Bug 1558299 - Add a pref to treat File: URLs as unique origins, r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D36920 --HG-- extra : moz-landing-system : lando
2019-07-05 09:16:06 +00:00 · 2019-07-05 09:16:06 +00:00 · ac791bf6a1
--- a/dom/workers/test/browser_fileURL.js
+++ b/dom/workers/test/browser_fileURL.js
@ -7,6 +7,8 @@ const WORKER_BODY = "postMessage(42);\n";

 // file:// tests.
 add_task(async function() {
+  await SpecialPowers.pushPrefEnv({set: [["privacy.file_unique_origin", false]]});
+
  info("Creating the tmp directory.");
  let parent = Cc["@mozilla.org/file/directory_service;1"]
    .getService(Ci.nsIDirectoryService)
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@ -6858,6 +6858,13 @@ VARCACHE_PREF(
 // Prefs starting with "privacy."
 //---------------------------------------------------------------------------

+VARCACHE_PREF(
+  Live,
+  "privacy.file_unique_origin",
+   privacy_file_unique_origin,
+  bool, true
+)
+
 // Annotate trackers using the strict list. If set to false, the basic list will
 // be used instead.
 #ifdef EARLY_BETA_OR_EARLIER
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@ -2493,33 +2493,35 @@ bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
    return false;
  }

-  //
-  // If the file to be loaded is in a subdirectory of the source
-  // (or same-dir if source is not a directory) then it will
-  // inherit its source principal and be scriptable by that source.
-  //
-  bool sourceIsDir;
-  bool allowed = false;
-  nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
-  if (NS_SUCCEEDED(rv) && sourceIsDir) {
-    rv = sourceFile->Contains(targetFile, &allowed);
-  } else {
-    nsCOMPtr<nsIFile> sourceParent;
-    rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
-    if (NS_SUCCEEDED(rv) && sourceParent) {
-      rv = sourceParent->Equals(targetFile, &allowed);
-      if (NS_FAILED(rv) || !allowed) {
-        rv = sourceParent->Contains(targetFile, &allowed);
-      } else {
-        MOZ_ASSERT(aAllowDirectoryTarget,
-                   "sourceFile->Parent == targetFile, but targetFile "
-                   "should've been disallowed if it is a directory");
+  if (!StaticPrefs::privacy_file_unique_origin()) {
+    //
+    // If the file to be loaded is in a subdirectory of the source
+    // (or same-dir if source is not a directory) then it will
+    // inherit its source principal and be scriptable by that source.
+    //
+    bool sourceIsDir;
+    bool allowed = false;
+    nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
+    if (NS_SUCCEEDED(rv) && sourceIsDir) {
+      rv = sourceFile->Contains(targetFile, &allowed);
+    } else {
+      nsCOMPtr<nsIFile> sourceParent;
+      rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
+      if (NS_SUCCEEDED(rv) && sourceParent) {
+        rv = sourceParent->Equals(targetFile, &allowed);
+        if (NS_FAILED(rv) || !allowed) {
+          rv = sourceParent->Contains(targetFile, &allowed);
+        } else {
+          MOZ_ASSERT(aAllowDirectoryTarget,
+                     "sourceFile->Parent == targetFile, but targetFile "
+                     "should've been disallowed if it is a directory");
+        }
      }
    }
-  }

-  if (NS_SUCCEEDED(rv) && allowed) {
-    return true;
+    if (NS_SUCCEEDED(rv) && allowed) {
+      return true;
+    }
  }

  return false;