Bug 1533877 - Frame navigations should check their parent's Cross-Origin policy r=nika

Differential Revision: https://phabricator.services.mozilla.com/D32972

--HG--
extra : moz-landing-system : lando

docshell/base/BrowsingContext.cpp

@@ -116,11 +116,13 @@ already_AddRefed<BrowsingContext> BrowsingContext::Create(
   // using transactions to set them, as we haven't been attached yet.
   context->mName = aName;
   context->mOpenerId = aOpener ? aOpener->Id() : 0;
+  context->mCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
+  context->mInheritedCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
 
   BrowsingContext* inherit = aParent ? aParent : aOpener;
   if (inherit) {
     context->mOpenerPolicy = inherit->mOpenerPolicy;
-    context->mCrossOriginPolicy = inherit->mCrossOriginPolicy;
+    context->mInheritedCrossOriginPolicy = inherit->mCrossOriginPolicy;
   }
 
   Register(context);

docshell/base/BrowsingContextFieldList.h

@@ -17,6 +17,7 @@
 MOZ_BC_FIELD_RACY(Name, nsString)
 MOZ_BC_FIELD_RACY(Closed, bool)
 MOZ_BC_FIELD(CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
+MOZ_BC_FIELD(InheritedCrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
 MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy)
 
 // The current opener for this BrowsingContext. This is a weak reference, and

netwerk/protocol/http/nsHttpChannel.cpp

@@ -7517,7 +7517,8 @@ nsresult nsHttpChannel::ProcessCrossOriginHeader() {
     return NS_OK;
   }
 
-  nsILoadInfo::CrossOriginPolicy documentPolicy = ctx->GetCrossOriginPolicy();
+  nsILoadInfo::CrossOriginPolicy documentPolicy =
+      ctx->GetInheritedCrossOriginPolicy();
   nsILoadInfo::CrossOriginPolicy resultPolicy =
       nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
   rv = GetResponseCrossOriginPolicy(&resultPolicy);

testing/web-platform/tests/html/cross-origin/null.tentative.html

@@ -23,13 +23,13 @@ async_test(t => {
   });
   t.step_timeout(() => {
     assert_equals(firstNavOk, true, "The initial load should work");
-    assert_equals(frame.contentDocument, null, "Navigation to null policy should fail");
+    assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail");
     t.done();
   }, 500);
   frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html";
   document.body.append(frame);
   assert_equals(frame.contentDocument.body.localName, "body");
-}, "Top-level with null policy: navigating a frame from use-credentials policy to a null policy should fail.");
+}, "Top-level with null policy: parent policy should apply to frame navigation from use-credentials policy to a null. Should succeed.");
 
 async_test(t => {
   const frame = document.createElement("iframe");
@@ -40,13 +40,13 @@ async_test(t => {
   });
   t.step_timeout(() => {
     assert_equals(firstNavOk, true, "The initial load should work");
-    assert_equals(frame.contentDocument, null, "Navigation to null policy should fail");
+    assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail");
     t.done();
   }, 500);
   frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html";
   document.body.append(frame);
   assert_equals(frame.contentDocument.body.localName, "body");
-}, "Top-level with null policy: navigating a frame from anonymous policy to a null policy should fail.");
+}, "Top-level with null policy: parent policy should apply to frame navigation from anonymous policy to a null. Should succeed.");
 
 async_test(t => {
   let w = window.open(`resources/navigate_null.sub.html?to=navigate_anonymous.sub.html`, "window_name");