives[$report['source-file']] )
+ )
) {
- // Report caused by Ad-Ware
+ // False positive due to:
+ // https://bugzilla.mozilla.org/show_bug.cgi?id=1026520
+
$flags[] = 'false-positive';
}
return $flags;
/**
* Get the report from post body and turn into associative array.
*
- * @return Array
+ * @return array
*/
private function getReport() {
$postBody = $this->getRequest()->getRawInput();
dépôts / lhc / web / wiklou.git / blobdiff