Bug 1535697 - Part 6: Use separate network connections for isolated third-party trackers; r=michal

Differential Revision: https://phabricator.services.mozilla.com/D28376

--HG--
extra : moz-landing-system : lando

netwerk/protocol/http/nsHttpConnectionInfo.cpp

@@ -45,7 +45,7 @@ nsHttpConnectionInfo::nsHttpConnectionInfo(
     const nsACString &npnToken, const nsACString &username,
     const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
     const OriginAttributes &originAttributes, bool endToEndSSL)
-    : mRoutedPort(443), mLessThanTls13(false) {
+    : mRoutedPort(443), mIsolated(0), mLessThanTls13(false) {
   Init(originHost, originPort, npnToken, username, topWindowOrigin, proxyInfo,
        originAttributes, endToEndSSL);
 }
@@ -56,7 +56,7 @@ nsHttpConnectionInfo::nsHttpConnectionInfo(
     const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
     const OriginAttributes &originAttributes, const nsACString &routedHost,
     int32_t routedPort)
-    : mLessThanTls13(false) {
+    : mIsolated(0), mLessThanTls13(false) {
   mEndToEndSSL = true;  // so DefaultPort() works
   mRoutedPort = routedPort == -1 ? DefaultPort() : routedPort;
 
@@ -137,6 +137,9 @@ void nsHttpConnectionInfo::BuildHashKey() {
   // byte 7 is i/. i is for isolated
 
   mHashKey.AssignLiteral("........[tlsflags0x00000000]");
+  if (mIsolated) {
+    mHashKey.SetCharAt('i', 7);
+  }
 
   mHashKey.Append(keyHost);
   mHashKey.Append(':');
@@ -222,6 +225,14 @@ void nsHttpConnectionInfo::BuildHashKey() {
     mHashKey.AppendLiteral("[!v6]");
   }
 
+  if (mIsolated && !mTopWindowOrigin.IsEmpty()) {
+    mHashKey.Append('{');
+    mHashKey.Append('{');
+    mHashKey.Append(mTopWindowOrigin);
+    mHashKey.Append('}');
+    mHashKey.Append('}');
+  }
+
   nsAutoCString originAttributes;
   mOriginAttributes.CreateSuffix(originAttributes);
   mHashKey.Append(originAttributes);

netwerk/protocol/http/nsHttpConnectionInfo.h

@@ -125,9 +125,10 @@ class nsHttpConnectionInfo final : public ARefBase {
   bool GetBeConservative() const { return mHashKey.CharAt(6) == 'C'; }
 
   void SetIsolated(bool aIsolated) {
-    mHashKey.SetCharAt(aIsolated ? 'i' : '.', 7);
+    mIsolated = aIsolated;
+    BuildHashKey();
   }
-  bool GetIsolated() const { return mHashKey.CharAt(7) == 'i'; }
+  bool GetIsolated() const { return mIsolated; }
 
   void SetTlsFlags(uint32_t aTlsFlags);
   uint32_t GetTlsFlags() const { return mTlsFlags; }
@@ -205,6 +206,7 @@ class nsHttpConnectionInfo final : public ARefBase {
   OriginAttributes mOriginAttributes;
 
   uint32_t mTlsFlags;
+  uint16_t mIsolated : 1;
   uint16_t mTrrUsed : 1;
   uint16_t mTrrDisabled : 1;
   uint16_t mIPv4Disabled : 1;

toolkit/components/antitracking/test/browser/browser_tlsSessionTickets.js

@@ -1,3 +1,17 @@
+function isIsolated(key) {
+  return key.charAt(7) == "i";
+}
+
+function hasTopWindowOrigin(key, origin) {
+  let tokenAtEnd = `{{${origin}}}`;
+  let endPart = key.slice(-tokenAtEnd.length);
+  return endPart == tokenAtEnd;
+}
+
+function hasAnyTopWindowOrigin(key) {
+  return !!key.match(/{{[^}]+}}/);
+}
+
 add_task(async function() {
   info("Starting tlsSessionTickets test");
 
@@ -82,6 +96,16 @@ add_task(async function() {
     is(hashKeys.length, 3, "We should have observed 3 loads for " + trackingURL);
     is(hashKeys[1], hashKeys[2], "The second and third hash keys should match");
     isnot(hashKeys[0], hashKeys[1], "The first and second hash keys should not match");
+
+    ok(isIsolated(hashKeys[0]), "The first connection must have been isolated");
+    ok(!isIsolated(hashKeys[1]), "The second connection must not have been isolated");
+    ok(!isIsolated(hashKeys[2]), "The third connection must not have been isolated");
+    ok(hasTopWindowOrigin(hashKeys[0], TEST_DOMAIN.replace(/\/$/, "")),
+       "The first connection must be bound to its top-level window");
+    ok(!hasAnyTopWindowOrigin(hashKeys[1]),
+       "The second connection must not be bound to a top-level window");
+    ok(!hasAnyTopWindowOrigin(hashKeys[2]),
+       "The third connection must not be bound to a top-level window");
   });
 
   info("Removing the tab");