Bug 1617789 - Set content process Document pointer without relying on LoadInfo. r=nika

We currently extract Document pointers from the old LoadInfo, and attach them to the new one, such that they aren't lost during serialization. This moves us to setting them more directly from their original source, since the old LoadInfo is no longer reliable (and was only configured fully in the parent process). Differential Revision: https://phabricator.services.mozilla.com/D64249 --HG-- extra : moz-landing-system : lando
2020-03-01 01:27:34 +00:00 · 2020-03-01 01:27:34 +00:00 · bfc858f40f
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@ -27,11 +27,13 @@
 #include "URIUtils.h"
 #include "mozilla/dom/nsCSPUtils.h"
 #include "mozilla/dom/nsCSPContext.h"
+#include "mozilla/dom/BrowsingContext.h"

 namespace mozilla {

 using mozilla::BasePrincipal;
 using mozilla::Maybe;
+using mozilla::dom::BrowsingContext;
 using mozilla::dom::ServiceWorkerDescriptor;
 using namespace mozilla::net;

@ -587,16 +589,15 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs,
    nsILoadInfo** outLoadInfo) {
-  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, nullptr,
-                                outLoadInfo);
+  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, outLoadInfo);
 }
 nsresult LoadInfoArgsToLoadInfo(
-    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, nsINode* aLoadingContext,
+    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs,
    nsINode* aCspToInheritLoadingContext, nsILoadInfo** outLoadInfo) {
  RefPtr<LoadInfo> loadInfo;
-  nsresult rv = LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, aLoadingContext,
-                                       aCspToInheritLoadingContext,
-                                       getter_AddRefs(loadInfo));
+  nsresult rv =
+      LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, aCspToInheritLoadingContext,
+                             getter_AddRefs(loadInfo));
  NS_ENSURE_SUCCESS(rv, rv);

  loadInfo.forget(outLoadInfo);
@ -605,11 +606,10 @@ nsresult LoadInfoArgsToLoadInfo(

 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, LoadInfo** outLoadInfo) {
-  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, nullptr,
-                                outLoadInfo);
+  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, outLoadInfo);
 }
 nsresult LoadInfoArgsToLoadInfo(
-    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, nsINode* aLoadingContext,
+    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs,
    nsINode* aCspToInheritLoadingContext, LoadInfo** outLoadInfo) {
  if (aOptionalLoadInfoArgs.isNothing()) {
    *outLoadInfo = nullptr;
@ -735,6 +735,16 @@ nsresult LoadInfoArgsToLoadInfo(
    cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), doc);
  }

+  // Restore the loadingContext for frames using the BrowsingContext's
+  // embedder element. Note that this only works if the embedder is
+  // same-process, so won't be fission compatible.
+  nsCOMPtr<nsINode> loadingContext;
+  RefPtr<BrowsingContext> frameBrowsingContext =
+      BrowsingContext::Get(loadInfoArgs.frameBrowsingContextID());
+  if (frameBrowsingContext) {
+    loadingContext = frameBrowsingContext->GetEmbedderElement();
+  }
+
  RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(
      loadingPrincipal, triggeringPrincipal, principalToInherit,
      sandboxedLoadingPrincipal, topLevelPrincipal,
@ -767,7 +777,7 @@ nsresult LoadInfoArgsToLoadInfo(
      loadInfoArgs.documentHasLoaded(),
      loadInfoArgs.allowListFutureDocumentsCreatedFromThisRedirectChain(),
      loadInfoArgs.cspNonce(), loadInfoArgs.skipContentSniffing(),
-      loadInfoArgs.requestBlockingReason(), aLoadingContext);
+      loadInfoArgs.requestBlockingReason(), loadingContext);

  if (loadInfoArgs.isFromProcessingFrameAttributes()) {
    loadInfo->SetIsFromProcessingFrameAttributes();
--- a/ipc/glue/BackgroundUtils.h
+++ b/ipc/glue/BackgroundUtils.h
@ -136,15 +136,13 @@ nsresult LoadInfoArgsToLoadInfo(
    nsILoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<mozilla::net::LoadInfoArgs>& aOptionalLoadInfoArgs,
-    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
-    nsILoadInfo** outLoadInfo);
+    nsINode* aCspToInheritLoadingContext, nsILoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<net::LoadInfoArgs>& aOptionalLoadInfoArgs,
    mozilla::net::LoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<net::LoadInfoArgs>& aOptionalLoadInfoArgs,
-    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
-    mozilla::net::LoadInfo** outLoadInfo);
+    nsINode* aCspToInheritLoadingContext, mozilla::net::LoadInfo** outLoadInfo);

 /**
 * Fills ParentLoadInfoForwarderArgs with properties we want to carry to child
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@ -40,8 +40,7 @@ namespace ipc {
 // we have to forward declare that function so we can use it as a friend.
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
-    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
-    net::LoadInfo** outLoadInfo);
+    nsINode* aCspToInheritLoadingContext, net::LoadInfo** outLoadInfo);
 }  // namespace ipc

 namespace net {
@ -167,8 +166,7 @@ class LoadInfo final : public nsILoadInfo {

  friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
      const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
-      nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
-      net::LoadInfo** outLoadInfo);
+      nsINode* aCspToInheritLoadingContext, net::LoadInfo** outLoadInfo);

  ~LoadInfo() = default;

--- a/netwerk/ipc/DocumentChannelChild.cpp
+++ b/netwerk/ipc/DocumentChannelChild.cpp
@ -220,20 +220,22 @@ IPCResult DocumentChannelChild::RecvRedirectToRealChannel(
  LOG(("DocumentChannelChild RecvRedirectToRealChannel [this=%p, uri=%s]", this,
       aArgs.uri()->GetSpecOrDefault().get()));

-  RefPtr<dom::Document> loadingDocument;
-  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
-
+  // The document that created the cspToInherit.
+  // This is used when deserializing LoadInfo from the parent
+  // process, since we can't serialize Documents directly.
+  // TODO: For a fission OOP iframe this will be unavailable,
+  // as will the loadingContext computed in LoadInfoArgsToLoadInfo.
+  // Figure out if we need these for cross-origin subdocs.
  RefPtr<dom::Document> cspToInheritLoadingDocument;
-  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadInfo->GetCspToInherit();
+  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadState->Csp();
  if (policy) {
    nsWeakPtr ctx =
        static_cast<nsCSPContext*>(policy.get())->GetLoadingContext();
    cspToInheritLoadingDocument = do_QueryReferent(ctx);
  }
  nsCOMPtr<nsILoadInfo> loadInfo;
-  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(aArgs.loadInfo(), loadingDocument,
-                                             cspToInheritLoadingDocument,
-                                             getter_AddRefs(loadInfo)));
+  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(
+      aArgs.loadInfo(), cspToInheritLoadingDocument, getter_AddRefs(loadInfo)));

  mLastVisitInfo = std::move(aArgs.lastVisitInfo());
  mRedirects = std::move(aArgs.redirects());
@ -397,25 +399,23 @@ IPCResult DocumentChannelChild::RecvConfirmRedirect(
  // not propagating the redirect into this process, we don't have an nsIChannel
  // for the redirection and we have to do the checks manually.
  // This just checks CSP thus far, hopefully there's not much else needed.
-  RefPtr<dom::Document> loadingDocument;
-  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
  RefPtr<dom::Document> cspToInheritLoadingDocument;
-  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadInfo->GetCspToInherit();
+  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadState->Csp();
  if (policy) {
    nsWeakPtr ctx =
        static_cast<nsCSPContext*>(policy.get())->GetLoadingContext();
    cspToInheritLoadingDocument = do_QueryReferent(ctx);
  }
  nsCOMPtr<nsILoadInfo> loadInfo;
-  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(
-      Some(std::move(aLoadInfo)), loadingDocument, cspToInheritLoadingDocument,
-      getter_AddRefs(loadInfo)));
+  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(Some(std::move(aLoadInfo)),
+                                             cspToInheritLoadingDocument,
+                                             getter_AddRefs(loadInfo)));

  nsCOMPtr<nsIURI> originalUri;
  GetOriginalURI(getter_AddRefs(originalUri));
  Maybe<nsresult> cancelCode;
  nsresult rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri,
-                                                  mLoadInfo, cancelCode);
+                                                  loadInfo, cancelCode);
  aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(rv, cancelCode));
  return IPC_OK();
 }