From 382c9e2410738bdc887a929291a29ff650d7504e Mon Sep 17 00:00:00 2001
From: Gijs Kruitbosch <gijskruitbosch@gmail.com>
Date: Wed, 3 Apr 2019 21:01:19 +0000
Subject: [PATCH] Bug 1528335, r=aswan

Differential Revision: https://phabricator.services.mozilla.com/D25775

--HG--
extra : moz-landing-system : lando
---
 toolkit/components/extensions/parent/ext-management.js |  6 +++++-
 toolkit/mozapps/extensions/AddonManager.jsm            |  6 +++++-
 toolkit/mozapps/extensions/addonManager.js             |  1 +
 toolkit/mozapps/extensions/amWebAPI.jsm                |  1 +
 toolkit/mozapps/extensions/internal/XPIInstall.jsm     | 10 +++++++++-
 5 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/toolkit/components/extensions/parent/ext-management.js b/toolkit/components/extensions/parent/ext-management.js
index f6b5776e3bb8..dac6ddee0945 100644
--- a/toolkit/components/extensions/parent/ext-management.js
+++ b/toolkit/components/extensions/parent/ext-management.js
@@ -201,7 +201,11 @@ this.management = class extends ExtensionAPI {
             source: "extension",
             method: "management-webext-api",
           };
-          let install = await AddonManager.getInstallForURL(url, {hash, telemetryInfo});
+          let install = await AddonManager.getInstallForURL(url, {
+            hash,
+            telemetryInfo,
+            triggeringPrincipal: extension.principal,
+          });
           install.addListener(listener);
           try {
             await install.install();
diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm
index 5a7b9e43a546..6e5ed7d87b12 100644
--- a/toolkit/mozapps/extensions/AddonManager.jsm
+++ b/toolkit/mozapps/extensions/AddonManager.jsm
@@ -1564,6 +1564,8 @@ var AddonManagerInternal = {
    *         An optional placeholder version while the add-on is being downloaded
    * @param  {XULElement} [aOptions.browser]
    *         An optional <browser> element for download permissions prompts.
+   * @param  {nsIPrincipal} [aOptions.triggeringPrincipal]
+   *         The principal which is attempting to install the add-on.
    * @param  {Object} [aOptions.telemetryInfo]
    *         An optional object which provides details about the installation source
    *         included in the addon manager telemetry events.
@@ -2686,7 +2688,7 @@ var AddonManagerInternal = {
         installPromise.catch(() => {});
 
         return {listener, installPromise};
-     };
+      };
 
       try {
         checkInstallUrl(options.url);
@@ -2695,6 +2697,8 @@ var AddonManagerInternal = {
       }
 
       return AddonManagerInternal.getInstallForURL(options.url, {
+        browser: target,
+        triggeringPrincipal: options.triggeringPrincipal,
         hash: options.hash,
         telemetryInfo: {
           source: AddonManager.getInstallSourceFromHost(options.sourceHost),
diff --git a/toolkit/mozapps/extensions/addonManager.js b/toolkit/mozapps/extensions/addonManager.js
index d36666f8d1fd..caafb4dd1f05 100644
--- a/toolkit/mozapps/extensions/addonManager.js
+++ b/toolkit/mozapps/extensions/addonManager.js
@@ -102,6 +102,7 @@ amManager.prototype = {
       name,
       icon,
       browser: aBrowser,
+      triggeringPrincipal,
       telemetryInfo,
       sendCookies: true,
     }).then(aInstall => {
diff --git a/toolkit/mozapps/extensions/amWebAPI.jsm b/toolkit/mozapps/extensions/amWebAPI.jsm
index 8f1173886790..6b06c45a40a2 100644
--- a/toolkit/mozapps/extensions/amWebAPI.jsm
+++ b/toolkit/mozapps/extensions/amWebAPI.jsm
@@ -237,6 +237,7 @@ class WebAPI extends APIObject {
       sourceHost: this.window.document.nodePrincipal.URI &&
         this.window.document.nodePrincipal.URI.host,
     };
+    installOptions.triggeringPrincipal = this.window.document.nodePrincipal;
     return this._apiTask("createInstall", [installOptions], installInfo => {
       if (!installInfo) {
         return null;
diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
index 7c9db4de20f7..8eb584334cee 100644
--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -1803,6 +1803,8 @@ var DownloadAddonInstall = class extends AddonInstall {
    * @param {XULElement} [options.browser]
    *        The browser performing the install, used to display
    *        authentication prompts.
+   * @param {nsIPrincipal} [options.principal]
+   *        The principal to use. If not present, will default to browser.contentPrincipal.
    * @param {string} [options.name]
    *        An optional name for the add-on
    * @param {string} [options.type]
@@ -1820,6 +1822,10 @@ var DownloadAddonInstall = class extends AddonInstall {
     super(installLocation, url, options);
 
     this.browser = options.browser;
+    this.loadingPrincipal =
+      options.triggeringPrincipal ||
+      (this.browser && this.browser.contentPrincipal) ||
+      Services.scriptSecurityManager.getSystemPrincipal();
     this.sendCookies = Boolean(options.sendCookies);
 
     this.state = AddonManager.STATE_AVAILABLE;
@@ -1928,7 +1934,9 @@ var DownloadAddonInstall = class extends AddonInstall {
 
       this.channel = NetUtil.newChannel({
         uri: this.sourceURI,
-        loadUsingSystemPrincipal: true,
+        securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
+        contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
+        loadingPrincipal: this.loadingPrincipal,
       });
       this.channel.notificationCallbacks = this;
       if (this.sendCookies) {