Security/Subresource Integrity: Difference between revisions
< Security
Jump to navigation
Jump to search
(→Description: note that it landed in 43) |
(→Engineering: add code walkthrough) |
||
| Line 6: | Line 6: | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=992096 Tracking Bug] | * [https://bugzilla.mozilla.org/show_bug.cgi?id=992096 Tracking Bug] | ||
The bulk of the code lives in these two classes: | |||
* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/security/SRICheck.h SRICheck] | |||
* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/security/SRIMetadata.h SRIMetadata] | |||
which hook into: | |||
* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp layout/style/Loader.cpp] (CSS loader) | |||
* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp dom/base/nsScriptLoader.cpp] (Script loader) | |||
Both of these hooks work in the same way: | |||
# We start by creating an <tt>SRIMetadata</tt> object from the content of the <tt>integrity</tt> attribute as we process the element: | |||
#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l555 nsScriptLoader::ProcessScriptElement()] | |||
#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l1661 nsScriptLoader::PreloadURI()] | |||
#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp#l1259 Loader::CreateSheet()] | |||
# We then wait until the file is downloaded and check that the hash of the contents matches the SRI hash: | |||
#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l1436 nsScriptLoader::OnStreamComplete()] | |||
#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp#l966 SheetLoadData::OnStreamComplete()] | |||
# We return <tt>NS_ERROR_SRI_CORRUPT</tt>, which fails the load and triggers the <tt>error</tt> event on that element, if the hashes don't match. | |||
== QA == | == QA == | ||
Revision as of 23:24, 23 September 2015
Description
Subresource Integrity is a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. It landed in Firefox 43.
Engineering
The bulk of the code lives in these two classes:
which hook into:
- layout/style/Loader.cpp (CSS loader)
- dom/base/nsScriptLoader.cpp (Script loader)
Both of these hooks work in the same way:
- We start by creating an SRIMetadata object from the content of the integrity attribute as we process the element:
- We then wait until the file is downloaded and check that the hash of the contents matches the SRI hash:
- We return NS_ERROR_SRI_CORRUPT, which fails the load and triggers the error event on that element, if the hashes don't match.
QA
To turn on debugging output, export the following environment variable:
NSPR_LOG_MODULES="SRI:5,SRIMetadata:5"