mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 4 changesets (bug 1624268) for causing brwoser-chrome failure at toolkit/components/antitracking/test/browser/browser_partitionedSharedWorkers.js 

CLOSED TREE

Backed out changeset d58da2438eee (bug 1624268)
Backed out changeset 06adb66489b8 (bug 1624268)
Backed out changeset c947c72829a6 (bug 1624268)
Backed out changeset 8af99a5ecd54 (bug 1624268)
This commit is contained in:
Daniel Varga 2020-04-17 17:16:26 +03:00
Родитель bb9d882e66
Коммит 779e62f1bc
2 изменённых файлов: 102 добавлений и 59 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
dom/base/nsGlobalWindowOuter.cpp
Просмотреть файл

@ -2515,10 +2515,6 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
newInnerWindow->GetWindowGlobalChild()
->WindowContext()
->SetCookieJarSettings(Some(cookieJarSettings));
newInnerWindow->GetWindowGlobalChild()
->WindowContext()
->SetHasStoragePermission(aDocument->HasStoragePermission());
}
mHasStorageAccess = false;
@ -2553,6 +2549,10 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
}
}
newInnerWindow->GetWindowGlobalChild()
->WindowContext()
->SetHasStoragePermission(aDocument->HasStoragePermission());
return NS_OK;
}

153
toolkit/components/antitracking/ContentBlocking.cpp
Просмотреть файл

@ -729,11 +729,12 @@ bool ContentBlocking::ShouldAllowAccessFor(nsPIDOMWindowInner* aWindow,
return false;
}
nsCOMPtr<nsIPrincipal> parentPrincipal;
nsAutoCString trackingOrigin;
if (!GetParentPrincipalAndTrackingOrigin(nsGlobalWindowInner::Cast(aWindow),
behavior, nullptr, trackingOrigin,
nullptr)) {
LOG(("Failed to obtain the the tracking origin"));
if (!GetParentPrincipalAndTrackingOrigin(
nsGlobalWindowInner::Cast(aWindow), behavior,
getter_AddRefs(parentPrincipal), trackingOrigin, nullptr)) {
LOG(("Failed to obtain the parent principal and the tracking origin"));
*aRejectedReason = blockedReason;
return false;
}
@ -746,20 +747,9 @@ bool ContentBlocking::ShouldAllowAccessFor(nsPIDOMWindowInner* aWindow,
return true;
}
RefPtr<WindowContext> wc = aWindow->GetWindowContext();
if (!wc) {
LOG(("Failed to obtain the window context from the window."));
*aRejectedReason = blockedReason;
return false;
}
bool allowed = wc->GetHasStoragePermission();
if (!allowed) {
*aRejectedReason = blockedReason;
}
return allowed;
return AntiTrackingUtils::CheckStoragePermission(
parentPrincipal, type, nsContentUtils::IsInPrivateBrowsing(document),
aRejectedReason, blockedReason);
}
bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
@ -788,6 +778,61 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
channelURI);
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
// We need to find the correct principal to check the cookie permission. For
// third-party contexts, we want to check if the top-level window has a custom
// cookie permission.
nsCOMPtr<nsIPrincipal> toplevelPrincipal = loadInfo->GetTopLevelPrincipal();
// If this is already the top-level window, we should use the loading
// principal.
if (!toplevelPrincipal) {
LOG(
("Our loadInfo lacks a top-level principal, use the loadInfo's loading "
"principal instead"));
toplevelPrincipal = loadInfo->GetLoadingPrincipal();
}
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
// If we don't have a loading principal and this is a document channel, we are
// a top-level window!
if (!toplevelPrincipal) {
LOG(
("We don't have a loading principal, let's see if this is a document "
"channel"
" that belongs to a top-level window"));
bool isDocument = false;
if (httpChannel) {
rv = httpChannel->GetIsMainDocumentChannel(&isDocument);
}
if (httpChannel && NS_SUCCEEDED(rv) && isDocument) {
rv = ssm->GetChannelResultPrincipal(aChannel,
getter_AddRefs(toplevelPrincipal));
if (NS_SUCCEEDED(rv)) {
LOG(("Yes, we guessed right!"));
} else {
LOG(
("Yes, we guessed right, but minting the channel result principal "
"failed"));
}
} else {
LOG(("No, we guessed wrong!"));
}
}
// Let's use the triggering principal then.
if (!toplevelPrincipal) {
LOG(
("Our loadInfo lacks a top-level principal, use the loadInfo's "
"triggering principal instead"));
toplevelPrincipal = loadInfo->TriggeringPrincipal();
}
if (NS_WARN_IF(!toplevelPrincipal)) {
LOG(("No top-level principal! Bail out early"));
return false;
}
nsCOMPtr<nsICookieJarSettings> cookieJarSettings;
rv = loadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings));
if (NS_WARN_IF(NS_FAILED(rv))) {
@ -833,8 +878,6 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
return true;
}
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
if (httpChannel && ContentBlockingAllowList::Check(httpChannel)) {
return true;
}
@ -920,6 +963,33 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
blockedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN;
}
// Only use the "top-level storage area principal" behaviour for reject
// tracker mode only.
nsIPrincipal* parentPrincipal =
(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER)
? loadInfo->GetTopLevelStorageAreaPrincipal()
: loadInfo->GetTopLevelPrincipal();
if (!parentPrincipal) {
LOG(("No top-level storage area principal at hand"));
// parentPrincipal can be null if the parent window is not the top-level
// window.
if (loadInfo->GetTopLevelPrincipal()) {
LOG(("Parent window is the top-level window, bail out early"));
*aRejectedReason = blockedReason;
return false;
}
parentPrincipal = toplevelPrincipal;
if (NS_WARN_IF(!parentPrincipal)) {
LOG(
("No triggering principal, this shouldn't be happening! Bail out "
"early"));
// Why we are here?!?
return true;
}
}
// Let's see if we have to grant the access for this particular channel.
nsCOMPtr<nsIURI> trackingURI;
@ -939,43 +1009,16 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
nsAutoCString type;
AntiTrackingUtils::CreateStoragePermissionKey(trackingOrigin, type);
auto checkPermission = [loadInfo, aRejectedReason, blockedReason]() -> bool {
bool allowed = loadInfo->GetHasStoragePermission();
if (!allowed) {
*aRejectedReason = blockedReason;
}
return allowed;
};
// Call HasStorageAccessGranted() in the top-level inner window to check
// if the storage permission has been granted by the heuristic or the
// StorageAccessAPI. Note that calling the HasStorageAccessGranted() is still
// not fission-compatible. This would be modified in Bug 1612376.
nsCOMPtr<mozIDOMWindowProxy> win;
rv = thirdPartyUtil->GetTopWindowForChannel(aChannel, nullptr,
getter_AddRefs(win));
Unused << NS_WARN_IF(NS_FAILED(rv));
if (!win) {
return checkPermission();
uint32_t privateBrowsingId = 0;
rv = channelPrincipal->GetPrivateBrowsingId(&privateBrowsingId);
if (NS_WARN_IF(NS_FAILED(rv))) {
LOG(("Failed to get the channel principal's private browsing ID"));
return false;
}
nsGlobalWindowOuter* topWindow =
nsGlobalWindowOuter::Cast(nsPIDOMWindowOuter::From(win));
nsPIDOMWindowInner* topInnerWindow = topWindow->GetCurrentInnerWindow();
// We use the 'hasStoragePermission' flag to check the storage permission.
// However, this flag won't get updated once the permission is granted by
// the heuristic or the StorageAccessAPI. So, we need to check the
// HasStorageAccessGranted() in order to get the correct storage access before
// we check the 'hasStoragePermission' flag.
if (topInnerWindow && topInnerWindow->HasStorageAccessGranted(type)) {
return true;
}
return checkPermission();
return AntiTrackingUtils::CheckStoragePermission(
parentPrincipal, type, !!privateBrowsingId, aRejectedReason,
blockedReason);
}
bool ContentBlocking::ShouldAllowAccessFor(