зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1492607 - Part 1: Making postMessage to be aware of OAs when the targetOrigin is "*." r=arthuredelstein,baku
This patch adds a MOZ_DIAGNOSTIC_ASSERT for assuring the OAs are matching when the targetOrigin is "*" for the postMessage(). But it ignores the FPD in OA since the FPDs are possible to be different. We also add a new pref 'privacy.firstparty.isolate.block_post_message' for allowing blocking postMessage across different FPDs. Differential Revision: https://phabricator.services.mozilla.com/D8521 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
e112c58ef4
Коммит
15c3ab7c9c
|
@ -19,6 +19,7 @@ using dom::URLParams;
|
|||
|
||||
bool OriginAttributes::sFirstPartyIsolation = false;
|
||||
bool OriginAttributes::sRestrictedOpenerAccess = false;
|
||||
bool OriginAttributes::sBlockPostMessageForFPI = false;
|
||||
|
||||
void
|
||||
OriginAttributes::InitPrefs()
|
||||
|
@ -31,6 +32,8 @@ OriginAttributes::InitPrefs()
|
|||
"privacy.firstparty.isolate");
|
||||
Preferences::AddBoolVarCache(&sRestrictedOpenerAccess,
|
||||
"privacy.firstparty.isolate.restrict_opener_access");
|
||||
Preferences::AddBoolVarCache(&sBlockPostMessageForFPI,
|
||||
"privacy.firstparty.isolate.block_post_message");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -61,6 +61,14 @@ public:
|
|||
return !(*this == aOther);
|
||||
}
|
||||
|
||||
MOZ_MUST_USE bool EqualsIgnoringFPD(const OriginAttributes& aOther) const
|
||||
{
|
||||
return mAppId == aOther.mAppId &&
|
||||
mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
|
||||
mUserContextId == aOther.mUserContextId &&
|
||||
mPrivateBrowsingId == aOther.mPrivateBrowsingId;
|
||||
}
|
||||
|
||||
// Serializes/Deserializes non-default values into the suffix format, i.e.
|
||||
// |!key1=value1&key2=value2|. If there are no non-default attributes, this
|
||||
// returns an empty string.
|
||||
|
@ -96,6 +104,13 @@ public:
|
|||
return !sFirstPartyIsolation || sRestrictedOpenerAccess;
|
||||
}
|
||||
|
||||
// Check whether we block the postMessage across different FPDs when the
|
||||
// targetOrigin is '*'.
|
||||
static inline MOZ_MUST_USE bool IsBlockPostMessageForFPI()
|
||||
{
|
||||
return sFirstPartyIsolation && sBlockPostMessageForFPI;
|
||||
}
|
||||
|
||||
// returns true if the originAttributes suffix has mPrivateBrowsingId value
|
||||
// different than 0.
|
||||
static bool IsPrivateBrowsing(const nsACString& aOrigin);
|
||||
|
@ -105,6 +120,7 @@ public:
|
|||
private:
|
||||
static bool sFirstPartyIsolation;
|
||||
static bool sRestrictedOpenerAccess;
|
||||
static bool sBlockPostMessageForFPI;
|
||||
};
|
||||
|
||||
class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary
|
||||
|
|
|
@ -5784,6 +5784,22 @@ nsGlobalWindowOuter::PostMessageMozOuter(JSContext* aCx, JS::Handle<JS::Value> a
|
|||
if (NS_WARN_IF(!providedPrincipal)) {
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
// We still need to check the originAttributes if the target origin is '*'.
|
||||
// But we will ingore the FPD here since the FPDs are possible to be different.
|
||||
auto principal = BasePrincipal::Cast(GetPrincipal());
|
||||
NS_ENSURE_TRUE_VOID(principal);
|
||||
|
||||
OriginAttributes targetAttrs = principal->OriginAttributesRef();
|
||||
OriginAttributes sourceAttrs = aSubjectPrincipal.OriginAttributesRef();
|
||||
MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.EqualsIgnoringFPD(targetAttrs));
|
||||
|
||||
// If 'privacy.firstparty.isolate.block_post_message' is true, we will block
|
||||
// postMessage across different first party domains.
|
||||
if (OriginAttributes::IsBlockPostMessageForFPI() &&
|
||||
sourceAttrs.mFirstPartyDomain != targetAttrs.mFirstPartyDomain) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Create and asynchronously dispatch a runnable which will handle actual DOM
|
||||
|
|
Загрузка…
Ссылка в новой задаче