diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 6f7525a015eb..39ba8a200703 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5122,7 +5122,7 @@ nsBrowserAccess.prototype = {
return browser;
},
- openURI(aURI, aOpener, aWhere, aFlags) {
+ openURI(aURI, aOpener, aWhere, aFlags, aTriggeringPrincipal) {
// This function should only ever be called if we're opening a URI
// from a non-remote browser window (via nsContentTreeOwner).
if (aOpener && Cu.isCrossProcessWrapper(aOpener)) {
@@ -5154,11 +5154,9 @@ nsBrowserAccess.prototype = {
}
let referrer = aOpener ? makeURI(aOpener.location.href) : null;
- let triggeringPrincipal = null;
let referrerPolicy = Ci.nsIHttpChannel.REFERRER_POLICY_UNSET;
if (aOpener && aOpener.document) {
referrerPolicy = aOpener.document.referrerPolicy;
- triggeringPrincipal = aOpener.document.nodePrincipal;
}
let isPrivate = aOpener
? PrivateBrowsingUtils.isContentWindowPrivate(aOpener)
@@ -5192,7 +5190,7 @@ nsBrowserAccess.prototype = {
let browser = this._openURIInNewTab(aURI, referrer, referrerPolicy,
isPrivate, isExternal,
forceNotRemote, userContextId,
- openerWindow, triggeringPrincipal);
+ openerWindow, aTriggeringPrincipal);
if (browser)
newWindow = browser.contentWindow;
break;
@@ -5203,7 +5201,7 @@ nsBrowserAccess.prototype = {
Ci.nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL :
Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
gBrowser.loadURIWithFlags(aURI.spec, {
- triggeringPrincipal,
+ aTriggeringPrincipal,
flags: loadflags,
referrerURI: referrer,
referrerPolicy,
diff --git a/browser/base/content/test/general/browser_bug520538.js b/browser/base/content/test/general/browser_bug520538.js
index 41350d80d4d9..90af476cb0d2 100644
--- a/browser/base/content/test/general/browser_bug520538.js
+++ b/browser/base/content/test/general/browser_bug520538.js
@@ -4,7 +4,8 @@ function test() {
window.browserDOMWindow.openURI(makeURI("about:blank"),
null,
Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
- Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL);
+ Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL,
+ Services.scriptSecurityManager.getSystemPrincipal());
is(gBrowser.tabs.length, tabCount + 1,
"'--new-tab about:blank' opens a new tab");
is(gBrowser.selectedTab, gBrowser.tabs[tabCount],
diff --git a/browser/base/content/test/general/browser_bug537474.js b/browser/base/content/test/general/browser_bug537474.js
index b7354aafc07b..d07d255dabf7 100644
--- a/browser/base/content/test/general/browser_bug537474.js
+++ b/browser/base/content/test/general/browser_bug537474.js
@@ -1,7 +1,8 @@
add_task(async function() {
let browserLoadedPromise = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
window.browserDOMWindow.openURI(makeURI("about:"), null,
- Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, null)
+ Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, null,
+ Services.scriptSecurityManager.getSystemPrincipal())
await browserLoadedPromise;
is(gBrowser.currentURI.spec, "about:", "page loads in the current content window");
});
diff --git a/browser/base/content/test/urlbar/browser_bug562649.js b/browser/base/content/test/urlbar/browser_bug562649.js
index f113a3344176..cbacd8338742 100644
--- a/browser/base/content/test/urlbar/browser_bug562649.js
+++ b/browser/base/content/test/urlbar/browser_bug562649.js
@@ -3,7 +3,8 @@ function test() {
window.browserDOMWindow.openURI(makeURI(URI),
null,
Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
- Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL);
+ Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL,
+ Services.scriptSecurityManager.getSystemPrincipal());
is(gBrowser.userTypedValue, URI, "userTypedValue matches test URI");
is(gURLBar.value, URI, "location bar value matches test URI");
diff --git a/browser/components/nsBrowserContentHandler.js b/browser/components/nsBrowserContentHandler.js
index 5032919526a4..830033ccc7c3 100644
--- a/browser/components/nsBrowserContentHandler.js
+++ b/browser/components/nsBrowserContentHandler.js
@@ -343,7 +343,8 @@ nsBrowserContentHandler.prototype = {
try {
while ((uriparam = cmdLine.handleFlagWithParam("new-tab", false))) {
let uri = resolveURIInternal(cmdLine, uriparam);
- handURIToExistingBrowser(uri, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine);
+ handURIToExistingBrowser(uri, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, false,
+ Services.scriptSecurityManager.getSystemPrincipal());
cmdLine.preventDefault = true;
}
} catch (e) {
@@ -391,7 +392,8 @@ nsBrowserContentHandler.prototype = {
var privateWindowParam = cmdLine.handleFlagWithParam("private-window", false);
if (privateWindowParam) {
let resolvedURI = resolveURIInternal(cmdLine, privateWindowParam);
- handURIToExistingBrowser(resolvedURI, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, true);
+ handURIToExistingBrowser(resolvedURI, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, true,
+ Services.scriptSecurityManager.getSystemPrincipal());
cmdLine.preventDefault = true;
}
} catch (e) {
@@ -607,8 +609,8 @@ nsBrowserContentHandler.prototype = {
}
request.QueryInterface(nsIChannel);
- handURIToExistingBrowser(request.URI,
- nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, null);
+ handURIToExistingBrowser(request.URI, nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, null, false,
+ request.loadInfo.triggeringPrincipal);
request.cancel(NS_BINDING_ABORTED);
},
@@ -642,7 +644,7 @@ nsBrowserContentHandler.prototype = {
};
var gBrowserContentHandler = new nsBrowserContentHandler();
-function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate) {
+function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate, triggeringPrincipal) {
if (!shouldLoadURI(uri))
return;
@@ -667,7 +669,7 @@ function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate) {
.getInterface(nsIDOMWindow);
var bwin = rootWin.QueryInterface(nsIDOMChromeWindow).browserDOMWindow;
bwin.openURI(uri, null, location,
- nsIBrowserDOMWindow.OPEN_EXTERNAL);
+ nsIBrowserDOMWindow.OPEN_EXTERNAL, triggeringPrincipal);
}
function nsDefaultCommandLineHandler() {
@@ -742,7 +744,8 @@ nsDefaultCommandLineHandler.prototype = {
// Try to find an existing window and load our URI into the
// current tab, new tab, or new window as prefs determine.
try {
- handURIToExistingBrowser(urilist[0], nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, cmdLine);
+ handURIToExistingBrowser(urilist[0], nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, cmdLine, false,
+ Services.scriptSecurityManager.getSystemPrincipal());
return;
} catch (e) {
}
diff --git a/devtools/client/responsive.html/browser/tunnel.js b/devtools/client/responsive.html/browser/tunnel.js
index eb1c7fd6a78e..e4e2ebb9c1a3 100644
--- a/devtools/client/responsive.html/browser/tunnel.js
+++ b/devtools/client/responsive.html/browser/tunnel.js
@@ -241,13 +241,18 @@ function tunnelToInnerBrowser(outer, inner) {
let { detail } = event;
event.preventDefault();
let uri = Services.io.newURI(detail.url);
+ let sourceNode = event.dataTransfer.mozSourceNode;
+ let triggeringPrincipal = sourceNode
+ ? sourceNode.nodePrincipal
+ : Services.scriptSecurityManager.getSystemPrincipal();
// This API is used mainly because it's near the path used for with
// regular browser tabs (which calls `openURIInFrame`). The more elaborate APIs
// that support openers, window features, etc. didn't seem callable from JS and / or
// this event doesn't give enough info to use them.
browserWindow.browserDOMWindow
.openURI(uri, null, Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
- Ci.nsIBrowserDOMWindow.OPEN_NEW);
+ Ci.nsIBrowserDOMWindow.OPEN_NEW,
+ triggeringPrincipal);
},
stop() {
diff --git a/dom/interfaces/base/nsIBrowserDOMWindow.idl b/dom/interfaces/base/nsIBrowserDOMWindow.idl
index 2ebad4080608..29142f8a17d6 100644
--- a/dom/interfaces/base/nsIBrowserDOMWindow.idl
+++ b/dom/interfaces/base/nsIBrowserDOMWindow.idl
@@ -99,11 +99,12 @@ interface nsIBrowserDOMWindow : nsISupports
* @param aFlags flags which control the behavior of the load. The
* OPEN_EXTERNAL/OPEN_NEW flag is only used when
* aWhere == OPEN_DEFAULTWINDOW.
+ * @param aTriggeringPrincipal the principal that triggered the load of aURI
* @return the window into which the URI was opened.
*/
mozIDOMWindowProxy
openURI(in nsIURI aURI, in mozIDOMWindowProxy aOpener,
- in short aWhere, in long aFlags);
+ in short aWhere, in long aFlags, in nsIPrincipal aTriggeringPrincipal);
/**
* As above, but return the nsIFrameLoaderOwner for the new window.
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
index 62aacdec9fb6..1d496d83d522 100644
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -4650,6 +4650,7 @@ ContentParent::CommonCreateWindow(PBrowserParent* aThisTab,
aResult = newBrowserDOMWin->OpenURI(aURIToLoad, openerWindow,
nsIBrowserDOMWindow::OPEN_CURRENTWINDOW,
nsIBrowserDOMWindow::OPEN_NEW,
+ aTriggeringPrincipal,
getter_AddRefs(win));
}
diff --git a/dom/workers/ServiceWorkerClients.cpp b/dom/workers/ServiceWorkerClients.cpp
index a9b8c6efe5e4..7ca5b59da97e 100644
--- a/dom/workers/ServiceWorkerClients.cpp
+++ b/dom/workers/ServiceWorkerClients.cpp
@@ -754,10 +754,14 @@ private:
return NS_ERROR_FAILURE;
}
+ nsCOMPtr triggeringPrincipal = workerPrivate->GetPrincipal();
+ MOZ_DIAGNOSTIC_ASSERT(triggeringPrincipal);
+
nsCOMPtr win;
rv = bwin->OpenURI(uri, nullptr,
nsIBrowserDOMWindow::OPEN_DEFAULTWINDOW,
nsIBrowserDOMWindow::OPEN_NEW,
+ triggeringPrincipal,
getter_AddRefs(win));
if (NS_WARN_IF(NS_FAILED(rv))) {
return rv;
diff --git a/toolkit/xre/nsNativeAppSupportWin.cpp b/toolkit/xre/nsNativeAppSupportWin.cpp
index 99aae750824f..8c97a7d02078 100644
--- a/toolkit/xre/nsNativeAppSupportWin.cpp
+++ b/toolkit/xre/nsNativeAppSupportWin.cpp
@@ -6,6 +6,7 @@
#include "nsNativeAppSupportBase.h"
#include "nsNativeAppSupportWin.h"
#include "nsAppRunner.h"
+#include "nsContentUtils.h"
#include "nsXULAppAPI.h"
#include "nsString.h"
#include "nsIBrowserDOMWindow.h"
@@ -1463,6 +1464,7 @@ nsNativeAppSupportWin::OpenBrowserWindow()
rv = bwin->OpenURI( uri, 0,
nsIBrowserDOMWindow::OPEN_DEFAULTWINDOW,
nsIBrowserDOMWindow::OPEN_EXTERNAL,
+ nsContentUtils::GetSystemPrincipal(),
getter_AddRefs( container ) );
if ( NS_SUCCEEDED( rv ) )
return NS_OK;
diff --git a/uriloader/exthandler/nsWebHandlerApp.js b/uriloader/exthandler/nsWebHandlerApp.js
index ccffbb5458a6..b8e92b03774e 100644
--- a/uriloader/exthandler/nsWebHandlerApp.js
+++ b/uriloader/exthandler/nsWebHandlerApp.js
@@ -12,6 +12,7 @@ const Cu = Components.utils;
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
Cu.import("resource://gre/modules/NetUtil.jsm");
+Cu.import('resource://gre/modules/Services.jsm');
////////////////////////////////////////////////////////////////////////////////
//// nsWebHandler class
@@ -143,7 +144,8 @@ nsWebHandlerApp.prototype = {
browserDOMWin.openURI(uriToSend,
null, // no window.opener
Ci.nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW,
- Ci.nsIBrowserDOMWindow.OPEN_NEW);
+ Ci.nsIBrowserDOMWindow.OPEN_NEW,
+ Services.scriptSecurityManager.getSystemPrincipal());
return;
},
diff --git a/xpfe/appshell/nsContentTreeOwner.cpp b/xpfe/appshell/nsContentTreeOwner.cpp
index 1a73de11a5df..546eaa3850a8 100644
--- a/xpfe/appshell/nsContentTreeOwner.cpp
+++ b/xpfe/appshell/nsContentTreeOwner.cpp
@@ -35,6 +35,7 @@
#include "nsIMIMEInfo.h"
#include "nsIWidget.h"
#include "nsWindowWatcher.h"
+#include "NullPrincipal.h"
#include "mozilla/BrowserElementParent.h"
#include "nsIDOMDocument.h"
@@ -923,13 +924,15 @@ nsContentTreeOwner::ProvideWindow(mozIDOMWindowProxy* aParent,
}
// Get a new rendering area from the browserDOMWin. We don't want
- // to be starting any loads here, so get it with a null URI.
+ // to be starting any loads here, so get it with a null URI. Since/
+ // we are not loading any URI, we follow the principle of least privlege
+ // and use a nullPrincipal as the triggeringPrincipal.
//
// This method handles setting the opener for us, so we don't need to set it
// ourselves.
- return browserDOMWin->OpenURI(nullptr, aParent,
- openLocation,
- flags, aReturn);
+ RefPtr nullPrincipal = NullPrincipal::Create();
+ return browserDOMWin->OpenURI(nullptr, aParent, openLocation,
+ flags, nullPrincipal, aReturn);
}
}