Backed out changeset 177e6f28d348 (bug 1567443) for causing mochitest failures on browser_check_identity_state.js. CLOSED TREE

2021-10-25 06:45:43 -04:00 · 2021-10-25 06:45:43 -04:00 · 0b4f04d43f
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@ -53,6 +53,12 @@ var gIdentityHandler = {
   */
  _state: 0,

+  /**
+   * RegExp used to decide if an about url should be shown as being part of
+   * the browser UI.
+   */
+  _secureInternalPages: /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion)(?:[?#]|$)/i,
+
  /**
   * Whether the established HTTPS connection is considered "broken".
   * This could have several reasons, such as mixed content or weak
@ -1143,17 +1149,9 @@ var gIdentityHandler = {
      this._uriHasHost = false;
    }

-    if (uri.schemeIs("about")) {
-      let module = E10SUtils.getAboutModule(uri);
-      if (module) {
-        let flags = module.getURIFlags(uri);
-        this._isSecureInternalUI = !!(
-          flags & Ci.nsIAboutModule.IS_SECURE_CHROME_UI
-        );
-      }
-    } else {
-      this._isSecureInternalUI = false;
-    }
+    this._isSecureInternalUI =
+      uri.schemeIs("about") && this._secureInternalPages.test(uri.pathQueryRef);
+
    this._pageExtensionPolicy = WebExtensionPolicy.getByURI(uri);

    // Create a channel for the sole purpose of getting the resolved URI
--- a/browser/base/content/test/siteIdentity/browser_check_identity_state.js
+++ b/browser/base/content/test/siteIdentity/browser_check_identity_state.js
@ -56,77 +56,6 @@ async function getReaderModeURL() {
 // This test is slow on Linux debug e10s
 requestLongerTimeout(2);

-add_task(async function chromeUITest() {
-  // needs to be set due to bug in ion.js that occurs when testing
-  SpecialPowers.pushPrefEnv({
-    set: [
-      ["toolkit.pioneer.testCachedContent", "[]"],
-      ["toolkit.pioneer.testCachedAddons", "[]"],
-    ],
-  });
-  // Might needs to be extended with new secure chrome pages
-  let secureChromePages = [
-    "addons",
-    "cache",
-    "certificate",
-    "compat",
-    "config",
-    "crashes",
-    "debugging",
-    "devtools",
-    "downloads",
-    "ion",
-    "license",
-    "logins",
-    "loginsimportreport",
-    "performance",
-    "plugins",
-    "policies",
-    "preferences",
-    "processes",
-    "profiles",
-    "profiling",
-    "protections",
-    "rights",
-    "sessionrestore",
-    "studies",
-    "support",
-    "telemetry",
-    "welcomeback",
-  ];
-
-  let nonSecureExamplePages = [
-    "about:about",
-    "about:credits",
-    "about:home",
-    "about:logo",
-    "about:memory",
-    "about:mozilla",
-    "about:networking",
-    "about:privatebrowsing",
-    "about:robots",
-    "about:serviceWorkers",
-    "about:sync-log",
-    "about:unloads",
-    "about:url-classifier",
-    "about:webrtc",
-    "about:welcome",
-    "http://example.com/" + DUMMY,
-  ];
-
-  for (let i = 0; i < secureChromePages.length; i++) {
-    await BrowserTestUtils.withNewTab("about:" + secureChromePages[i], () => {
-      is(getIdentityMode(), "chromeUI", "Identity should be chromeUI");
-    });
-  }
-
-  for (let i = 0; i < nonSecureExamplePages.length; i++) {
-    await BrowserTestUtils.withNewTab(nonSecureExamplePages[i], () => {
-      ok(getIdentityMode() != "chromeUI", "Identity should not be chromeUI");
-    });
-  }
-});
-
 async function webpageTest(secureCheck) {
  await SpecialPowers.pushPrefEnv({ set: [[INSECURE_ICON_PREF, secureCheck]] });
  let oldTab = await loadNewTab("about:robots");
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@ -65,38 +65,34 @@ static const RedirEntry kRedirMap[] = {
    {"logins", "chrome://browser/content/aboutlogins/aboutLogins.html",
     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
-         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
    {"loginsimportreport",
     "chrome://browser/content/aboutlogins/aboutLoginsImportReport.html",
     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
-         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
    {"tabcrashed", "chrome://browser/content/aboutTabCrashed.xhtml",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"policies", "chrome://browser/content/policies/aboutPolicies.html",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
    {"profiling",
     "chrome://devtools/content/performance-new/aboutprofiling/index.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"rights", "chrome://global/content/aboutRights.xhtml",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-         nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+         nsIAboutModule::ALLOW_SCRIPT},
    {"robots", "chrome://browser/content/aboutRobots.xhtml",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT},
    {"sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"welcomeback", "chrome://browser/content/aboutWelcomeBack.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    // Actual activity stream URL for home and newtab are set in channel
    // creation
    {"home", "about:blank", ACTIVITY_STREAM_FLAGS},
@ -119,10 +115,10 @@ static const RedirEntry kRedirMap[] = {
         nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
         nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"preferences", "chrome://browser/content/preferences/preferences.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"downloads",
     "chrome://browser/content/downloads/contentAreaDownloadsView.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"reader", "chrome://global/content/reader/aboutReader.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
@ -132,11 +128,9 @@ static const RedirEntry kRedirMap[] = {
    {"protections", "chrome://browser/content/protections.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
-         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
    {"ion", "chrome://browser/content/ion.html",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 };

 static nsAutoCString GetAboutModuleName(nsIURI* aURI) {
--- a/browser/extensions/webcompat/about-compat/AboutCompat.jsm
+++ b/browser/extensions/webcompat/about-compat/AboutCompat.jsm
@ -19,10 +19,7 @@ function AboutCompat() {
 AboutCompat.prototype = {
  QueryInterface: ChromeUtils.generateQI(["nsIAboutModule"]),
  getURIFlags() {
-    return (
-      Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS |
-      Ci.nsIAboutModule.IS_SECURE_CHROME_UI
-    );
+    return Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS;
  },

  newChannel(aURI, aLoadInfo) {
--- a/browser/extensions/webcompat/manifest.json
+++ b/browser/extensions/webcompat/manifest.json
@ -2,7 +2,7 @@
  "manifest_version": 2,
  "name": "Web Compatibility Interventions",
  "description": "Urgent post-release fixes for web compatibility.",
-  "version": "27.5.0",
+  "version": "27.4.0",
  "applications": {
    "gecko": {
      "id": "webcompat@mozilla.org",
--- a/devtools/startup/AboutDebuggingRegistration.jsm
+++ b/devtools/startup/AboutDebuggingRegistration.jsm
@ -29,7 +29,7 @@ AboutDebugging.prototype = {
  },

  getURIFlags: function(uri) {
-    return nsIAboutModule.ALLOW_SCRIPT | nsIAboutModule.IS_SECURE_CHROME_UI;
+    return nsIAboutModule.ALLOW_SCRIPT;
  },

  getChromeURI: function(_uri) {
--- a/devtools/startup/aboutdevtools/AboutDevToolsRegistration.jsm
+++ b/devtools/startup/aboutdevtools/AboutDevToolsRegistration.jsm
@ -29,7 +29,7 @@ AboutDevtools.prototype = {
  },

  getURIFlags: function(uri) {
-    return nsIAboutModule.ALLOW_SCRIPT | nsIAboutModule.IS_SECURE_CHROME_UI;
+    return nsIAboutModule.ALLOW_SCRIPT;
  },

  getChromeURI: function(_uri) {
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@ -65,23 +65,19 @@ class CrashChannel final : public nsBaseChannel {
 static const RedirEntry kRedirMap[] = {
    {"about", "chrome://global/content/aboutAbout.html", 0},
    {"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"buildconfig", "chrome://global/content/buildconfig.html",
-     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
    {"checkerboard", "chrome://global/content/aboutCheckerboard.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT},
 #ifndef MOZ_WIDGET_ANDROID
-    {"config", "chrome://global/content/aboutconfig/aboutconfig.html",
-     nsIAboutModule::IS_SECURE_CHROME_UI},
+    {"config", "chrome://global/content/aboutconfig/aboutconfig.html", 0},
 #else
-    {"config", "chrome://geckoview/content/config.xhtml",
-     nsIAboutModule::IS_SECURE_CHROME_UI},
+    {"config", "chrome://geckoview/content/config.xhtml", 0},
 #endif
 #ifdef MOZ_CRASHREPORTER
-    {"crashes", "chrome://global/content/crashes.html",
-     nsIAboutModule::IS_SECURE_CHROME_UI},
+    {"crashes", "chrome://global/content/crashes.html", 0},
 #endif
    {"credits", "https://www.mozilla.org/credits/",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
@ -91,8 +87,7 @@ static const RedirEntry kRedirMap[] = {
         nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
         nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"license", "chrome://global/content/license.html",
-     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
    {"logo", "chrome://branding/content/about.png",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         // Linkable for testing reasons.
@ -103,8 +98,7 @@ static const RedirEntry kRedirMap[] = {
     nsIAboutModule::ALLOW_SCRIPT |
         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
-         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
    {"mozilla", "chrome://global/content/mozilla.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
    {"neterror", "chrome://global/content/netError.xhtml",
@ -114,12 +108,11 @@ static const RedirEntry kRedirMap[] = {
    {"networking", "chrome://global/content/aboutNetworking.html",
     nsIAboutModule::ALLOW_SCRIPT},
    {"performance", "chrome://global/content/aboutPerformance.html",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"plugins", "chrome://global/content/plugins.html",
-     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
-         nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
    {"processes", "chrome://global/content/aboutProcesses.html",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    // about:serviceworkers always wants to load in the parent process because
    // the only place nsIServiceWorkerManager has any data is in the parent
    // process.
@ -132,7 +125,7 @@ static const RedirEntry kRedirMap[] = {
     nsIAboutModule::ALLOW_SCRIPT},
 #ifndef ANDROID
    {"profiles", "chrome://global/content/aboutProfiles.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
 #endif
    // about:srcdoc is unresolvable by specification.  It is included here
    // because the security manager would disallow srcdoc iframes otherwise.
@ -142,7 +135,7 @@ static const RedirEntry kRedirMap[] = {
         // Needs to be linkable so content can touch its own srcdoc frames
         nsIAboutModule::MAKE_LINKABLE | nsIAboutModule::URI_CAN_LOAD_IN_CHILD},
    {"support", "chrome://global/content/aboutSupport.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
 #ifdef XP_WIN
    {"third-party", "chrome://global/content/aboutThirdParty.html",
     nsIAboutModule::ALLOW_SCRIPT},
@ -152,7 +145,7 @@ static const RedirEntry kRedirMap[] = {
     nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::ALLOW_SCRIPT},
 #endif
    {"telemetry", "chrome://global/content/aboutTelemetry.xhtml",
-     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
+     nsIAboutModule::ALLOW_SCRIPT},
    {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml",
     nsIAboutModule::ALLOW_SCRIPT},
    {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html",
--- a/netwerk/protocol/about/nsAboutCache.cpp
+++ b/netwerk/protocol/about/nsAboutCache.cpp
@ -508,8 +508,7 @@ nsresult nsAboutCache::Channel::FlushBuffer() {

 NS_IMETHODIMP
 nsAboutCache::GetURIFlags(nsIURI* aURI, uint32_t* result) {
-  *result = nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
-            nsIAboutModule::IS_SECURE_CHROME_UI;
+  *result = nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT;
  return NS_OK;
 }

--- a/netwerk/protocol/about/nsIAboutModule.idl
+++ b/netwerk/protocol/about/nsIAboutModule.idl
@ -92,11 +92,6 @@ interface nsIAboutModule : nsISupports
     */
    const unsigned long ALLOW_UNSANITIZED_CONTENT = (1 << 10);

-    /**
-     * A flag that indicates that this about: URI is a secure chrome UI
-     */
-    const unsigned long IS_SECURE_CHROME_UI = (1 << 11);
-
    /**
     * A method to get the flags that apply to a given about: URI.  The URI
     * passed in is guaranteed to be one of the URIs that this module
--- a/toolkit/components/normandy/content/AboutPages.jsm
+++ b/toolkit/components/normandy/content/AboutPages.jsm
@ -108,8 +108,7 @@ XPCOMUtils.defineLazyGetter(AboutPages, "aboutStudies", () => {
    uriFlags:
      Ci.nsIAboutModule.ALLOW_SCRIPT |
      Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT |
-      Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD |
-      Ci.nsIAboutModule.IS_SECURE_CHROME_UI,
+      Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD,
  });

  // Extra methods for about:study-specific behavior.
--- a/toolkit/modules/E10SUtils.jsm
+++ b/toolkit/modules/E10SUtils.jsm
@ -57,6 +57,19 @@ XPCOMUtils.defineLazyServiceGetter(
  "nsIExternalProtocolService"
 );

+function getAboutModule(aURL) {
+  // Needs to match NS_GetAboutModuleName
+  let moduleName = aURL.pathQueryRef.replace(/[#?].*/, "").toLowerCase();
+  let contract = "@mozilla.org/network/protocol/about;1?what=" + moduleName;
+  try {
+    return Cc[contract].getService(Ci.nsIAboutModule);
+  } catch (e) {
+    // Either the about module isn't defined or it is broken. In either case
+    // ignore it.
+    return null;
+  }
+}
+
 function getOriginalReaderModeURI(aURI) {
  try {
    let searchParams = new URLSearchParams(aURI.query);
@ -265,23 +278,6 @@ var E10SUtils = {
  LARGE_ALLOCATION_REMOTE_TYPE,
  FISSION_WEB_REMOTE_TYPE,

-  /**
-   * @param aURI The URI of the about page
-   * @return The instance of the nsIAboutModule related to this uri
-   */
-  getAboutModule(aURL) {
-    // Needs to match NS_GetAboutModuleName
-    let moduleName = aURL.pathQueryRef.replace(/[#?].*/, "").toLowerCase();
-    let contract = "@mozilla.org/network/protocol/about;1?what=" + moduleName;
-    try {
-      return Cc[contract].getService(Ci.nsIAboutModule);
-    } catch (e) {
-      // Either the about module isn't defined or it is broken. In either case
-      // ignore it.
-      return null;
-    }
-  },
-
  useCrossOriginOpenerPolicy() {
    return useCrossOriginOpenerPolicy;
  },
@ -446,7 +442,7 @@ var E10SUtils = {
          : DEFAULT_REMOTE_TYPE;

      case "about":
-        let module = this.getAboutModule(aURI);
+        let module = getAboutModule(aURI);
        // If the module doesn't exist then an error page will be loading, that
        // should be ok to load in any process
        if (!module) {