Bug 1697151 - Remove permissions.delegation.enabled pref r=pbz

Differential Revision: https://phabricator.services.mozilla.com/D185342
This commit is contained in:
Gregory Pappas 2023-08-11 15:15:54 +00:00
Родитель 3fe473a514
Коммит dd0ad61e60
15 изменённых файлов: 10 добавлений и 77 удалений

Просмотреть файл

@ -392,14 +392,8 @@ function prompt(
Ci.nsIPermissionDelegateHandler
);
const shouldDelegatePermission =
permDelegateHandler.permissionDelegateFPEnabled;
let secondOrigin = undefined;
if (
shouldDelegatePermission &&
permDelegateHandler.maybeUnsafePermissionDelegate(requestTypes)
) {
if (permDelegateHandler.maybeUnsafePermissionDelegate(requestTypes)) {
// We are going to prompt both first party and third party origin.
// SecondOrigin should be third party
secondOrigin = aContentWindow.document.nodePrincipal.origin;
@ -412,7 +406,6 @@ function prompt(
documentURI: aContentWindow.document.documentURI,
secure: aSecure,
isHandlingUserInput: aIsHandlingUserInput,
shouldDelegatePermission,
requestTypes,
sharingScreen,
sharingAudio,

Просмотреть файл

@ -95,9 +95,7 @@ export class WebRTCParent extends JSWindowActorParent {
this.manager.topWindowContext.documentPrincipal.origin;
data.isThirdPartyOrigin = isThirdPartyOrigin;
data.origin = data.shouldDelegatePermission
? this.manager.topWindowContext.documentPrincipal.origin
: this.manager.documentPrincipal.origin;
data.origin = this.manager.topWindowContext.documentPrincipal.origin;
let browser = this.getBrowser();
if (browser.fxrPermissionPrompt) {
@ -397,12 +395,9 @@ export class WebRTCParent extends JSWindowActorParent {
}
// Don't use persistent permissions from the top-level principal
// if we're in a cross-origin iframe and permission delegation is not
// allowed, or when we're handling a potentially insecure third party
// if we're handling a potentially insecure third party
// through a wildcard ("*") allow attribute.
let limited =
(aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) ||
aRequest.secondOrigin;
let limited = aRequest.secondOrigin;
let map = lazy.webrtcUI.activePerms.get(this.manager.outerWindowId);
// We consider a camera or mic active if it is active or was active within a
@ -1221,15 +1216,9 @@ function prompt(aActor, aBrowser, aRequest) {
return false;
}
// Don't offer "always remember" action in third party with no permission
// delegation
if (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) {
return false;
}
// Don't offer "always remember" action in maybe unsafe permission
// delegation
if (aRequest.shouldDelegatePermission && aRequest.secondOrigin) {
if (aRequest.secondOrigin) {
return false;
}

Просмотреть файл

@ -119,7 +119,6 @@ add_setup(async function () {
set: [
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],
["permissions.delegation.enabled", true],
// This is the amount of time before the repeating
// NetworkGeolocationProvider timer is stopped.
// It needs to be less than 5000ms, or the timer will be

Просмотреть файл

@ -13,7 +13,6 @@ add_task(async function testNoPermissionPrompt() {
SpecialPowers.pushPrefEnv(
{
set: [
["permissions.delegation.enabled", true],
["dom.vibrator.enabled", true],
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],

Просмотреть файл

@ -2,10 +2,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
SpecialPowers.pushPrefEnv({
set: [["permissions.delegation.enabled", true]],
});
// This test has been seen timing out locally in non-opt debug builds.
requestLongerTimeout(2);

Просмотреть файл

@ -786,7 +786,6 @@ var gTests = [
add_task(async function test() {
await SpecialPowers.pushPrefEnv({
set: [
["permissions.delegation.enabled", true],
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],
],

Просмотреть файл

@ -239,7 +239,6 @@ var gTests = [
add_task(async function test() {
await SpecialPowers.pushPrefEnv({
set: [
["permissions.delegation.enabled", true],
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],
],

Просмотреть файл

@ -23,9 +23,4 @@ interface nsIPermissionDelegateHandler : nsISupports
* @param aTypes the permission types to check
*/
boolean maybeUnsafePermissionDelegate(in Array<ACString> aTypes);
/*
* Return true if permissions.delegation.enabled is true.
*/
readonly attribute boolean permissionDelegateFPEnabled;
};

Просмотреть файл

@ -706,12 +706,10 @@ static bool HasCameraPermission(const uint64_t& aWindowId) {
return false;
}
// If we delegate permission from first party, we should use the top level
// when we delegate permission from first party, we should use the top level
// window
if (StaticPrefs::permissions_delegation_enabled()) {
RefPtr<dom::BrowsingContext> topBC = window->BrowsingContext()->Top();
window = topBC->Canonical()->GetCurrentWindowGlobal();
}
RefPtr<dom::BrowsingContext> topBC = window->BrowsingContext()->Top();
window = topBC->Canonical()->GetCurrentWindowGlobal();
// Return false if the window is not the currently-active window for its
// BrowsingContext.

Просмотреть файл

@ -21,8 +21,6 @@ add_task(async function test_notifications_permission() {
await SpecialPowers.clearUserPref("notification.prompt.testing");
await SpecialPowers.pushPrefEnv({
set: [
// Set pref to exercise relevant code path for regression test.
["permissions.delegation.enabled", true],
// Automatically dismiss the permission request when it appears.
["dom.webnotifications.requireuserinteraction", true],
],

Просмотреть файл

@ -301,9 +301,7 @@
SimpleTest.executeSoon(nextTest);
}
SpecialPowers.pushPrefEnv({"set": [
["permissions.delegation.enabled", true],
]}).then(nextTest);
nextTest()
</script>
</body>

Просмотреть файл

@ -24,7 +24,6 @@ addTest(async function testNoPermissionPrompt() {
SpecialPowers.pushPrefEnv(
{
set: [
["permissions.delegation.enabled", true],
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],
],

Просмотреть файл

@ -86,10 +86,6 @@ NS_IMETHODIMP
PermissionDelegateHandler::MaybeUnsafePermissionDelegate(
const nsTArray<nsCString>& aTypes, bool* aMaybeUnsafe) {
*aMaybeUnsafe = false;
if (!StaticPrefs::permissions_delegation_enabled()) {
return NS_OK;
}
for (auto& type : aTypes) {
const DelegateInfo* info =
GetPermissionDelegateInfo(NS_ConvertUTF8toUTF16(type));
@ -107,23 +103,12 @@ PermissionDelegateHandler::MaybeUnsafePermissionDelegate(
return NS_OK;
}
NS_IMETHODIMP
PermissionDelegateHandler::GetPermissionDelegateFPEnabled(bool* aEnabled) {
MOZ_ASSERT(NS_IsMainThread());
*aEnabled = StaticPrefs::permissions_delegation_enabled();
return NS_OK;
}
/* static */
nsresult PermissionDelegateHandler::GetDelegatePrincipal(
const nsACString& aType, nsIContentPermissionRequest* aRequest,
nsIPrincipal** aResult) {
MOZ_ASSERT(aRequest);
if (!StaticPrefs::permissions_delegation_enabled()) {
return aRequest->GetPrincipal(aResult);
}
const DelegateInfo* info =
GetPermissionDelegateInfo(NS_ConvertUTF8toUTF16(aType));
if (!info) {
@ -203,10 +188,6 @@ bool PermissionDelegateHandler::HasPermissionDelegated(
return false;
}
if (!StaticPrefs::permissions_delegation_enabled()) {
return true;
}
if (info->mPolicy == DelegatePolicy::ePersistDeniedCrossOrigin &&
!mDocument->IsTopLevelContentDocument() &&
IsCrossOriginContentToTop(mDocument)) {
@ -239,11 +220,6 @@ nsresult PermissionDelegateHandler::GetPermission(const nsACString& aType,
aExactHostMatch ? &nsIPermissionManager::TestExactPermissionFromPrincipal
: &nsIPermissionManager::TestPermissionFromPrincipal;
if (!StaticPrefs::permissions_delegation_enabled()) {
return (mPermissionManager->*testPermission)(mPrincipal, aType,
aPermission);
}
if (info->mPolicy == DelegatePolicy::ePersistDeniedCrossOrigin &&
!mDocument->IsTopLevelContentDocument() &&
IsCrossOriginContentToTop(mDocument)) {

Просмотреть файл

@ -12778,11 +12778,6 @@
value: 1
mirror: always
- name: permissions.delegation.enabled
type: bool
value: true
mirror: always
- name: permissions.isolateBy.userContext
type: RelaxedAtomicBool
value: false

Просмотреть файл

@ -1,4 +1,4 @@
prefs: [permissions.delegation.enabled:true, dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]
prefs: [dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]
[permissions-query-feature-policy-attribute.https.sub.html]
expected:
if (os == "android") and fission: [OK, TIMEOUT]