Bug 1498526 - add in user pref to prevent loading implied triggeringPrincipal loads for dev and nightly builds. r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D8546

--HG--
extra : moz-landing-system : lando

docshell/base/nsDocShell.cpp

@@ -358,6 +358,7 @@ nsDocShell::nsDocShell()
   , mAllowContentRetargeting(true)
   , mAllowContentRetargetingOnChildren(true)
   , mUseErrorPages(false)
+  , mUseStrictSecurityChecks(false)
   , mObserveErrorPages(true)
   , mCSSErrorReportingEnabled(false)
   , mAllowAuth(true)
@@ -4162,6 +4163,9 @@ nsDocShell::LoadURIWithOptions(const nsAString& aURI,
   MOZ_ASSERT(aTriggeringPrincipal, "LoadURIWithOptions: Need a valid triggeringPrincipal");
 #endif
 
+  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
+    return NS_ERROR_FAILURE;
+  }
 
   rv = NS_NewURI(getter_AddRefs(uri), uriString);
   if (uri) {
@@ -4919,6 +4923,9 @@ nsDocShell::Reload(uint32_t aReloadFlags)
     }
 
     MOZ_ASSERT(triggeringPrincipal, "Need a valid triggeringPrincipal");
+    if (mUseStrictSecurityChecks && !triggeringPrincipal) {
+      return NS_ERROR_FAILURE;
+    }
 
     // Stack variables to ensure changes to the member variables don't affect to
     // the call.
@@ -5189,6 +5196,9 @@ nsDocShell::Create()
       Preferences::GetBool("browser.frame.validate_origin", true);
   }
 
+  mUseStrictSecurityChecks = Preferences::GetBool("security.strict_security_checks.enabled",
+                                                  mUseStrictSecurityChecks);
+
   // Should we use XUL error pages instead of alerts if possible?
   mUseErrorPages =
     Preferences::GetBool("browser.xul.error_pages.enabled", mUseErrorPages);
@@ -10382,6 +10392,10 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   // the triggeringPrincipal for TYPE_DOCUMENT loads.
   MOZ_ASSERT(aTriggeringPrincipal, "Need a valid triggeringPrincipal");
 
+  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
+    return NS_ERROR_FAILURE;
+  }
+
   bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
 
   // We want to inherit aPrincipalToInherit when:
@@ -13214,6 +13228,9 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
                             bool aIsUserTriggered,
                             nsIPrincipal* aTriggeringPrincipal)
 {
+  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
+    return NS_ERROR_FAILURE;
+  }
   // Initialize the DocShell / Request
   if (aDocShell) {
     *aDocShell = nullptr;

docshell/base/nsDocShell.h

@@ -1138,6 +1138,7 @@ private: // data members
   bool mAllowContentRetargeting : 1;
   bool mAllowContentRetargetingOnChildren : 1;
   bool mUseErrorPages : 1;
+  bool mUseStrictSecurityChecks : 1;
   bool mObserveErrorPages : 1;
   bool mCSSErrorReportingEnabled : 1;
   bool mAllowAuth : 1;

modules/libpref/init/all.js

@@ -2663,6 +2663,14 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);
 
+// If set to true strict checks will happen on the triggering principal for loads.
+// Android is disabled at the moment pending Bug 1504968
+#if !defined(RELEASE_OR_BETA) && !defined(ANDROID)
+pref("security.strict_security_checks.enabled", true);
+#else
+pref("security.strict_security_checks.enabled", false);
+#endif
+
 // Remote settings preferences
 pref("services.settings.poll_interval", 86400); // 24H
 pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");