Bug 1547813 - Part 8: Introduce a CookieSettings API to query whether cookies from third-party trackers must be rejected and use it in Gecko; r=baku

Differential Revision: https://phabricator.services.mozilla.com/D30117

--HG--
extra : moz-landing-system : lando

dom/base/Document.cpp

@@ -12196,8 +12196,7 @@ DocumentAutoplayPolicy Document::AutoplayPolicy() const {
 }
 
 void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
-  if (CookieSettings()->GetCookieBehavior() !=
-      nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+  if (!CookieSettings()->GetRejectThirdPartyTrackers()) {
     return;
   }
 
@@ -12734,8 +12733,7 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
   }
 
   // Only enforce third-party checks when there is a reason to enforce them.
-  if (CookieSettings()->GetCookieBehavior() !=
-      nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+  if (!CookieSettings()->GetRejectThirdPartyTrackers()) {
     // Step 3. If the document's frame is the main frame, resolve.
     if (IsTopLevelContentDocument()) {
       promise->MaybeResolveWithUndefined();
@@ -12787,9 +12785,7 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
     return promise.forget();
   }
 
-  if (CookieSettings()->GetCookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER &&
-      inner) {
+  if (CookieSettings()->GetRejectThirdPartyTrackers() && inner) {
     // Only do something special for third-party tracking content.
     if (nsContentUtils::StorageDisabledByAntiTracking(this, nullptr)) {
       // Note: If this has returned true, the top-level document is guaranteed

dom/base/nsGlobalWindowOuter.cpp

@@ -2293,8 +2293,7 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
   mHasStorageAccess = false;
   nsIURI* uri = aDocument->GetDocumentURI();
   if (newInnerWindow &&
-      aDocument->CookieSettings()->GetCookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER &&
+      aDocument->CookieSettings()->GetRejectThirdPartyTrackers() &&
       nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
                                                   uri) &&
       nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {

dom/security/ReferrerInfo.cpp

@@ -18,6 +18,7 @@
 #include "ReferrerInfo.h"
 
 #include "mozilla/AntiTrackingCommon.h"
+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/HttpBaseChannel.h"
 
 static mozilla::LazyLogModule gReferrerInfoLog("ReferrerInfo");
@@ -120,9 +121,18 @@ uint32_t ReferrerInfo::GetDefaultReferrerPolicy(nsIHttpChannel* aChannel,
                                                 bool privateBrowsing) {
   CachePreferrenceValue();
   bool thirdPartyTrackerIsolated = false;
-  if (StaticPrefs::network_cookie_cookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER &&
-      aChannel && aURI) {
+  nsCOMPtr<nsILoadInfo> loadInfo;
+  if (aChannel) {
+    loadInfo = aChannel->LoadInfo();
+  }
+  nsCOMPtr<nsICookieSettings> cs;
+  if (loadInfo) {
+    Unused << loadInfo->GetCookieSettings(getter_AddRefs(cs));
+  }
+  if (!cs) {
+    cs = net::CookieSettings::Create();
+  }
+  if (aChannel && aURI && cs->GetRejectThirdPartyTrackers()) {
     uint32_t rejectedReason = 0;
     thirdPartyTrackerIsolated =
         !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(

dom/workers/RuntimeService.cpp

@@ -2030,8 +2030,7 @@ void RuntimeService::PropagateFirstPartyStorageAccessGranted(
   MOZ_ASSERT(aWindow);
   MOZ_ASSERT_IF(
       aWindow->GetExtantDoc(),
-      aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER);
+      aWindow->GetExtantDoc()->CookieSettings()->GetRejectThirdPartyTrackers());
 
   nsTArray<WorkerPrivate*> workers;
   GetWorkersForWindow(aWindow, workers);
@@ -2431,8 +2430,7 @@ void PropagateFirstPartyStorageAccessGrantedToWorkers(
   AssertIsOnMainThread();
   MOZ_ASSERT_IF(
       aWindow->GetExtantDoc(),
-      aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER);
+      aWindow->GetExtantDoc()->CookieSettings()->GetRejectThirdPartyTrackers());
 
   RuntimeService* runtime = RuntimeService::GetService();
   if (runtime) {

netwerk/cookie/CookieSettings.cpp

@@ -104,6 +104,15 @@ CookieSettings::GetCookieBehavior(uint32_t* aCookieBehavior) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+CookieSettings::GetRejectThirdPartyTrackers(bool* aRejectThirdPartyTrackers) {
+  *aRejectThirdPartyTrackers =
+      mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
+      mCookieBehavior ==
+          nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN;
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 CookieSettings::CookiePermission(nsIPrincipal* aPrincipal,
                                  uint32_t* aCookiePermission) {

netwerk/cookie/nsCookieService.cpp

@@ -4054,8 +4054,7 @@ CookieStatus nsCookieService::CheckPrefs(
   // context, when anti-tracking protection is enabled and when we don't have
   // access to the first-party cookie jar.
   if (aIsForeign && aIsTrackingResource && !aFirstPartyStorageAccessGranted &&
-      aCookieSettings->GetCookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+      aCookieSettings->GetRejectThirdPartyTrackers()) {
     if (StoragePartitioningEnabled(aInputRejectedReason, aCookieSettings)) {
       MOZ_ASSERT(!aOriginAttrs.mFirstPartyDomain.IsEmpty(),
                  "We must have a StoragePrincipal here!");

netwerk/cookie/nsICookieSettings.idl

@@ -21,6 +21,11 @@ interface nsICookieSettings : nsISupports
    */
   [infallible] readonly attribute unsigned long cookieBehavior;
 
+  /**
+   * Whether our cookie behavior mandates rejecting third-party trackers.
+   */
+  [infallible] readonly attribute boolean rejectThirdPartyTrackers;
+
   /**
    * CookiePermission at the loading of the document for a particular
    * principal. It returns the same cookiePermission also in case it changes

netwerk/protocol/http/nsHttpChannel.cpp

@@ -122,6 +122,7 @@
 #include "mozilla/dom/Promise.h"
 #include "mozilla/dom/ServiceWorkerUtils.h"
 #include "mozilla/net/AsyncUrlChannelClassifier.h"
+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/NeckoChannelParams.h"
 #include "mozilla/net/UrlClassifierFeatureFactory.h"
 #include "nsIWebNavigation.h"
@@ -10223,8 +10224,14 @@ nsresult nsHttpChannel::RedirectToInterceptedChannel() {
 }
 
 void nsHttpChannel::ReEvaluateReferrerAfterTrackingStatusIsKnown() {
-  if (StaticPrefs::network_cookie_cookieBehavior() ==
-      nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+  nsCOMPtr<nsICookieSettings> cs;
+  if (mLoadInfo) {
+    Unused << mLoadInfo->GetCookieSettings(getter_AddRefs(cs));
+  }
+  if (!cs) {
+    cs = net::CookieSettings::Create();
+  }
+  if (cs->GetRejectThirdPartyTrackers()) {
     bool isPrivate =
         mLoadInfo && mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
     // If our referrer has been set before, and our referrer policy is unset

toolkit/components/antitracking/AntiTrackingCommon.cpp

@@ -786,12 +786,11 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
     LOG(("Parent window has no doc"));
     return StorageAccessGrantPromise::CreateAndReject(false, __func__);
   }
-  auto cookieBehavior = parentDoc->CookieSettings()->GetCookieBehavior();
-  if (cookieBehavior != nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+  if (!parentDoc->CookieSettings()->GetRejectThirdPartyTrackers()) {
     LOG(
         ("Disabled by network.cookie.cookieBehavior pref (%d), bailing out "
          "early",
-         cookieBehavior));
+         parentDoc->CookieSettings()->GetCookieBehavior()));
     return StorageAccessGrantPromise::CreateAndResolve(true, __func__);
   }
 
@@ -1617,11 +1616,9 @@ bool AntiTrackingCommon::MaybeIsFirstPartyStorageAccessGrantedFor(
     return false;
   }
 
-  auto cookieBehavior = parentDocument->CookieSettings()->GetCookieBehavior();
-  // TODO: Perhaps we need to do something special for
-  // nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN here?
-  if (cookieBehavior != nsICookieService::BEHAVIOR_REJECT_TRACKER) {
-    LOG(("Disabled by the pref (%d), bail out early", cookieBehavior));
+  if (!parentDocument->CookieSettings()->GetRejectThirdPartyTrackers()) {
+    LOG(("Disabled by the pref (%d), bail out early",
+         parentDocument->CookieSettings()->GetCookieBehavior()));
     return true;
   }