Backed out changeset c5cf88fb02d1 (bug 1498526) for causing multiple failures e.g. browser/extensions/formautofill/test/mochitest/test_address_level_1_submission.html CLOSED TREE

docshell/base/nsDocShell.cpp

@@ -358,7 +358,6 @@ nsDocShell::nsDocShell()
   , mAllowContentRetargeting(true)
   , mAllowContentRetargetingOnChildren(true)
   , mUseErrorPages(false)
-  , mUseStrictSecurityChecks(false)
   , mObserveErrorPages(true)
   , mCSSErrorReportingEnabled(false)
   , mAllowAuth(true)
@@ -4163,9 +4162,6 @@ nsDocShell::LoadURIWithOptions(const nsAString& aURI,
   MOZ_ASSERT(aTriggeringPrincipal, "LoadURIWithOptions: Need a valid triggeringPrincipal");
 #endif
 
-  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
-    return NS_ERROR_FAILURE;
-  }
 
   rv = NS_NewURI(getter_AddRefs(uri), uriString);
   if (uri) {
@@ -4923,9 +4919,6 @@ nsDocShell::Reload(uint32_t aReloadFlags)
     }
 
     MOZ_ASSERT(triggeringPrincipal, "Need a valid triggeringPrincipal");
-    if (mUseStrictSecurityChecks && !triggeringPrincipal) {
-      return NS_ERROR_FAILURE;
-    }
 
     // Stack variables to ensure changes to the member variables don't affect to
     // the call.
@@ -5196,9 +5189,6 @@ nsDocShell::Create()
       Preferences::GetBool("browser.frame.validate_origin", true);
   }
 
-  mUseStrictSecurityChecks = Preferences::GetBool("security.strict_security_checks.enabled",
-                                                  mUseStrictSecurityChecks);
-
   // Should we use XUL error pages instead of alerts if possible?
   mUseErrorPages =
     Preferences::GetBool("browser.xul.error_pages.enabled", mUseErrorPages);
@@ -10392,10 +10382,6 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   // the triggeringPrincipal for TYPE_DOCUMENT loads.
   MOZ_ASSERT(aTriggeringPrincipal, "Need a valid triggeringPrincipal");
 
-  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
-    return NS_ERROR_FAILURE;
-  }
-
   bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
 
   // We want to inherit aPrincipalToInherit when:
@@ -13228,9 +13214,6 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
                             bool aIsUserTriggered,
                             nsIPrincipal* aTriggeringPrincipal)
 {
-  if (mUseStrictSecurityChecks && !aTriggeringPrincipal) {
-    return NS_ERROR_FAILURE;
-  }
   // Initialize the DocShell / Request
   if (aDocShell) {
     *aDocShell = nullptr;

docshell/base/nsDocShell.h

@@ -1138,7 +1138,6 @@ private: // data members
   bool mAllowContentRetargeting : 1;
   bool mAllowContentRetargetingOnChildren : 1;
   bool mUseErrorPages : 1;
-  bool mUseStrictSecurityChecks : 1;
   bool mObserveErrorPages : 1;
   bool mCSSErrorReportingEnabled : 1;
   bool mAllowAuth : 1;

modules/libpref/init/all.js

@@ -2663,14 +2663,6 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);
 
-// If set to true strict checks will happen on the triggering principal for loads.
-// Android is disabled at the moment pending Bug 1504968
-#if !defined(RELEASE_OR_BETA) && !defined(ANDROID)
-pref("security.strict_security_checks.enabled", true);
-#else
-pref("security.strict_security_checks.enabled", false);
-#endif
-
 // Remote settings preferences
 pref("services.settings.poll_interval", 86400); // 24H
 pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");