Bug 1373513 - Part 1: data:image, data:css, and data:fonts should be same origin. r=smaug

For font-face
https://drafts.csswg.org/css-fonts-3/#font-fetching-requirements

/* data url's with no redirects are treated as same origin */
src: url("data:application/font-woff;base64,...");

For image
https://html.spec.whatwg.org/multipage/images.html#updating-the-image-data
Step 12
⌛ Fetch request. Let this instance of the fetching algorithm be
associated with image request.

This will go to Fetch spec then.

For <link rel="stylesheet" href="data:text/css" ...>
https://html.spec.whatwg.org/multipage/semantics.html#obtaining-a-resource-from-a-link-element
Step 10
Fetch request.

This will also go to Fetch spec then.

[Fetch] specification,
https://fetch.spec.whatwg.org/#main-fetch, step 12,
request’s current url’s scheme is "data"
1. Set request’s response tainting to "basic".

And from
https://html.spec.whatwg.org/multipage/urls-and-fetching.html#terminology-3
A response whose type is "basic", "cors", or "default" is
CORS-same-origin.

For subresource loading using data: URI, it should be treated as same
origin.

docshell/base/moz.build

@@ -115,6 +115,7 @@ LOCAL_INCLUDES += [
     '/layout/generic',
     '/layout/style',
     '/layout/xul',
+    '/netwerk/base',
     '/netwerk/protocol/viewsource',
     '/toolkit/components/browser',
     '/tools/profiler',

docshell/base/nsDocShell.cpp

@@ -205,6 +205,7 @@
 #include "nsIIDNService.h"
 #include "nsIInputStreamChannel.h"
 #include "nsINestedURI.h"
+#include "nsIOService.h"
 #include "nsISHContainer.h"
 #include "nsISHistory.h"
 #include "nsISecureBrowserUI.h"
@@ -10962,11 +10963,17 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   bool inherit = false;
 
   if (aPrincipalToInherit) {
+    bool isData;
+    bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
+                             NS_SUCCEEDED(aURI->SchemeIs("data", &isData)) &&
+                             isData;
+    // If aURI is data: URI and is treated as a unique opaque origin, we don't
+    // want to inherit principal.
     inherit = nsContentUtils::ChannelShouldInheritPrincipal(
       aPrincipalToInherit,
       aURI,
       true, // aInheritForAboutBlank
-      isSrcdoc);
+      isSrcdoc) && !isURIUniqueOrigin ;
   }
 
   nsLoadFlags loadFlags = mDefaultLoadFlags;

dom/base/test/mochitest.ini

@@ -637,6 +637,7 @@ skip-if = toolkit == 'android' #bug 904183
 [test_dialogArguments.html]
 tags = openwindow
 skip-if = toolkit == 'android' || e10s # showmodaldialog
+[test_data_uri.html]
 [test_document.all_iteration.html]
 [test_document.all_unqualified.html]
 [test_document_constructor.html]

netwerk/protocol/data/nsDataHandler.cpp

@@ -52,15 +52,9 @@ nsDataHandler::GetDefaultPort(int32_t *result) {
 
 NS_IMETHODIMP
 nsDataHandler::GetProtocolFlags(uint32_t *result) {
-    *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE |
-              URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
+    *result = URI_NORELATIVE | URI_NOAUTH | URI_INHERITS_SECURITY_CONTEXT |
+              URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
               URI_SYNC_LOAD_IS_OK;
-
-    // Until Bug 1324406 and all it's dependencies are fixed
-    // data: URIs inherit the security context.
-    if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) {
-        *result |= URI_INHERITS_SECURITY_CONTEXT;
-    }
     return NS_OK;
 }