mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 11 changesets (bug 1330467) as requested by xeonchen on IRC. CLOSED TREE 

Backed out changeset 0229d5353d50 (bug 1330467)
Backed out changeset 2f2308fe5747 (bug 1330467)
Backed out changeset 2cd09bae2bdf (bug 1330467)
Backed out changeset 2648f5bb1804 (bug 1330467)
Backed out changeset 4686eebd8962 (bug 1330467)
Backed out changeset b43fa07d5756 (bug 1330467)
Backed out changeset 35d96a4ff659 (bug 1330467)
Backed out changeset 6ac44130d2bb (bug 1330467)
Backed out changeset f939c61e051f (bug 1330467)
Backed out changeset 0ae215d91758 (bug 1330467)
Backed out changeset 1d48bdbb4035 (bug 1330467)
This commit is contained in:
Mihai Alexandru Michis 2019-05-17 16:19:06 +03:00
Родитель 724354e338
Коммит 97df17e745
24 изменённых файлов: 175 добавлений и 270 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
browser/base/content/browser-siteIdentity.js
Просмотреть файл

@ -1157,9 +1157,9 @@ var gIdentityHandler = {
// Avoiding listening to the "select" event on purpose. See Bug 1404262.
menulist.addEventListener("command", () => {
SitePermissions.setForPrincipal(gBrowser.contentPrincipal,
aPermission.id,
menulist.selectedItem.value);
SitePermissions.set(gBrowser.currentURI,
aPermission.id,
menulist.selectedItem.value);
});
container.appendChild(img);
@ -1213,16 +1213,16 @@ var gIdentityHandler = {
// If we set persistent permissions or the sharing has
// started due to existing persistent permissions, we need
// to handle removing these even for frames with different hostnames.
let principals = browser._devicePermissionPrincipals || [];
for (let principal of principals) {
let uris = browser._devicePermissionURIs || [];
for (let uri of uris) {
// It's not possible to stop sharing one of camera/microphone
// without the other.
for (let id of ["camera", "microphone"]) {
if (this._sharingState[id]) {
let perm = SitePermissions.getForPrincipal(principal, id);
let perm = SitePermissions.get(uri, id);
if (perm.state == SitePermissions.ALLOW &&
perm.scope == SitePermissions.SCOPE_PERSISTENT) {
SitePermissions.removeFromPrincipal(principal, id);
SitePermissions.remove(uri, id);
}
}
}
@ -1231,7 +1231,7 @@ var gIdentityHandler = {
browser.messageManager.sendAsyncMessage("webrtc:StopSharing", windowId);
webrtcUI.forgetActivePermissionsFromBrowser(gBrowser.selectedBrowser);
}
SitePermissions.removeFromPrincipal(gBrowser.contentPrincipal, aPermission.id, browser);
SitePermissions.remove(gBrowser.currentURI, aPermission.id, browser);
this._permissionReloadHint.removeAttribute("hidden");
PanelView.forNode(this._identityPopupMainView)

21
browser/base/content/browser.js
Просмотреть файл

@ -7253,7 +7253,7 @@ var CanvasPermissionPromptHelper = {
},
// aSubject is an nsIBrowser (e10s) or an nsIDOMWindow (non-e10s).
// aData is an Origin string.
// aData is an URL string.
observe(aSubject, aTopic, aData) {
if (aTopic != this._permissionsPrompt &&
aTopic != this._permissionsPromptHideDoorHanger) {
@ -7268,6 +7268,7 @@ var CanvasPermissionPromptHelper = {
browser = aSubject;
}
let uri = Services.io.newURI(aData);
if (gBrowser.selectedBrowser !== browser) {
// Must belong to some other window.
return;
@ -7275,21 +7276,17 @@ var CanvasPermissionPromptHelper = {
let message = gNavigatorBundle.getFormattedString("canvas.siteprompt", ["<>"], 1);
let principal = Services.scriptSecurityManager
.createCodebasePrincipalFromOrigin(aData);
function setCanvasPermission(aPerm, aPersistent) {
Services.perms.addFromPrincipal(
principal, "canvas", aPerm,
aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER
: Ci.nsIPermissionManager.EXPIRE_SESSION);
function setCanvasPermission(aURI, aPerm, aPersistent) {
Services.perms.add(aURI, "canvas", aPerm,
aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER
: Ci.nsIPermissionManager.EXPIRE_SESSION);
}
let mainAction = {
label: gNavigatorBundle.getString("canvas.allow"),
accessKey: gNavigatorBundle.getString("canvas.allow.accesskey"),
callback(state) {
setCanvasPermission(Ci.nsIPermissionManager.ALLOW_ACTION,
setCanvasPermission(uri, Ci.nsIPermissionManager.ALLOW_ACTION,
state && state.checkboxChecked);
},
};
@ -7298,7 +7295,7 @@ var CanvasPermissionPromptHelper = {
label: gNavigatorBundle.getString("canvas.notAllow"),
accessKey: gNavigatorBundle.getString("canvas.notAllow.accesskey"),
callback(state) {
setCanvasPermission(Ci.nsIPermissionManager.DENY_ACTION,
setCanvasPermission(uri, Ci.nsIPermissionManager.DENY_ACTION,
state && state.checkboxChecked);
},
}];
@ -7314,7 +7311,7 @@ var CanvasPermissionPromptHelper = {
let options = {
checkbox,
name: principal.URI.host,
name: uri.asciiHost,
learnMoreURL: Services.urlFormatter.formatURLPref("app.support.baseURL") + "fingerprint-permission",
dismissed: aTopic == this._permissionsPromptHideDoorHanger,
};

14
browser/base/content/pageinfo/permissions.js
Просмотреть файл

@ -6,6 +6,7 @@
const {SitePermissions} = ChromeUtils.import("resource:///modules/SitePermissions.jsm");
var gPermURI;
var gPermPrincipal;
var gUsageRequest;
@ -22,7 +23,7 @@ var permissionObserver = {
observe(aSubject, aTopic, aData) {
if (aTopic == "perm-changed") {
var permission = aSubject.QueryInterface(Ci.nsIPermission);
if (permission.matches(gPermPrincipal, true) && gPermissions.includes(permission.type)) {
if (permission.matchesURI(gPermURI, true) && gPermissions.includes(permission.type)) {
initRow(permission.type);
}
}
@ -31,10 +32,11 @@ var permissionObserver = {
function onLoadPermission(uri, principal) {
var permTab = document.getElementById("permTab");
if (SitePermissions.isSupportedPrincipal(principal)) {
if (SitePermissions.isSupportedURI(uri)) {
gPermURI = uri;
gPermPrincipal = principal;
var hostText = document.getElementById("hostText");
hostText.value = uri.displayPrePath;
hostText.value = gPermURI.displayPrePath;
for (var i of gPermissions) {
initRow(i);
@ -61,7 +63,7 @@ function initRow(aPartId) {
var checkbox = document.getElementById(aPartId + "Def");
var command = document.getElementById("cmd_" + aPartId + "Toggle");
var {state, scope} = SitePermissions.getForPrincipal(gPermPrincipal, aPartId);
var {state, scope} = SitePermissions.get(gPermURI, aPartId);
let defaultState = SitePermissions.getDefault(aPartId);
// Since cookies preferences have many different possible configuration states
@ -166,7 +168,7 @@ function onCheckboxClick(aPartId) {
var command = document.getElementById("cmd_" + aPartId + "Toggle");
var checkbox = document.getElementById(aPartId + "Def");
if (checkbox.checked) {
SitePermissions.removeFromPrincipal(gPermPrincipal, aPartId);
SitePermissions.remove(gPermURI, aPartId);
command.setAttribute("disabled", "true");
} else {
onRadioClick(aPartId);
@ -178,7 +180,7 @@ function onRadioClick(aPartId) {
var radioGroup = document.getElementById(aPartId + "RadioGroup");
var id = radioGroup.selectedItem ? radioGroup.selectedItem.id : "#1";
var permission = parseInt(id.split("#")[1]);
SitePermissions.setForPrincipal(gPermPrincipal, aPartId, permission);
SitePermissions.set(gPermURI, aPartId, permission);
}
function setRadioState(aPartId, aValue) {

6
browser/components/preferences/sitePermissions.js
Просмотреть файл

@ -374,11 +374,13 @@ var gSitePermissionsManager = {
this.uninit();
for (let p of this._permissionsToChange.values()) {
SitePermissions.setForPrincipal(p.principal, p.type, p.capability);
let uri = Services.io.newURI(p.origin);
SitePermissions.set(uri, p.type, p.capability);
}
for (let p of this._permissionsToDelete.values()) {
SitePermissions.removeFromPrincipal(p.principal, p.type);
let uri = Services.io.newURI(p.origin);
SitePermissions.remove(uri, p.type);
}
if (this._checkbox.checked) {

6
browser/components/translation/Translation.jsm
Просмотреть файл

@ -68,7 +68,7 @@ var Translation = {
trUI.showURLBarIcon();
if (trUI.shouldShowInfoBar(aBrowser.contentPrincipal))
if (trUI.shouldShowInfoBar(aBrowser.currentURI))
trUI.showTranslationInfoBar();
},
@ -234,7 +234,7 @@ TranslationUI.prototype = {
return notif;
},
shouldShowInfoBar(aPrincipal) {
shouldShowInfoBar(aURI) {
// Never show the infobar automatically while the translation
// service is temporarily unavailable.
if (Translation.serviceUnavailable)
@ -250,7 +250,7 @@ TranslationUI.prototype = {
// or if we should never show the infobar for this domain.
let perms = Services.perms;
if (perms.testExactPermissionFromPrincipal(aPrincipal, "translate") == perms.DENY_ACTION) {
if (perms.testExactPermission(aURI, "translate") == perms.DENY_ACTION) {
TranslationTelemetry.recordAutoRejectedTranslationOffer();
return false;
}

8
browser/components/translation/content/translation-notification.js
Просмотреть файл

@ -312,11 +312,11 @@ class MozTranslationNotification extends MozElements.Notification {
item.disabled = neverForLangs.split(",").includes(lang);
// Check if translation is disabled for the domain:
let principal = this.translation.browser.contentPrincipal;
let uri = this.translation.browser.currentURI;
let perms = Services.perms;
item = this._getAnonElt("neverForSite");
item.disabled =
perms.testExactPermissionFromPrincipal(principal, "translate") == perms.DENY_ACTION;
perms.testExactPermission(uri, "translate") == perms.DENY_ACTION;
}
neverForLanguage() {
@ -333,9 +333,9 @@ class MozTranslationNotification extends MozElements.Notification {
}
neverForSite() {
let principal = this.translation.browser.contentPrincipal;
let uri = this.translation.browser.currentURI;
let perms = Services.perms;
perms.addFromPrincipal(principal, "translate", perms.DENY_ACTION);
perms.add(uri, "translate", perms.DENY_ACTION);
this.closeCommand();
}

12
browser/components/translation/test/browser_translation_exceptions.js
Просмотреть файл

@ -112,8 +112,8 @@ var gTests = [
let notif = await getInfoBar();
ok(notif, "the infobar is visible");
let ui = gBrowser.selectedBrowser.translationUI;
let principal = gBrowser.selectedBrowser.contentPrincipal;
ok(ui.shouldShowInfoBar(principal, "fr"),
let uri = gBrowser.selectedBrowser.currentURI;
ok(ui.shouldShowInfoBar(uri, "fr"),
"check shouldShowInfoBar initially returns true");
// Open the "options" drop down.
@ -134,7 +134,7 @@ var gTests = [
let langs = getLanguageExceptions();
is(langs.length, 1, "one language in the exception list");
is(langs[0], "fr", "correct language in the exception list");
ok(!ui.shouldShowInfoBar(principal, "fr"),
ok(!ui.shouldShowInfoBar(uri, "fr"),
"the infobar wouldn't be shown anymore");
// Reopen the infobar.
@ -162,8 +162,8 @@ var gTests = [
let notif = await getInfoBar();
ok(notif, "the infobar is visible");
let ui = gBrowser.selectedBrowser.translationUI;
let principal = gBrowser.selectedBrowser.contentPrincipal;
ok(ui.shouldShowInfoBar(principal, "fr"),
let uri = gBrowser.selectedBrowser.currentURI;
ok(ui.shouldShowInfoBar(uri, "fr"),
"check shouldShowInfoBar initially returns true");
// Open the "options" drop down.
@ -184,7 +184,7 @@ var gTests = [
let sites = getDomainExceptions();
is(sites.length, 1, "one site in the exception list");
is(sites[0].origin, "http://example.com", "correct site in the exception list");
ok(!ui.shouldShowInfoBar(principal, "fr"),
ok(!ui.shouldShowInfoBar(uri, "fr"),
"the infobar wouldn't be shown anymore");
// Reopen the infobar.

24
browser/modules/PermissionUI.jsm
Просмотреть файл

@ -364,9 +364,9 @@ var PermissionPromptPrototype = {
// If we're reading and setting permissions, then we need
// to check to see if we already have a permission setting
// for this particular principal.
let {state} = SitePermissions.getForPrincipal(this.principal,
this.permissionKey,
this.browser);
let {state} = SitePermissions.get(requestingURI,
this.permissionKey,
this.browser);
if (state == SitePermissions.BLOCK) {
// If this block was done based on a global user setting, we want to show
@ -439,19 +439,19 @@ var PermissionPromptPrototype = {
if (PrivateBrowsingUtils.isBrowserPrivate(this.browser)) {
scope = SitePermissions.SCOPE_SESSION;
}
SitePermissions.setForPrincipal(this.principal,
this.permissionKey,
promptAction.action,
scope);
SitePermissions.set(this.principal.URI,
this.permissionKey,
promptAction.action,
scope);
} else if (promptAction.action == SitePermissions.BLOCK) {
// Temporarily store BLOCK permissions only
// SitePermissions does not consider subframes when storing temporary
// permissions on a tab, thus storing ALLOW could be exploited.
SitePermissions.setForPrincipal(this.principal,
this.permissionKey,
promptAction.action,
SitePermissions.SCOPE_TEMPORARY,
this.browser);
SitePermissions.set(this.principal.URI,
this.permissionKey,
promptAction.action,
SitePermissions.SCOPE_TEMPORARY,
this.browser);
}
// Grant permission if action is ALLOW.

126
browser/modules/SitePermissions.jsm
Просмотреть файл

@ -259,7 +259,6 @@ var SitePermissions = {
_defaultPrefBranch: Services.prefs.getBranch("permissions.default."),
/**
* Deprecated! Please use getAllByPrincipal(principal) instead.
* Gets all custom permissions for a given URI.
* Install addon permission is excluded, check bug 1303108.
*
@ -272,28 +271,12 @@ var SitePermissions = {
getAllByURI(uri) {
if (!(uri instanceof Ci.nsIURI))
throw new Error("uri parameter should be an nsIURI");
let principal = uri ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {}) : null;
return this.getAllByPrincipal(principal);
},
/**
* Gets all custom permissions for a given principal.
* Install addon permission is excluded, check bug 1303108.
*
* @return {Array} a list of objects with the keys:
* - id: the permissionId of the permission
* - scope: the scope of the permission (e.g. SitePermissions.SCOPE_TEMPORARY)
* - state: a constant representing the current permission state
* (e.g. SitePermissions.ALLOW)
*/
getAllByPrincipal(principal) {
let result = [];
if (!this.isSupportedPrincipal(principal)) {
if (!this.isSupportedURI(uri)) {
return result;
}
let permissions = Services.perms.getAllForPrincipal(principal);
let permissions = Services.perms.getAllForURI(uri);
while (permissions.hasMoreElements()) {
let permission = permissions.getNext();
@ -350,7 +333,7 @@ var SitePermissions = {
permissions[permission.id] = permission;
}
for (let permission of this.getAllByPrincipal(browser.contentPrincipal)) {
for (let permission of this.getAllByURI(browser.currentURI)) {
permissions[permission.id] = permission;
}
@ -378,7 +361,6 @@ var SitePermissions = {
},
/**
* Deprecated! Please use isSupportedPrincipal(principal) instead.
* Checks whether a UI for managing permissions should be exposed for a given
* URI. This excludes file URIs, for instance, as they don't have a host,
* even though nsIPermissionManager can still handle them.
@ -393,21 +375,6 @@ var SitePermissions = {
},
/**
* Checks whether a UI for managing permissions should be exposed for a given
* principal. This excludes file URIs, for instance, as they don't have a host,
* even though nsIPermissionManager can still handle them.
*
* @param {nsIPrincipal} principal
* The principal to check.
*
* @return {boolean} if the principal is supported.
*/
isSupportedPrincipal(principal) {
return principal && principal.URI &&
["http", "https", "moz-extension"].includes(principal.URI.scheme);
},
/**
* Gets an array of all permission IDs.
*
* @return {Array<String>} an array of all permission IDs.
@ -506,40 +473,15 @@ var SitePermissions = {
get(uri, permissionID, browser) {
if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI)))
throw new Error("uri parameter should be an nsIURI or a browser parameter is needed");
let principal = uri ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {}) : null;
return this.getForPrincipal(principal, permissionID, browser);
},
/**
* Returns the state and scope of a particular permission for a given principal.
*
* This method will NOT dispatch a "PermissionStateChange" event on the specified
* browser if a temporary permission was removed because it has expired.
*
* @param {nsIPrincipal} principal
* The principal to check.
* @param {String} permissionID
* The id of the permission.
* @param {Browser} browser (optional)
* The browser object to check for temporary permissions.
*
* @return {Object} an object with the keys:
* - state: The current state of the permission
* (e.g. SitePermissions.ALLOW)
* - scope: The scope of the permission
* (e.g. SitePermissions.SCOPE_PERSISTENT)
*/
getForPrincipal(principal, permissionID, browser) {
let defaultState = this.getDefault(permissionID);
let result = { state: defaultState, scope: this.SCOPE_PERSISTENT };
if (this.isSupportedPrincipal(principal)) {
if (this.isSupportedURI(uri)) {
let permission = null;
if (permissionID in gPermissionObject &&
gPermissionObject[permissionID].exactHostMatch) {
permission = Services.perms.getPermissionObject(principal, permissionID, true);
permission = Services.perms.getPermissionObjectForURI(uri, permissionID, true);
} else {
permission = Services.perms.getPermissionObject(principal, permissionID, false);
permission = Services.perms.getPermissionObjectForURI(uri, permissionID, false);
}
if (permission) {
@ -567,7 +509,6 @@ var SitePermissions = {
},
/**
* Deprecated! Use setForPrincipal(...) instead.
* Sets the state of a particular permission for a given URI or browser.
* This method will dispatch a "PermissionStateChange" event on the specified
* browser if a temporary permission was set
@ -588,30 +529,6 @@ var SitePermissions = {
set(uri, permissionID, state, scope = this.SCOPE_PERSISTENT, browser = null) {
if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI)))
throw new Error("uri parameter should be an nsIURI or a browser parameter is needed");
let principal = uri ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {}) : null;
return this.setForPrincipal(principal, permissionID, state, scope, browser);
},
/**
* Sets the state of a particular permission for a given principal or browser.
* This method will dispatch a "PermissionStateChange" event on the specified
* browser if a temporary permission was set
*
* @param {nsIPrincipal} principal
* The principal to set the permission for.
* Note that this will be ignored if the scope is set to SCOPE_TEMPORARY
* @param {String} permissionID
* The id of the permission.
* @param {SitePermissions state} state
* The state of the permission.
* @param {SitePermissions scope} scope (optional)
* The scope of the permission. Defaults to SCOPE_PERSISTENT.
* @param {Browser} browser (optional)
* The browser object to set temporary permissions on.
* This needs to be provided if the scope is SCOPE_TEMPORARY!
*/
setForPrincipal(principal, permissionID, state, scope = this.SCOPE_PERSISTENT, browser = null) {
if (scope == this.SCOPE_GLOBAL && state == this.BLOCK) {
GloballyBlockedPermissions.set(browser, permissionID);
browser.dispatchEvent(new browser.ownerGlobal.CustomEvent("PermissionStateChange"));
@ -623,7 +540,7 @@ var SitePermissions = {
// correspond to the classical ALLOW/DENY/PROMPT model, we want to always
// allow the user to add exceptions to their cookie rules without removing them.
if (permissionID != "cookie") {
this.removeFromPrincipal(principal, permissionID, browser);
this.remove(uri, permissionID, browser);
return;
}
}
@ -637,7 +554,7 @@ var SitePermissions = {
// We do not support setting temp ALLOW for security reasons.
// In its current state, this permission could be exploited by subframes
// on the same page. This is because for BLOCK we ignore the request
// principal and only consider the current browser principal, to avoid notification spamming.
// URI and only consider the current browser URI, to avoid notification spamming.
//
// If you ever consider removing this line, you likely want to implement
// a more fine-grained TemporaryPermissions that temporarily blocks for the
@ -654,7 +571,7 @@ var SitePermissions = {
browser.dispatchEvent(new browser.ownerGlobal
.CustomEvent("PermissionStateChange"));
} else if (this.isSupportedPrincipal(principal)) {
} else if (this.isSupportedURI(uri)) {
let perms_scope = Services.perms.EXPIRE_NEVER;
if (scope == this.SCOPE_SESSION) {
perms_scope = Services.perms.EXPIRE_SESSION;
@ -662,12 +579,11 @@ var SitePermissions = {
perms_scope = Services.perms.EXPIRE_POLICY;
}
Services.perms.addFromPrincipal(principal, permissionID, state, perms_scope);
Services.perms.add(uri, permissionID, state, perms_scope);
}
},
/**
* Deprecated! Please use removeFromPrincipal(principal, permissionID, browser).
* Removes the saved state of a particular permission for a given URI and/or browser.
* This method will dispatch a "PermissionStateChange" event on the specified
* browser if a temporary permission was removed.
@ -682,26 +598,8 @@ var SitePermissions = {
remove(uri, permissionID, browser) {
if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI)))
throw new Error("uri parameter should be an nsIURI or a browser parameter is needed");
let principal = uri ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {}) : null;
return this.removeFromPrincipal(principal, permissionID, browser);
},
/**
* Removes the saved state of a particular permission for a given principal and/or browser.
* This method will dispatch a "PermissionStateChange" event on the specified
* browser if a temporary permission was removed.
*
* @param {nsIPrincipal} principal
* The principal to remove the permission for.
* @param {String} permissionID
* The id of the permission.
* @param {Browser} browser (optional)
* The browser object to remove temporary permissions on.
*/
removeFromPrincipal(principal, permissionID, browser) {
if (this.isSupportedPrincipal(principal))
Services.perms.removeFromPrincipal(principal, permissionID);
if (this.isSupportedURI(uri))
Services.perms.remove(uri, permissionID);
// TemporaryPermissions.get() deletes expired permissions automatically,
if (TemporaryPermissions.get(browser, permissionID)) {

58
browser/modules/webrtcUI.jsm
Просмотреть файл

@ -408,14 +408,20 @@ function prompt(aBrowser, aRequest) {
let { audioDevices, videoDevices, sharingScreen, sharingAudio,
requestTypes } = aRequest;
let principal = aBrowser.contentPrincipal;
let uri;
try {
// This fails for principals that serialize to "null", e.g. file URIs.
uri = Services.io.newURI(aRequest.origin);
} catch (e) {
uri = Services.io.newURI(aRequest.documentURI);
}
// If the user has already denied access once in this tab,
// deny again without even showing the notification icon.
if ((audioDevices.length && SitePermissions
.getForPrincipal(principal, "microphone", aBrowser).state == SitePermissions.BLOCK) ||
.get(uri, "microphone", aBrowser).state == SitePermissions.BLOCK) ||
(videoDevices.length && SitePermissions
.getForPrincipal(principal, sharingScreen ? "screen" : "camera", aBrowser).state == SitePermissions.BLOCK)) {
.get(uri, sharingScreen ? "screen" : "camera", aBrowser).state == SitePermissions.BLOCK)) {
denyRequest(aBrowser, aRequest);
return;
}
@ -468,11 +474,11 @@ function prompt(aBrowser, aRequest) {
scope = SitePermissions.SCOPE_PERSISTENT;
}
if (audioDevices.length)
SitePermissions.setForPrincipal(principal, "microphone",
SitePermissions.BLOCK, scope, notification.browser);
SitePermissions.set(uri, "microphone",
SitePermissions.BLOCK, scope, notification.browser);
if (videoDevices.length)
SitePermissions.setForPrincipal(principal, sharingScreen ? "screen" : "camera",
SitePermissions.BLOCK, scope, notification.browser);
SitePermissions.set(uri, sharingScreen ? "screen" : "camera",
SitePermissions.BLOCK, scope, notification.browser);
},
},
];
@ -480,7 +486,7 @@ function prompt(aBrowser, aRequest) {
let productName = gBrandBundle.GetStringFromName("brandShortName");
let options = {
name: getHostOrExtensionName(principal.URI),
name: getHostOrExtensionName(uri),
persistent: true,
hideClose: true,
eventCallback(aTopic, aNewBrowser) {
@ -516,15 +522,15 @@ function prompt(aBrowser, aRequest) {
// to avoid granting permissions automatically to background tabs.
if (aRequest.secure) {
let micAllowed =
SitePermissions.getForPrincipal(principal, "microphone").state == SitePermissions.ALLOW;
SitePermissions.get(uri, "microphone").state == SitePermissions.ALLOW;
let camAllowed =
SitePermissions.getForPrincipal(principal, "camera").state == SitePermissions.ALLOW;
SitePermissions.get(uri, "camera").state == SitePermissions.ALLOW;
let perms = Services.perms;
let mediaManagerPerm =
perms.testExactPermissionFromPrincipal(principal, "MediaManagerVideo");
perms.testExactPermission(uri, "MediaManagerVideo");
if (mediaManagerPerm) {
perms.removeFromPrincipal(principal, "MediaManagerVideo");
perms.remove(uri, "MediaManagerVideo");
}
// Screen sharing shouldn't follow the camera permissions.
@ -558,9 +564,9 @@ function prompt(aBrowser, aRequest) {
let allowedDevices = [];
if (videoDevices.length) {
allowedDevices.push((activeCamera || videoDevices[0]).deviceIndex);
Services.perms.addFromPrincipal(principal, "MediaManagerVideo",
Services.perms.ALLOW_ACTION,
Services.perms.EXPIRE_SESSION);
Services.perms.add(uri, "MediaManagerVideo",
Services.perms.ALLOW_ACTION,
Services.perms.EXPIRE_SESSION);
}
if (audioDevices.length) {
allowedDevices.push((activeMic || audioDevices[0]).deviceIndex);
@ -571,8 +577,8 @@ function prompt(aBrowser, aRequest) {
// other way for the stop sharing code to know the hostnames of frames
// using devices until bug 1066082 is fixed.
let browser = this.browser;
browser._devicePermissionPrincipals = browser._devicePermissionPrincipals || [];
browser._devicePermissionPrincipals.push(principal);
browser._devicePermissionURIs = browser._devicePermissionURIs || [];
browser._devicePermissionURIs.push(uri);
let camNeeded = videoDevices.length > 0;
let micNeeded = audioDevices.length > 0;
@ -733,9 +739,9 @@ function prompt(aBrowser, aRequest) {
}
let perms = Services.perms;
let chromePrincipal = Services.scriptSecurityManager.getSystemPrincipal();
perms.addFromPrincipal(chromePrincipal, "MediaManagerVideo", perms.ALLOW_ACTION,
perms.EXPIRE_SESSION);
let chromeUri = Services.io.newURI(doc.documentURI);
perms.add(chromeUri, "MediaManagerVideo", perms.ALLOW_ACTION,
perms.EXPIRE_SESSION);
video.deviceId = deviceId;
let constraints = { video: { mediaSource: type, deviceId: {exact: deviceId } } };
@ -810,8 +816,8 @@ function prompt(aBrowser, aRequest) {
allowedDevices.push(videoDeviceIndex);
// Session permission will be removed after use
// (it's really one-shot, not for the entire session)
perms.addFromPrincipal(principal, "MediaManagerVideo", perms.ALLOW_ACTION,
perms.EXPIRE_SESSION);
perms.add(uri, "MediaManagerVideo", perms.ALLOW_ACTION,
perms.EXPIRE_SESSION);
if (!webrtcUI.activePerms.has(aBrowser.outerWindowID)) {
webrtcUI.activePerms.set(aBrowser.outerWindowID, new Set());
}
@ -824,7 +830,7 @@ function prompt(aBrowser, aRequest) {
}
}
if (remember)
SitePermissions.setForPrincipal(principal, "camera", SitePermissions.ALLOW);
SitePermissions.set(uri, "camera", SitePermissions.ALLOW);
}
}
if (audioDevices.length) {
@ -845,7 +851,7 @@ function prompt(aBrowser, aRequest) {
}
}
if (remember)
SitePermissions.setForPrincipal(principal, "microphone", SitePermissions.ALLOW);
SitePermissions.set(uri, "microphone", SitePermissions.ALLOW);
}
} else {
// Only one device possible for audio capture.
@ -861,8 +867,8 @@ function prompt(aBrowser, aRequest) {
if (remember) {
// Remember on which URIs we set persistent permissions so that we
// can remove them if the user clicks 'Stop Sharing'.
aBrowser._devicePermissionPrincipals = aBrowser._devicePermissionPrincipals || [];
aBrowser._devicePermissionPrincipals.push(principal);
aBrowser._devicePermissionURIs = aBrowser._devicePermissionURIs || [];
aBrowser._devicePermissionURIs.push(uri);
}
let camNeeded = videoDevices.length > 0;

12
dom/canvas/CanvasUtils.cpp
Просмотреть файл

@ -124,8 +124,8 @@ bool IsImageExtractionAllowed(Document* aDocument, JSContext* aCx,
// Check if the site has permission to extract canvas data.
// Either permit or block extraction if a stored permission setting exists.
uint32_t permission;
rv = permissionManager->TestPermissionFromPrincipal(
principal, PERMISSION_CANVAS_EXTRACT_DATA, &permission);
rv = permissionManager->TestPermission(
topLevelDocURI, PERMISSION_CANVAS_EXTRACT_DATA, &permission);
NS_ENSURE_SUCCESS(rv, false);
switch (permission) {
case nsIPermissionManager::ALLOW_ACTION:
@ -167,14 +167,10 @@ bool IsImageExtractionAllowed(Document* aDocument, JSContext* aCx,
// Prompt the user (asynchronous).
nsPIDOMWindowOuter* win = aDocument->GetWindow();
nsAutoCString origin;
rv = principal->GetOrigin(origin);
NS_ENSURE_SUCCESS(rv, false);
if (XRE_IsContentProcess()) {
BrowserChild* browserChild = BrowserChild::GetFrom(win);
if (browserChild) {
browserChild->SendShowCanvasPermissionPrompt(origin,
browserChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec,
isAutoBlockCanvas);
}
} else {
@ -184,7 +180,7 @@ bool IsImageExtractionAllowed(Document* aDocument, JSContext* aCx,
isAutoBlockCanvas
? TOPIC_CANVAS_PERMISSIONS_PROMPT_HIDE_DOORHANGER
: TOPIC_CANVAS_PERMISSIONS_PROMPT,
NS_ConvertUTF8toUTF16(origin).get());
NS_ConvertUTF8toUTF16(topLevelDocURISpec).get());
}
}

4
dom/ipc/BrowserParent.cpp
Просмотреть файл

@ -3738,7 +3738,7 @@ mozilla::ipc::IPCResult BrowserParent::RecvLookUpDictionary(
}
mozilla::ipc::IPCResult BrowserParent::RecvShowCanvasPermissionPrompt(
const nsCString& aOrigin, const bool& aHideDoorHanger) {
const nsCString& aFirstPartyURI, const bool& aHideDoorHanger) {
nsCOMPtr<nsIBrowser> browser =
mFrameElement ? mFrameElement->AsBrowser() : nullptr;
if (!browser) {
@ -3754,7 +3754,7 @@ mozilla::ipc::IPCResult BrowserParent::RecvShowCanvasPermissionPrompt(
browser,
aHideDoorHanger ? "canvas-permissions-prompt-hide-doorhanger"
: "canvas-permissions-prompt",
NS_ConvertUTF8toUTF16(aOrigin).get());
NS_ConvertUTF8toUTF16(aFirstPartyURI).get());
if (NS_FAILED(rv)) {
return IPC_FAIL_NO_REASON(this);
}

2
dom/ipc/BrowserParent.h
Просмотреть файл

@ -710,7 +710,7 @@ class BrowserParent final : public PBrowserParent,
const int32_t& aCy);
mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(
const nsCString& aOrigin, const bool& aHideDoorHanger);
const nsCString& aFirstPartyURI, const bool& aHideDoorHanger);
mozilla::ipc::IPCResult RecvSetSystemFont(const nsCString& aFontName);
mozilla::ipc::IPCResult RecvGetSystemFont(nsCString* aFontName);

4
dom/ipc/PBrowser.ipdl
Просмотреть файл

@ -620,9 +620,9 @@ parent:
* This function is used to notify the parent that it should display a
* canvas permission prompt.
*
* @param aOrigin origin string of the document that is requesting access.
* @param aFirstPartyURI first party of the tab that is requesting access.
*/
async ShowCanvasPermissionPrompt(nsCString aOrigin,
async ShowCanvasPermissionPrompt(nsCString aFirstPartyURI,
bool aHideDoorHanger);
sync SetSystemFont(nsCString aFontName);

3
extensions/permissions/nsPermission.cpp
Просмотреть файл

@ -31,7 +31,8 @@ already_AddRefed<nsIPrincipal> nsPermission::ClonePrincipalForPermission(
MOZ_ASSERT(aPrincipal);
mozilla::OriginAttributes attrs = aPrincipal->OriginAttributesRef();
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID |
mozilla::OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
nsAutoCString originNoSuffix;
nsresult rv = aPrincipal->GetOriginNoSuffix(originNoSuffix);

3
extensions/permissions/nsPermission.h
Просмотреть файл

@ -23,7 +23,8 @@ class nsPermission : public nsIPermission {
uint32_t aExpireType, int64_t aExpireTime, int64_t aModificationTime);
// This method creates a new nsIPrincipal with a stripped OriginAttributes (no
// userContextId) and a codebase equal to the origin of 'aPrincipal'.
// userContextId, and no FirstPartyDomain) and a codebase equal to the origin
// of 'aPrincipal'.
static already_AddRefed<nsIPrincipal> ClonePrincipalForPermission(
nsIPrincipal* aPrincipal);

20
extensions/permissions/nsPermissionManager.cpp
Просмотреть файл

@ -163,8 +163,9 @@ nsresult GetOriginFromPrincipal(nsIPrincipal* aPrincipal, nsACString& aOrigin) {
// changes the suffix being hashed.
attrs.mPrivateBrowsingId = 0;
// Disable userContext for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
// Disable userContext and firstParty isolation for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID |
mozilla::OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
attrs.CreateSuffix(suffix);
aOrigin.Append(suffix);
@ -184,8 +185,9 @@ nsresult GetPrincipalFromOrigin(const nsACString& aOrigin,
// changes the suffix being hashed.
attrs.mPrivateBrowsingId = 0;
// Disable userContext for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
// Disable userContext and firstParty isolation for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID |
mozilla::OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
@ -276,8 +278,9 @@ already_AddRefed<nsIPrincipal> GetNextSubDomainPrincipal(
// Copy the attributes over
mozilla::OriginAttributes attrs = aPrincipal->OriginAttributesRef();
// Disable userContext for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
// Disable userContext and firstParty isolation for permissions.
attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID |
mozilla::OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);
@ -3278,8 +3281,9 @@ void nsPermissionManager::GetKeyForOrigin(const nsACString& aOrigin,
// changes the suffix being hashed.
attrs.mPrivateBrowsingId = 0;
// Disable userContext for permissions.
attrs.StripAttributes(OriginAttributes::STRIP_USER_CONTEXT_ID);
// Disable userContext and firstParty isolation for permissions.
attrs.StripAttributes(OriginAttributes::STRIP_USER_CONTEXT_ID |
OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
#ifdef DEBUG
// Parse the origin string into a principal, and extract some useful

32
extensions/permissions/test/unit/test_permmanager_defaults.js
Просмотреть файл

@ -97,13 +97,12 @@ add_task(async function do_test() {
pm.testPermissionFromPrincipal(principal3, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal4, TEST_PERMISSION));
// make sure principals with userContextId use the same permissions
// make sure principals with userContextId or firstPartyDomain use the same permissions
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal6, TEST_PERMISSION));
// make sure principals with a firstPartyDomain use different permissions
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal7, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal8, TEST_PERMISSION));
// Asking for this permission to be removed should result in that permission
@ -114,6 +113,10 @@ add_task(async function do_test() {
// make sure principals with userContextId or firstPartyDomain use the same permissions
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
pm.testPermissionFromPrincipal(principal6, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
pm.testPermissionFromPrincipal(principal7, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
pm.testPermissionFromPrincipal(principal8, TEST_PERMISSION));
// and we should have this UNKNOWN_ACTION reflected in the DB
await checkCapabilityViaDB(Ci.nsIPermissionManager.UNKNOWN_ACTION);
// but the permission should *not* appear in the enumerator.
@ -124,13 +127,12 @@ add_task(async function do_test() {
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal, TEST_PERMISSION));
// make sure principals with userContextId use the same permissions
// make sure principals with userContextId or firstPartyDomain use the same permissions
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal6, TEST_PERMISSION));
// make sure principals with firstPartyDomain use different permissions
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal7, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION,
pm.testPermissionFromPrincipal(principal8, TEST_PERMISSION));
// and allow it to again be seen in the enumerator.
Assert.equal(Ci.nsIPermissionManager.ALLOW_ACTION, findCapabilityViaEnum());
@ -141,13 +143,12 @@ add_task(async function do_test() {
// it should be reflected in a permission check, in the enumerator and the DB
Assert.equal(Ci.nsIPermissionManager.DENY_ACTION,
pm.testPermissionFromPrincipal(principal, TEST_PERMISSION));
// make sure principals with userContextId use the same permissions
// make sure principals with userContextId or firstPartyDomain use the same permissions
Assert.equal(Ci.nsIPermissionManager.DENY_ACTION,
pm.testPermissionFromPrincipal(principal6, TEST_PERMISSION));
// make sure principals with firstPartyDomain use different permissions
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.DENY_ACTION,
pm.testPermissionFromPrincipal(principal7, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.DENY_ACTION,
pm.testPermissionFromPrincipal(principal8, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.DENY_ACTION, findCapabilityViaEnum());
await checkCapabilityViaDB(Ci.nsIPermissionManager.DENY_ACTION);
@ -159,13 +160,12 @@ add_task(async function do_test() {
// it should be reflected in a permission check, in the enumerator and the DB
Assert.equal(Ci.nsIPermissionManager.PROMPT_ACTION,
pm.testPermissionFromPrincipal(principal, TEST_PERMISSION));
// make sure principals with userContextId use the same permissions
// make sure principals with userContextId or firstPartyDomain use the same permissions
Assert.equal(Ci.nsIPermissionManager.PROMPT_ACTION,
pm.testPermissionFromPrincipal(principal6, TEST_PERMISSION));
// make sure principals with firstPartyDomain use different permissions
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.PROMPT_ACTION,
pm.testPermissionFromPrincipal(principal7, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.UNKNOWN_ACTION,
Assert.equal(Ci.nsIPermissionManager.PROMPT_ACTION,
pm.testPermissionFromPrincipal(principal8, TEST_PERMISSION));
Assert.equal(Ci.nsIPermissionManager.PROMPT_ACTION, findCapabilityViaEnum());
await checkCapabilityViaDB(Ci.nsIPermissionManager.PROMPT_ACTION);

18
extensions/permissions/test/unit/test_permmanager_matches.js
Просмотреть файл

@ -78,12 +78,12 @@ function run_test() {
pm.addFromPrincipal(uri0_cnn, "test/matches", pm.ALLOW_ACTION);
let perm_cnn = pm.getPermissionObject(uri0_n, "test/matches", true);
matches_always(perm_n, [uri0_n, uri0_1]);
matches_weak(perm_n, [uri1_n, uri1_1]);
matches_always(perm_n, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_n, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_n, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_y_, [uri0_y_]);
matches_weak(perm_y_, [uri1_y_]);
@ -92,19 +92,19 @@ function run_test() {
uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_1, [uri0_n, uri0_1]);
matches_weak(perm_1, [uri1_n, uri1_1]);
matches_always(perm_1, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_1, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_1, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_cnn, [uri0_n, uri0_1]);
matches_weak(perm_cnn, [uri1_n, uri1_1]);
matches_always(perm_cnn, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_cnn, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_cnn, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
// Clean up!
pm.removeAll();

7
mobile/android/chrome/content/OfflineApps.js
Просмотреть файл

@ -9,11 +9,10 @@ var OfflineApps = {
return;
let tab = BrowserApp.getTabForWindow(aContentWindow);
let principal = aContentWindow.document.nodePrincipal;
let currentURI = aContentWindow.document.documentURIObject;
// Don't bother showing UI if the user has already made a decision
if (Services.perms.testExactPermissionFromPrincipal(principal, "offline-app") != Services.perms.UNKNOWN_ACTION)
if (Services.perms.testExactPermission(currentURI, "offline-app") != Services.perms.UNKNOWN_ACTION)
return;
try {
@ -51,7 +50,7 @@ var OfflineApps = {
},
allowSite: function(aDocument) {
Services.perms.addFromPrincipal(aDocument.nodePrincipal, "offline-app", Services.perms.ALLOW_ACTION);
Services.perms.add(aDocument.documentURIObject, "offline-app", Services.perms.ALLOW_ACTION);
// When a site is enabled while loading, manifest resources will
// start fetching immediately. This one time we need to do it
@ -60,7 +59,7 @@ var OfflineApps = {
},
disallowSite: function(aDocument) {
Services.perms.addFromPrincipal(aDocument.nodePrincipal, "offline-app", Services.perms.DENY_ACTION);
Services.perms.add(aDocument.documentURIObject, "offline-app", Services.perms.DENY_ACTION);
},
_startFetching: function(aDocument) {

16
mobile/android/chrome/content/PermissionsHelper.js
Просмотреть файл

@ -50,7 +50,7 @@ var PermissionsHelper = {
},
onEvent: function onEvent(event, data, callback) {
let principal = BrowserApp.selectedBrowser.contentPrincipal;
let uri = BrowserApp.selectedBrowser.currentURI;
let check = false;
switch (event) {
@ -62,7 +62,7 @@ var PermissionsHelper = {
let permissions = [];
for (let i = 0; i < this._permissonTypes.length; i++) {
let type = this._permissonTypes[i];
let value = this.getPermission(principal, type);
let value = this.getPermission(uri, type);
// Only add the permission if it was set by the user
if (value == Services.perms.UNKNOWN_ACTION)
@ -132,7 +132,7 @@ var PermissionsHelper = {
*
* @return A permission value defined in nsIPermissionManager.
*/
getPermission: function getPermission(aPrincipal, aType) {
getPermission: function getPermission(aURI, aType) {
// Password saving isn't a nsIPermissionManager permission type, so handle
// it seperately.
if (aType == "password") {
@ -148,11 +148,11 @@ var PermissionsHelper = {
return Services.perms.UNKNOWN_ACTION;
}
// Geolocation consumers use testExactPermissionForPrincipal
// Geolocation consumers use testExactPermission
if (aType == "geolocation")
return Services.perms.testExactPermissionForPrincipal(aPrincipal, aType);
return Services.perms.testExactPermission(aURI, aType);
return Services.perms.testPermissionForPrincipal(aPrincipal, aType);
return Services.perms.testPermission(aURI, aType);
},
/**
@ -162,7 +162,7 @@ var PermissionsHelper = {
* The permission type string stored in permission manager.
* e.g. "geolocation", "indexedDB", "popup"
*/
clearPermission: function clearPermission(aPrincipal, aType, aContext) {
clearPermission: function clearPermission(aURI, aType, aContext) {
// Password saving isn't a nsIPermissionManager permission type, so handle
// it seperately.
if (aType == "password") {
@ -174,7 +174,7 @@ var PermissionsHelper = {
// Re-set login saving to enabled
Services.logins.setLoginSavingEnabled(aURI.displayPrePath, true);
} else {
Services.perms.removeFromPrincipal(aPrincipal, aType);
Services.perms.remove(aURI, aType);
// Clear content prefs set in ContentPermissionPrompt.js
Cc["@mozilla.org/content-pref/service;1"]
.getService(Ci.nsIContentPrefService2)

10
mobile/android/chrome/content/browser.js
Просмотреть файл

@ -1898,7 +1898,7 @@ var BrowserApp = {
if (PrivateBrowsingUtils.isBrowserPrivate(browser)) {
PrivateBrowsingUtils.addToTrackingAllowlist(normalizedUrl);
} else {
Services.perms.addFromPrincipal(browser.contentPrincipal, "trackingprotection", Services.perms.ALLOW_ACTION);
Services.perms.add(normalizedUrl, "trackingprotection", Services.perms.ALLOW_ACTION);
Telemetry.addData("TRACKING_PROTECTION_EVENTS", 1);
}
} else {
@ -1909,7 +1909,7 @@ var BrowserApp = {
if (PrivateBrowsingUtils.isBrowserPrivate(browser)) {
PrivateBrowsingUtils.removeFromTrackingAllowlist(normalizedUrl);
} else {
Services.perms.removeFromPrincipal(browser.contentPrincipal, "trackingprotection");
Services.perms.remove(normalizedUrl, "trackingprotection");
Telemetry.addData("TRACKING_PROTECTION_EVENTS", 2);
}
}
@ -5347,7 +5347,7 @@ var PopupBlockerObserver = {
if (!browser.blockedPopups)
return;
let result = Services.perms.testExactPermissionFromPrincipal(BrowserApp.selectedBrowser.contentPrincipal, "popup");
let result = Services.perms.testExactPermission(BrowserApp.selectedBrowser.currentURI, "popup");
if (result == Ci.nsIPermissionManager.DENY_ACTION)
return;
@ -5395,8 +5395,8 @@ var PopupBlockerObserver = {
},
allowPopupsForSite: function allowPopupsForSite(aAllow) {
let principal = BrowserApp.selectedBrowser.contentPrincipal;
Services.perms.addFromPrincipal(principal, "popup", aAllow
let currentURI = BrowserApp.selectedBrowser.currentURI;
Services.perms.add(currentURI, "popup", aAllow
? Ci.nsIPermissionManager.ALLOW_ACTION
: Ci.nsIPermissionManager.DENY_ACTION);
dump("Allowing popups for: " + currentURI);

13
mobile/android/components/geckoview/GeckoViewPermission.js
Просмотреть файл

@ -49,19 +49,18 @@ GeckoViewPermission.prototype = {
receiveMessage(aMsg) {
switch (aMsg.name) {
case "GeckoView:AddCameraPermission": {
let principal;
let uri;
try {
// This fails for principals that serialize to "null", e.g. file URIs.
principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(aMsg.data.origin);
uri = Services.io.newURI(aMsg.data.origin);
} catch (e) {
principal = Services.scriptSecurityManager.createCodebasePrincipal(
Services.io.newURI(aMsg.data.documentURI), {});
uri = Services.io.newURI(aMsg.data.documentURI);
}
// Although the lifetime is "session" it will be removed upon
// use so it's more of a one-shot.
Services.perms.addFromPrincipal(principal, "MediaManagerVideo",
Services.perms.ALLOW_ACTION,
Services.perms.EXPIRE_SESSION);
Services.perms.add(uri, "MediaManagerVideo",
Services.perms.ALLOW_ACTION,
Services.perms.EXPIRE_SESSION);
break;
}
}

10
mobile/android/modules/WebrtcUI.jsm
Просмотреть файл

@ -161,7 +161,7 @@ var WebrtcUI = {
aSubject.callID);
},
getDeviceButtons: function(audioDevices, videoDevices, aCallID, aPrincipal) {
getDeviceButtons: function(audioDevices, videoDevices, aCallID, aUri) {
return [{
label: Strings.browser.GetStringFromName("getUserMedia.denyRequest.label"),
callback: function() {
@ -187,7 +187,7 @@ var WebrtcUI = {
let perms = Services.perms;
// Although the lifetime is "session" it will be removed upon
// use so it's more of a one-shot.
perms.addFromPrincipal(aPrincipal, "MediaManagerVideo", perms.ALLOW_ACTION, perms.EXPIRE_SESSION);
perms.add(aUri, "MediaManagerVideo", perms.ALLOW_ACTION, perms.EXPIRE_SESSION);
}
Services.obs.notifyObservers(allowedDevices, "getUserMedia:response:allow", aCallID);
@ -315,8 +315,8 @@ var WebrtcUI = {
return;
let chromeWin = this.getChromeWindow(aContentWindow);
let principal = aContentWindow.document.nodePrincipal;
let host = principal.URI.host;
let uri = aContentWindow.document.documentURIObject;
let host = uri.host;
let requestor = (chromeWin.BrowserApp && chromeWin.BrowserApp.manifest) ?
"'" + chromeWin.BrowserApp.manifest.name + "'" : host;
let message = Strings.browser.formatStringFromName("getUserMedia.share" + requestType + ".message", [ requestor ], 1);
@ -331,7 +331,7 @@ var WebrtcUI = {
this._addDevicesToOptions(audioDevices, "audioDevice", options);
}
let buttons = this.getDeviceButtons(audioDevices, videoDevices, aCallID, principal);
let buttons = this.getDeviceButtons(audioDevices, videoDevices, aCallID, uri);
DoorHanger.show(aContentWindow, message, "webrtc-request", buttons, options, "WEBRTC");
},