Bug 1622111 - Convert security.data_uri.unique_opaque_origin to static pref and remove ClientPrefs. r=njn

Converts security.data_uri.unique_opaque_origin to a static pref. This pref was initialized by the ClientManager in ClientPrefs, so this commit also removes those files. Somehow this pref was getting added in VarCache twice, so it also removes the places where the pref was added in Networking. Differential Revision: https://phabricator.services.mozilla.com/D67185 --HG-- extra : moz-landing-system : lando
2020-03-18 22:12:20 +00:00 · 2020-03-18 22:12:20 +00:00 · 54ef9a89c8
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -37,6 +37,7 @@
 #include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/StaticPrefs_extensions.h"
 #include "mozilla/StaticPrefs_privacy.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozilla/StaticPrefs_ui.h"
 #include "mozilla/StaticPrefs_fission.h"
 #include "mozilla/StartupTimeline.h"
@ -9873,8 +9874,9 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
        true,  // aInheritForAboutBlank
        isSrcdoc);

-    bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
-                             SchemeIsData(aLoadState->URI());
+    bool isURIUniqueOrigin =
+        StaticPrefs::security_data_uri_unique_opaque_origin() &&
+        SchemeIsData(aLoadState->URI());
    inheritPrincipal = inheritAttrs && !isURIUniqueOrigin;
  }

--- a/dom/base/nsObjectLoadingContent.cpp
+++ b/dom/base/nsObjectLoadingContent.cpp
@ -89,6 +89,7 @@
 #include "mozilla/net/UrlClassifierFeatureFactory.h"
 #include "mozilla/LoadInfo.h"
 #include "mozilla/PresShell.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "nsChannelClassifier.h"
 #include "nsFocusManager.h"
 #include "ReferrerInfo.h"
@ -2276,7 +2277,8 @@ nsresult nsObjectLoadingContent::OpenChannel() {
      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;

  bool isURIUniqueOrigin =
-      nsIOService::IsDataURIUniqueOpaqueOrigin() && mURI->SchemeIs("data");
+      StaticPrefs::security_data_uri_unique_opaque_origin() &&
+      mURI->SchemeIs("data");

  if (inherit && !isURIUniqueOrigin) {
    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
--- a/dom/clients/manager/ClientManager.cpp
+++ b/dom/clients/manager/ClientManager.cpp
@ -9,7 +9,6 @@
 #include "ClientHandle.h"
 #include "ClientManagerChild.h"
 #include "ClientManagerOpChild.h"
-#include "ClientPrefs.h"
 #include "ClientSource.h"
 #include "mozilla/dom/WorkerPrivate.h"
 #include "mozilla/ipc/BackgroundChild.h"
@ -248,8 +247,6 @@ void ClientManager::Startup() {
 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
  sClientManagerThreadLocalIndexDuplicate = sClientManagerThreadLocalIndex;
 #endif
-
-  ClientPrefsInit();
 }

 // static
--- a/dom/clients/manager/ClientPrefs.cpp
+++ b/dom/clients/manager/ClientPrefs.cpp
@ -1,30 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ClientPrefs.h"
-
-#include "mozilla/Preferences.h"
-
-namespace mozilla {
-namespace dom {
-
-namespace {
-
-bool gDataURLUniqueOpaqueOrigin = false;
-
-}  // anonymous namespace
-
-void ClientPrefsInit() {
-  Preferences::AddBoolVarCache(&gDataURLUniqueOpaqueOrigin,
-                               "security.data_uri.unique_opaque_origin", false);
-}
-
-bool ClientPrefsGetDataURLUniqueOpaqueOrigin() {
-  return gDataURLUniqueOpaqueOrigin;
-}
-
-}  // namespace dom
-}  // namespace mozilla
--- a/dom/clients/manager/ClientPrefs.h
+++ b/dom/clients/manager/ClientPrefs.h
@ -1,19 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifndef _mozilla_dom_ClientPrefs_h
-#define _mozilla_dom_ClientPrefs_h
-
-namespace mozilla {
-namespace dom {
-
-void ClientPrefsInit();
-
-bool ClientPrefsGetAllowUniqueOpaqueOrigin();
-
-}  // namespace dom
-}  // namespace mozilla
-
-#endif  // _mozilla_dom_ClientPrefs_h
--- a/dom/clients/manager/ClientValidation.cpp
+++ b/dom/clients/manager/ClientValidation.cpp
@ -6,7 +6,7 @@

 #include "ClientValidation.h"

-#include "ClientPrefs.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozilla/net/MozURL.h"

 namespace mozilla {
@ -111,7 +111,7 @@ bool ClientIsValidCreationURL(const PrincipalInfo& aPrincipalInfo,

      // We have some tests that use data: URL windows without an opaque
      // origin.  This should only happen when a pref is set.
-      if (!ClientPrefsGetDataURLUniqueOpaqueOrigin() &&
+      if (!StaticPrefs::security_data_uri_unique_opaque_origin() &&
          scheme.LowerCaseEqualsLiteral("data")) {
        return true;
      }
@ -135,7 +135,7 @@ bool ClientIsValidCreationURL(const PrincipalInfo& aPrincipalInfo,
             scheme.LowerCaseEqualsLiteral("javascript") ||
             scheme.LowerCaseEqualsLiteral("view-source") ||

-             (!ClientPrefsGetDataURLUniqueOpaqueOrigin() &&
+             (!StaticPrefs::security_data_uri_unique_opaque_origin() &&
              scheme.LowerCaseEqualsLiteral("data"));
    }
    case PrincipalInfo::TNullPrincipalInfo: {
--- a/dom/clients/manager/moz.build
+++ b/dom/clients/manager/moz.build
@ -36,7 +36,6 @@ UNIFIED_SOURCES += [
  'ClientNavigateOpChild.cpp',
  'ClientNavigateOpParent.cpp',
  'ClientOpenWindowUtils.cpp',
-  'ClientPrefs.cpp',
  'ClientPrincipalUtils.cpp',
  'ClientSource.cpp',
  'ClientSourceChild.cpp',
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@ -159,7 +159,7 @@ nsresult ChannelFromScriptURL(

  bool isData = uri->SchemeIs("data");
  bool isURIUniqueOrigin =
-      net::nsIOService::IsDataURIUniqueOpaqueOrigin() && isData;
+      StaticPrefs::security_data_uri_unique_opaque_origin() && isData;
  if (inheritAttrs && !isURIUniqueOrigin) {
    secFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
  }
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -7963,6 +7963,16 @@
  value: 40
  mirror: always

+# TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
+# If true, data: URIs will be treated as unique opaque origins, hence will use
+# a NullPrincipal as the security context.
+# Otherwise it will inherit the origin from parent node, this is the legacy
+# behavior of Firefox.
+- name: security.data_uri.unique_opaque_origin
+  type: bool
+  value: true
+  mirror: always
+
 # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
 # not allowed for Firefox Desktop in firefox.js
 - name: security.allow_parent_unrestricted_js_loads
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -4619,13 +4619,6 @@ pref("dom.maxHardwareConcurrency", 16);
  pref("osfile.reset_worker_delay", 30000);
 #endif

-// TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
-// If true, data: URIs will be treated as unique opaque origins, hence will use
-// a NullPrincipal as the security context.
-// Otherwise it will inherit the origin from parent node, this is the legacy
-// behavior of Firefox.
-pref("security.data_uri.unique_opaque_origin", true);
-
 // If true, all toplevel data: URI navigations will be blocked.
 // Please note that manually entering a data: URI in the
 // URL-Bar will not be blocked when flipping this pref.
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -182,7 +182,6 @@ static const char kProfileDoChange[] = "profile-do-change";
 uint32_t nsIOService::gDefaultSegmentSize = 4096;
 uint32_t nsIOService::gDefaultSegmentCount = 24;

-bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false;
 bool nsIOService::sBlockToplevelDataUriNavigations = false;

 ////////////////////////////////////////////////////////////////////////////////
@ -282,8 +281,6 @@ nsresult nsIOService::Init() {
  } else
    NS_WARNING("failed to get observer service");

-  Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin,
-                               "security.data_uri.unique_opaque_origin", false);
  Preferences::AddBoolVarCache(
      &sBlockToplevelDataUriNavigations,
      "security.data_uri.block_toplevel_data_uri_navigations", false);
@ -1949,11 +1946,6 @@ nsIOService::SpeculativeAnonymousConnect(nsIURI* aURI, nsIPrincipal* aPrincipal,
  return SpeculativeConnectInternal(aURI, aPrincipal, aCallbacks, true);
 }

-/*static*/
-bool nsIOService::IsDataURIUniqueOpaqueOrigin() {
-  return sIsDataURIUniqueOpaqueOrigin;
-}
-
 /*static*/
 bool nsIOService::BlockToplevelDataUriNavigations() {
  return sBlockToplevelDataUriNavigations;
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@ -227,7 +227,6 @@ class nsIOService final : public nsIIOService,
  Mutex mMutex;
  nsTArray<int32_t> mRestrictedPortList;

-  static bool sIsDataURIUniqueOpaqueOrigin;
  static bool sBlockToplevelDataUriNavigations;

  uint32_t mTotalRequests;
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@ -37,6 +37,7 @@
 #include "nsIViewSourceChannel.h"
 #include "nsIOService.h"
 #include "mozilla/dom/WindowGlobalParent.h"
+#include "mozilla/StaticPrefs_security.h"

 mozilla::LazyLogModule gDocumentChannelLog("DocumentChannel");
 #define LOG(fmt) MOZ_LOG(gDocumentChannelLog, mozilla::LogLevel::Verbose, fmt)
@ -268,8 +269,9 @@ already_AddRefed<LoadInfo> DocumentLoadListener::CreateLoadInfo(
        true,  // aInheritForAboutBlank
        isSrcdoc);

-    bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
-                             SchemeIsData(aLoadState->URI());
+    bool isURIUniqueOrigin =
+        StaticPrefs::security_data_uri_unique_opaque_origin() &&
+        SchemeIsData(aLoadState->URI());
    inheritPrincipal = inheritAttrs && !isURIUniqueOrigin;
  }