зеркало из https://github.com/mozilla/gecko-dev.git
Backed out 1 changesets (bug 1410364)
Backed out changeset 681fece780ae (bug 1410364) for failing in /secure-contexts/basic-popup-and-iframe-tests.html r=backout a=backout on a CLOSED TREE
This commit is contained in:
Родитель
f5b434a433
Коммит
6d2a972dfe
|
@ -584,6 +584,7 @@ nsGlobalWindowInner::nsGlobalWindowInner(nsGlobalWindowOuter *aOuterWindow)
|
|||
mInClose(false),
|
||||
mHavePendingClose(false),
|
||||
mHadOriginalOpener(false),
|
||||
mOriginalOpenerWasSecureContext(false),
|
||||
mIsPopupSpam(false),
|
||||
mBlockScriptedClosingFlag(false),
|
||||
mWasOffline(false),
|
||||
|
@ -2054,6 +2055,12 @@ nsPIDOMWindowInner::IsSecureContext() const
|
|||
return nsGlobalWindowInner::Cast(this)->IsSecureContext();
|
||||
}
|
||||
|
||||
bool
|
||||
nsPIDOMWindowInner::IsSecureContextIfOpenerIgnored() const
|
||||
{
|
||||
return nsGlobalWindowInner::Cast(this)->IsSecureContextIfOpenerIgnored();
|
||||
}
|
||||
|
||||
void
|
||||
nsPIDOMWindowInner::Suspend()
|
||||
{
|
||||
|
@ -7400,6 +7407,14 @@ nsGlobalWindowInner::IsSecureContext() const
|
|||
return JS_GetIsSecureContext(js::GetObjectCompartment(GetWrapperPreserveColor()));
|
||||
}
|
||||
|
||||
bool
|
||||
nsGlobalWindowInner::IsSecureContextIfOpenerIgnored() const
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(IsInnerWindow());
|
||||
|
||||
return mIsSecureContextIfOpenerIgnored;
|
||||
}
|
||||
|
||||
already_AddRefed<External>
|
||||
nsGlobalWindowInner::GetExternal(ErrorResult& aRv)
|
||||
{
|
||||
|
|
|
@ -760,6 +760,7 @@ public:
|
|||
|
||||
// https://w3c.github.io/webappsec-secure-contexts/#dom-window-issecurecontext
|
||||
bool IsSecureContext() const;
|
||||
bool IsSecureContextIfOpenerIgnored() const;
|
||||
|
||||
void GetSidebar(mozilla::dom::OwningExternalOrWindowProxy& aResult,
|
||||
mozilla::ErrorResult& aRv);
|
||||
|
@ -1370,6 +1371,8 @@ protected:
|
|||
// event posted. If this is set, just ignore window.close() calls.
|
||||
bool mHavePendingClose : 1;
|
||||
bool mHadOriginalOpener : 1;
|
||||
bool mOriginalOpenerWasSecureContext : 1;
|
||||
bool mIsSecureContextIfOpenerIgnored : 1;
|
||||
bool mIsPopupSpam : 1;
|
||||
|
||||
// Indicates whether scripts are allowed to close this window.
|
||||
|
|
|
@ -628,6 +628,7 @@ nsGlobalWindowOuter::nsGlobalWindowOuter()
|
|||
mInClose(false),
|
||||
mHavePendingClose(false),
|
||||
mHadOriginalOpener(false),
|
||||
mOriginalOpenerWasSecureContext(false),
|
||||
mIsPopupSpam(false),
|
||||
mBlockScriptedClosingFlag(false),
|
||||
mWasOffline(false),
|
||||
|
@ -1560,7 +1561,15 @@ nsGlobalWindowOuter::ComputeIsSecureContext(nsIDocument* aDocument, SecureContex
|
|||
MOZ_ASSERT(parentWin ==
|
||||
nsGlobalWindowInner::Cast(parentOuterWin->GetCurrentInnerWindow()),
|
||||
"Creator window mismatch while setting Secure Context state");
|
||||
hadNonSecureContextCreator = !parentWin->IsSecureContext();
|
||||
if (aFlags != SecureContextFlags::eIgnoreOpener) {
|
||||
hadNonSecureContextCreator = !parentWin->IsSecureContext();
|
||||
} else {
|
||||
hadNonSecureContextCreator = !parentWin->IsSecureContextIfOpenerIgnored();
|
||||
}
|
||||
} else if (mHadOriginalOpener) {
|
||||
if (aFlags != SecureContextFlags::eIgnoreOpener) {
|
||||
hadNonSecureContextCreator = !mOriginalOpenerWasSecureContext;
|
||||
}
|
||||
}
|
||||
|
||||
if (hadNonSecureContextCreator) {
|
||||
|
@ -1772,6 +1781,8 @@ nsGlobalWindowOuter::SetNewDocument(nsIDocument* aDocument,
|
|||
NS_ASSERTION(NS_SUCCEEDED(rv) && newInnerGlobal &&
|
||||
newInnerWindow->GetWrapperPreserveColor() == newInnerGlobal,
|
||||
"Failed to get script global");
|
||||
newInnerWindow->mIsSecureContextIfOpenerIgnored =
|
||||
ComputeIsSecureContext(aDocument, SecureContextFlags::eIgnoreOpener);
|
||||
|
||||
mCreatingInnerWindow = false;
|
||||
createdInnerWindow = true;
|
||||
|
@ -2232,6 +2243,8 @@ nsGlobalWindowOuter::SetOpenerWindow(nsPIDOMWindowOuter* aOpener,
|
|||
MOZ_ASSERT(!mHadOriginalOpener,
|
||||
"Probably too late to call ComputeIsSecureContext again");
|
||||
mHadOriginalOpener = true;
|
||||
mOriginalOpenerWasSecureContext =
|
||||
aOpener->GetCurrentInnerWindow()->IsSecureContext();
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
|
|
|
@ -1191,6 +1191,8 @@ protected:
|
|||
// event posted. If this is set, just ignore window.close() calls.
|
||||
bool mHavePendingClose : 1;
|
||||
bool mHadOriginalOpener : 1;
|
||||
bool mOriginalOpenerWasSecureContext : 1;
|
||||
bool mIsSecureContextIfOpenerIgnored : 1;
|
||||
bool mIsPopupSpam : 1;
|
||||
|
||||
// Indicates whether scripts are allowed to close this window.
|
||||
|
|
|
@ -863,6 +863,7 @@ public:
|
|||
* Check whether this window is a secure context.
|
||||
*/
|
||||
bool IsSecureContext() const;
|
||||
bool IsSecureContextIfOpenerIgnored() const;
|
||||
|
||||
// Calling suspend should prevent any asynchronous tasks from
|
||||
// executing javascript for this window. This means setTimeout,
|
||||
|
|
|
@ -1195,7 +1195,7 @@ Geolocation::ShouldBlockInsecureRequests() const
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!nsGlobalWindowInner::Cast(win)->IsSecureContext()) {
|
||||
if (!nsGlobalWindowInner::Cast(win)->IsSecureContextIfOpenerIgnored()) {
|
||||
nsContentUtils::ReportToConsole(nsIScriptError::errorFlag,
|
||||
NS_LITERAL_CSTRING("DOM"), doc,
|
||||
nsContentUtils::eDOM_PROPERTIES,
|
||||
|
|
|
@ -491,6 +491,19 @@ dictionary IdleRequestOptions {
|
|||
|
||||
callback IdleRequestCallback = void (IdleDeadline deadline);
|
||||
|
||||
/**
|
||||
* Similar to |isSecureContext|, but doesn't pay attention to whether the
|
||||
* window's opener (if any) is a secure context or not.
|
||||
*
|
||||
* WARNING: Do not use this unless you are familiar with the issues that
|
||||
* taking opener state into account is designed to address (or else you may
|
||||
* introduce security issues). If in doubt, use |isSecureContext|. In
|
||||
* particular do not use this to gate access to JavaScript APIs.
|
||||
*/
|
||||
partial interface Window {
|
||||
[ChromeOnly] readonly attribute boolean isSecureContextIfOpenerIgnored;
|
||||
};
|
||||
|
||||
partial interface Window {
|
||||
/**
|
||||
* Returns a list of locales that the internationalization components
|
||||
|
|
|
@ -29,6 +29,17 @@ XPCOMUtils.defineLazyGetter(this, "log", () => {
|
|||
/*
|
||||
* A module that provides utility functions for form security.
|
||||
*
|
||||
* Note:
|
||||
* This module uses isSecureContextIfOpenerIgnored instead of isSecureContext.
|
||||
*
|
||||
* We don't want to expose JavaScript APIs in a non-Secure Context even if
|
||||
* the context is only insecure because the windows has an insecure opener.
|
||||
* Doing so prevents sites from implementing postMessage workarounds to enable
|
||||
* an insecure opener to gain access to Secure Context-only APIs. However,
|
||||
* in the case of form fields such as password fields we don't need to worry
|
||||
* about whether the opener is secure or not. In fact to flag a password
|
||||
* field as insecure in such circumstances would unnecessarily confuse our
|
||||
* users.
|
||||
*/
|
||||
this.InsecurePasswordUtils = {
|
||||
_formRootsWarned: new WeakMap(),
|
||||
|
@ -109,7 +120,8 @@ this.InsecurePasswordUtils = {
|
|||
* @return {boolean} whether the form is secure
|
||||
*/
|
||||
isFormSecure(aForm) {
|
||||
let isSafePage = aForm.ownerDocument.defaultView.isSecureContext;
|
||||
// Ignores window.opener, see top level documentation.
|
||||
let isSafePage = aForm.ownerDocument.defaultView.isSecureContextIfOpenerIgnored;
|
||||
|
||||
// Ignore insecure documents with URLs that are local IP addresses.
|
||||
// This is done because the vast majority of routers and other devices
|
||||
|
@ -144,7 +156,8 @@ this.InsecurePasswordUtils = {
|
|||
}
|
||||
|
||||
let domDoc = aForm.ownerDocument;
|
||||
let isSafePage = domDoc.defaultView.isSecureContext;
|
||||
// Ignores window.opener, see top level documentation.
|
||||
let isSafePage = domDoc.defaultView.isSecureContextIfOpenerIgnored;
|
||||
|
||||
let { isFormSubmitHTTP, isFormSubmitSecure } = this._checkFormSecurity(aForm);
|
||||
|
||||
|
|
|
@ -492,7 +492,9 @@ var LoginManagerContent = {
|
|||
let hasInsecureLoginForms = (thisWindow) => {
|
||||
let doc = thisWindow.document;
|
||||
let hasLoginForm = this.stateForDocument(doc).loginFormRootElements.size > 0;
|
||||
return (hasLoginForm && !thisWindow.isSecureContext) ||
|
||||
// Ignores window.opener, because it's not relevant for indicating
|
||||
// form security. See InsecurePasswordUtils docs for details.
|
||||
return (hasLoginForm && !thisWindow.isSecureContextIfOpenerIgnored) ||
|
||||
Array.some(thisWindow.frames,
|
||||
frame => hasInsecureLoginForms(frame));
|
||||
};
|
||||
|
|
|
@ -51,8 +51,6 @@ support-files =
|
|||
[browser_hasInsecureLoginForms.js]
|
||||
[browser_hasInsecureLoginForms_streamConverter.js]
|
||||
[browser_http_autofill.js]
|
||||
support-files =
|
||||
form_cross_origin_insecure_action.html
|
||||
[browser_insecurePasswordConsoleWarning.js]
|
||||
support-files =
|
||||
form_cross_origin_insecure_action.html
|
||||
|
|
|
@ -75,3 +75,4 @@ add_task(async function test_http_action_autofill() {
|
|||
gBrowser.removeTab(tab);
|
||||
}
|
||||
});
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче