Bug 1319773 - Part 2: Add a pref 'privacy.firstparty.isolate.restrict_opener_access' which controls the access of window.opener for different first party domain. r=baku

--HG-- extra : rebase_source : 052dfb3554ba050af85247bcf2587ade26710aac
2017-01-23 10:50:22 +08:00 · 2017-01-23 10:50:22 +08:00 · 4e31b183a6
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -534,7 +534,8 @@ pref("privacy.sanitize.migrateFx3Prefs",    false);

 pref("privacy.panicButton.enabled",         true);

-pref("privacy.firstparty.isolate",          false);
+pref("privacy.firstparty.isolate",                        false);
+pref("privacy.firstparty.isolate.restrict_opener_access", true);

 // Time until temporary permissions expire, in ms
 pref("privacy.temporary_permission_expire_time_ms",  3600000);
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@ -284,6 +284,31 @@ OriginAttributes::IsFirstPartyEnabled()
  return sFirstPartyIsolation;
 }

+/* static */
+bool
+OriginAttributes::IsRestrictOpenerAccessForFPI()
+{
+  bool isFirstPartyEnabled = IsFirstPartyEnabled();
+
+  // Cache the privacy.firstparty.isolate.restrict_opener_access pref.
+  static bool sRestrictedOpenerAccess = false;
+  static bool sCachedRestrictedAccessPref = false;
+  if (!sCachedRestrictedAccessPref) {
+    MOZ_ASSERT(NS_IsMainThread());
+    sCachedRestrictedAccessPref = true;
+    Preferences::AddBoolVarCache(&sRestrictedOpenerAccess,
+                                 "privacy.firstparty.isolate.restrict_opener_access");
+  }
+
+  // We always want to restrict window.opener if first party isolation is
+  // disabled.
+  if (!isFirstPartyEnabled) {
+    return true;
+  }
+
+  return isFirstPartyEnabled && sRestrictedOpenerAccess;
+}
+
 /* static */
 bool
 OriginAttributes::IsPrivateBrowsing(const nsACString& aOrigin)
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@ -103,6 +103,11 @@ public:
  // check if "privacy.firstparty.isolate" is enabled.
  static bool IsFirstPartyEnabled();

+  // check if the access of window.opener across different FPDs is restricted.
+  // We only restrict the access of window.opener when first party isolation
+  // is enabled and "privacy.firstparty.isolate.restrict_opener_access" is on.
+  static bool IsRestrictOpenerAccessForFPI();
+
  // returns true if the originAttributes suffix has mPrivateBrowsingId value
  // different than 0.
  static bool IsPrivateBrowsing(const nsACString& aOrigin);