Bug 1460685 - Backed out changeset 09ee763947c3 (bug 1352513);r=Gijs

The security.allow_chrome_frames_inside_content pref was added to support
XUL extension compat after the hiddenWindow special case was removed in
Bug 1145470. Since we don't need to support that use-case anymore, this
changeset backs out the change that relanded the special case with the pref.
MozReview-Commit-ID: 4keMEIQvt1Y

--HG--
extra : rebase_source : 1a9c54c9807eaed2645d0ea03b5064ed7472d7a4

caps/nsScriptSecurityManager.cpp

@@ -980,23 +980,6 @@ nsScriptSecurityManager::CheckLoadURIFlags(nsIURI *aSourceURI,
             }
         }
 
-        static bool sCanLoadChromeInContent = false;
-        static bool sCachedCanLoadChromeInContentPref = false;
-        if (!sCachedCanLoadChromeInContentPref) {
-            sCachedCanLoadChromeInContentPref = true;
-            mozilla::Preferences::AddBoolVarCache(&sCanLoadChromeInContent,
-                "security.allow_chrome_frames_inside_content");
-        }
-        if (sCanLoadChromeInContent) {
-            // Special-case the hidden window: it's allowed to load
-            // URI_IS_UI_RESOURCE no matter what.  Bug 1145470 tracks removing this.
-            nsAutoCString sourceSpec;
-            if (NS_SUCCEEDED(aSourceBaseURI->GetSpec(sourceSpec)) &&
-                sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
-                return NS_OK;
-            }
-        }
-
         if (reportErrors) {
             ReportError(nullptr, errorTag, aSourceURI, aTargetURI);
         }

modules/libpref/init/all.js

@@ -2519,10 +2519,6 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);
 
-// If set to true, in some limited circumstances it may be possible to load
-// privileged content in frames inside unprivileged content.
-pref("security.allow_chrome_frames_inside_content", false);
-
 // Services security settings
 pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");
 pref("services.settings.changes.path", "/buckets/monitor/collections/changes/records");