Bug 1591736 - Fix AddonManagerWebAPI::IsAPIEnabled in out-of-process iframes r=mixedpuppy

Differential Revision: https://phabricator.services.mozilla.com/D50713

--HG--
extra : moz-landing-system : lando

toolkit/mozapps/extensions/AddonManagerWebAPI.cpp

@@ -108,17 +108,20 @@ bool AddonManagerWebAPI::IsAPIEnabled(JSContext* aCx, JSObject* aGlobal) {
     }
 
     // Checks whether there is a parent frame of the same type. This won't cross
-    // mozbrowser or chrome boundaries.
+    // mozbrowser or chrome or fission/process boundaries.
     nsCOMPtr<nsIDocShellTreeItem> parent;
     nsresult rv = docShell->GetInProcessSameTypeParent(getter_AddRefs(parent));
     if (NS_FAILED(rv)) {
       return false;
     }
 
+    // No parent means we've hit a mozbrowser or chrome or process boundary.
     if (!parent) {
-      // No parent means we've hit a mozbrowser or chrome boundary so allow
-      // access to the API.
-      return true;
+      // With Fission, a cross-origin iframe has an out-of-process parent, but
+      // DocShell knows nothing about it. We need to ask BrowsingContext here,
+      // and only allow API access if AMO is actually at the top, not framed
+      // by evilleagueofevil.com.
+      return docShell->GetBrowsingContext()->IsTopContent();
     }
 
     Document* doc = win->GetDoc();

toolkit/mozapps/extensions/test/browser/browser.ini

@@ -108,12 +108,9 @@ skip-if = verify
 support-files =
   head_abuse_report.js
 [browser_webapi_access.js]
-skip-if = fission
 [browser_webapi_addon_listener.js]
-skip-if = fission
 [browser_webapi_enable.js]
 [browser_webapi_install.js]
-skip-if = fission && debug
 [browser_webapi_install_disabled.js]
 [browser_webapi_theme.js]
 [browser_webapi_uninstall.js]

toolkit/mozapps/extensions/test/browser/browser_webapi_access.js

@@ -7,17 +7,11 @@ registerCleanupFunction(() => {
 });
 
 function check_frame_availability(browser) {
-  return ContentTask.spawn(browser, null, async function() {
-    let frame = content.document.getElementById("frame");
-    return (
-      frame.contentWindow.document.getElementById("result").textContent ==
-      "true"
-    );
-  });
+  return check_availability(browser.browsingContext.getChildren()[0]);
 }
 
 function check_availability(browser) {
-  return ContentTask.spawn(browser, null, async function() {
+  return SpecialPowers.spawn(browser, [], async function() {
     return content.document.getElementById("result").textContent == "true";
   });
 }

toolkit/mozapps/extensions/test/xpinstall/browser.ini

@@ -81,6 +81,5 @@ skip-if = require_signing
 [browser_unsigned_trigger_iframe.js]
 skip-if = require_signing
 [browser_unsigned_trigger_xorigin.js]
-skip-if = fission
 [browser_unsigned_url.js]
 skip-if = require_signing