We need to implement the CSP3 'navigate-to' directive, which limits the targets of any navigation (<a>, <form>, window.open(), window.location, etc. (Note that if there is also a 'form-action' directive then that regulates <form>)

https://w3c.github.io/webappsec-csp/#directive-navigate-to

Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d0aae34d9b95
navigate-to r=ckerschb,mccr8

Backed out for android wpt failures at form-redirected-blocked.sub.htm

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedJob=260207847&resultStatus=testfailed%2Cbusted%2Cexception&searchStr=wpt15&revision=d0aae34d9b95e19964c0080cf3d82b3e5da84da4

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=260207847&repo=autoland&lineNumber=1755

Backout: https://hg.mozilla.org/integration/autoland/rev/b1aef4fe06b176c13035904604273426d352b61d

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4)

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

AFAIK we don't do anything special for form submission.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/99b313550fb8
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Backed out for eslint failure on test_navigate_to.html

backout: https://hg.mozilla.org/integration/autoland/rev/79806b618b39671202fac8c9f9817f2aa4252034

push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=99b313550fb897d605a96e597d4767cbdee73efc&searchStr=linting%2Copt%2Cjavascript%2Cchecks%2Csource-test-mozlint-eslint%2Cjs%28es%29&group_state=expanded&selectedJob=264985352

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264985352&repo=autoland&lineNumber=224

[task 2019-09-04T17:55:24.451Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-09-04T17:55:24.451Z]
[task 2019-09-04T17:55:24.451Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:125:3 | Expected method shorthand. (object-shorthand)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:134:3 | Expected method shorthand. (object-shorthand)
[taskcluster 2019-09-04 18:08:03.633Z] === Task Finished ===
[taskcluster 2019-09-04 18:08:04.845Z] Unsuccessful task run with exit code: 1 completed in 1002.744 seconds

failure log bustage: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264988158&repo=autoland&lineNumber=69985

[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - In file included from /builds/worker/workspace/build/src/obj-firefox/docshell/base/Unified_cpp_docshell_base0.cpp:83:
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:5: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:54: error: use of undeclared identifier 'loadInfo'; did you mean 'aLoadInfo'?
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^~~~~~~~
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - aLoadInfo
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9792:48: note: 'aLoadInfo' declared here
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - nsDocShellLoadState* aLoadState, LoadInfo* aLoadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:23: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:27: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9880:14: error: cannot initialize return object of type 'bool' with an lvalue of type 'const nsresult'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - 5 errors generated.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/890bcaee9b7d
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

https://hg.mozilla.org/mozilla-central/rev/890bcaee9b7d

Backed out changeset 890bcaee9b7d (bug 1529068) for causing tier2 failures on multiple platforms on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE

Log:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265074413&repo=mozilla-central&lineNumber=6626

Push with failures:
https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=890bcaee9b7db0922f4bdf55e39646da0dafdc1a

Backout:
https://hg.mozilla.org/integration/autoland/rev/d1181cbf7840362b625c2f26203a1e52d761f41b

Backout merged: https://hg.mozilla.org/mozilla-central/rev/d1181cbf7840

Navigate-to is defined in the Content Security Policy Level 3 draft, https://w3c.github.io/webappsec-csp/#directive-navigate-to
The patch is behind pref since the specification is still not finalized.

Treeherder passing previously failed test: https://treeherder.mozilla.org/#/jobs?repo=try&revision=26e55acb07b5961b63bfd1a98d77ad0a14937738

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/90b53eda6606
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

https://hg.mozilla.org/mozilla-central/rev/90b53eda6606

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Page to update would be https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to

(In reply to Florian Scholz [:fscholz] (MDN) from comment #18)

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Correct, we are not shipping in 71 and as of now don't have a date/Firefox version when we will pref that security mechanism on.

Thanks for adding/updating the docs.

Any updates on navigate-to being enabled by default?

(In reply to Eli Grey (:sephr) from comment #20)

Any updates on navigate-to being enabled by default?

The navigate-to is still experimental. As of now, we don't have any concrete plans to ship it.