Bug 1647732 - isolate font cache; r=baku,jfkthame,necko-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D82034
2020-07-07 07:49:38 +00:00 · 2020-07-07 07:49:38 +00:00 · e69b3bc58b
--- a/browser/components/originattributes/test/browser/browser.ini
+++ b/browser/components/originattributes/test/browser/browser.ini
@ -20,6 +20,7 @@ support-files =
  file_thirdPartyChild.audio.ogg
  file_thirdPartyChild.embed.png
  file_thirdPartyChild.fetch.html
+  file_thirdPartyChild.font.woff
  file_thirdPartyChild.iframe.html
  file_thirdPartyChild.favicon.png
  file_thirdPartyChild.img.png
--- a/browser/components/originattributes/test/browser/browser_cache.js
+++ b/browser/components/originattributes/test/browser/browser_cache.js
@ -37,6 +37,7 @@ let suffixes = [
  "import.js",
  "worker.js",
  "sharedworker.js",
+  "font.woff",
 ];

 // A random value for isolating video/audio elements across different tests.
--- a/browser/components/originattributes/test/browser/file_cache.html
+++ b/browser/components/originattributes/test/browser/file_cache.html
@ -6,6 +6,13 @@
  <link rel="stylesheet" type="text/css"
        href="http://example.net/browser/browser/components/originattributes/test/browser/file_thirdPartyChild.link.css">
  <link rel="preconnect" href="http://example.net">
+  <style type="text/css">
+    @font-face {
+      font-family: foo;
+      src: url("http://example.net/browser/browser/components/originattributes/test/browser/file_thirdPartyChild.font.woff") format('woff');
+    }
+    body { font-family: foo }
+  </style>
 </head>
 <body>
 <div>file_cache.html</div>
--- a/browser/components/originattributes/test/browser/file_thirdPartyChild.font.woff
+++ b/browser/components/originattributes/test/browser/file_thirdPartyChild.font.woff
--- a/layout/style/FontFaceSet.cpp
+++ b/layout/style/FontFaceSet.cpp
@ -110,7 +110,9 @@ FontFaceSet::FontFaceSet(nsPIDOMWindowInner* aWindow, dom::Document* aDocument)
    : DOMEventTargetHelper(aWindow),
      mDocument(aDocument),
      mStandardFontLoadPrincipal(
-          new gfxFontSrcPrincipal(mDocument->NodePrincipal())),
+          new gfxFontSrcPrincipal(StaticPrefs::privacy_partition_network_state()
+                                      ? mDocument->PartitionedPrincipal()
+                                      : mDocument->NodePrincipal())),
      mResolveLazilyCreatedReadyPromise(false),
      mStatus(FontFaceSetLoadStatus::Loaded),
      mNonRuleFacesDirty(false),
@ -121,9 +123,6 @@ FontFaceSet::FontFaceSet(nsPIDOMWindowInner* aWindow, dom::Document* aDocument)
      mPrivateBrowsing(false) {
  MOZ_ASSERT(mDocument, "We should get a valid document from the caller!");

-  mStandardFontLoadPrincipal =
-      new gfxFontSrcPrincipal(mDocument->NodePrincipal());
-
  // Record the state of the "bypass cache" flags from the docshell now,
  // since we want to look at them from style worker threads, and we can
  // only get to the docshell through a weak pointer (which is only
@ -1712,8 +1711,10 @@ nsPresContext* FontFaceSet::GetPresContext() {

 void FontFaceSet::RefreshStandardFontLoadPrincipal() {
  MOZ_ASSERT(NS_IsMainThread());
-  mStandardFontLoadPrincipal =
-      new gfxFontSrcPrincipal(mDocument->NodePrincipal());
+  nsIPrincipal* principal = StaticPrefs::privacy_partition_network_state()
+                                ? mDocument->PartitionedPrincipal()
+                                : mDocument->NodePrincipal();
+  mStandardFontLoadPrincipal = new gfxFontSrcPrincipal(principal);
  mAllowedFontLoads.Clear();
  if (mUserFontSet) {
    mUserFontSet->IncrementGeneration(false);
--- a/layout/style/FontPreloader.cpp
+++ b/layout/style/FontPreloader.cpp
@ -42,12 +42,13 @@ nsresult FontPreloader::BuildChannel(
    nsIInterfaceRequestor* aCallbacks, bool aIsPreload) {
  nsresult rv;

-  nsIPrincipal* principal = aUserFontEntry
-                                ? (aUserFontEntry->GetPrincipal()
+  nsIPrincipal* principal =
+      aUserFontEntry ? (aUserFontEntry->GetPrincipal()
                            ? aUserFontEntry->GetPrincipal()->get()
                            : nullptr)
-                                : aDocument->NodePrincipal();
-
+                     : (StaticPrefs::privacy_partition_network_state()
+                            ? aDocument->PartitionedPrincipal()
+                            : aDocument->NodePrincipal());
  // aCORSMode is ignored.  We always load as crossorigin=anonymous, but a
  // preload started with anything other then "anonymous" will never be found.

--- a/netwerk/test/httpserver/httpd.js
+++ b/netwerk/test/httpserver/httpd.js
@ -654,12 +654,12 @@ nsHttpServer.prototype = {
  //
  // see nsIHttpServer.registerFile
  //
-  registerFile(path, file) {
+  registerFile(path, file, handler) {
    if (file && (!file.exists() || file.isDirectory())) {
      throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG);
    }

-    this._handler.registerFile(path, file);
+    this._handler.registerFile(path, file, handler);
  },

  //
@ -2527,7 +2527,7 @@ ServerHandler.prototype = {
  //
  // see nsIHttpServer.registerFile
  //
-  registerFile(path, file) {
+  registerFile(path, file, handler) {
    if (!file) {
      dumpn("*** unregistering '" + path + "' mapping");
      delete this._overridePaths[path];
@ -2543,7 +2543,12 @@ ServerHandler.prototype = {
        throw HTTP_404;
      }

+      dumpn("*** responding '" + path + "' as mapping to " + file.path);
+
      response.setStatusLine(request.httpVersion, 200, "OK");
+      if (typeof handler === "function") {
+        handler(request, response);
+      }
      self._writeFileResponse(request, file, response, 0, file.fileSize);
    };
  },
--- a/netwerk/test/httpserver/nsIHttpServer.idl
+++ b/netwerk/test/httpserver/nsIHttpServer.idl
@ -65,8 +65,12 @@ interface nsIHttpServer : nsISupports
   * @param file
   *   the file to serve for the given path, or null to remove any mapping that
   *   might exist; this file must exist for the lifetime of the server
+   * @param handler
+   *   an optional object which can be used to handle any further changes.
   */
-  void registerFile(in string path, in nsIFile file);
+  void registerFile(in string path,
+                    in nsIFile file,
+                    [optional] in nsIHttpRequestHandler handler);

  /**
   * Registers a custom path handler.
--- a/toolkit/components/antitracking/test/xpcshell/data/font.woff
+++ b/toolkit/components/antitracking/test/xpcshell/data/font.woff
--- a/toolkit/components/antitracking/test/xpcshell/test_staticPartition_font.js
+++ b/toolkit/components/antitracking/test/xpcshell/test_staticPartition_font.js
@ -0,0 +1,96 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+const { CookieXPCShellUtils } = ChromeUtils.import(
+  "resource://testing-common/CookieXPCShellUtils.jsm"
+);
+
+CookieXPCShellUtils.init(this);
+
+let gHits = 0;
+
+add_task(async function() {
+  do_get_profile();
+
+  info("Disable predictor and accept all");
+  Services.prefs.setBoolPref("network.predictor.enabled", false);
+  Services.prefs.setBoolPref("network.predictor.enable-prefetch", false);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+
+  const server = CookieXPCShellUtils.createServer({
+    hosts: ["example.org", "foo.com", "bar.com"],
+  });
+
+  server.registerFile(
+    "/font.woff",
+    do_get_file("data/font.woff"),
+    (_, response) => {
+      response.setHeader("Access-Control-Allow-Origin", "*", false);
+      gHits++;
+    }
+  );
+
+  server.registerPathHandler("/font", (request, response) => {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "text/html", false);
+    let body = `
+      <style type="text/css">
+        @font-face {
+          font-family: foo;
+          src: url("http://example.org/font.woff") format('woff');
+        }
+        body { font-family: foo }
+      </style>`;
+    response.bodyOutputStream.write(body, body.length);
+  });
+
+  const tests = [
+    {
+      prefValue: true,
+      hitsCount: 3,
+    },
+    {
+      prefValue: false,
+      // The font in page B/C is CORS, the channel will be flagged with
+      // nsIRequest::LOAD_ANONYMOUS.
+      // The flag makes the font in A and B/C use different cache key.
+      hitsCount: 2,
+    },
+  ];
+
+  for (let test of tests) {
+    info("Clear network caches");
+    Services.cache2.clear();
+
+    info("Reset the hits count");
+    gHits = 0;
+
+    info("Enabling network state partitioning");
+    Services.prefs.setBoolPref(
+      "privacy.partition.network_state",
+      test.prefValue
+    );
+
+    info("Let's load a page with origin A");
+    let contentPage = await CookieXPCShellUtils.loadContentPage(
+      "http://example.org/font"
+    );
+    await contentPage.close();
+
+    info("Let's load a page with origin B");
+    contentPage = await CookieXPCShellUtils.loadContentPage(
+      "http://foo.com/font"
+    );
+    await contentPage.close();
+
+    info("Let's load a page with origin C");
+    contentPage = await CookieXPCShellUtils.loadContentPage(
+      "http://bar.com/font"
+    );
+    await contentPage.close();
+
+    Assert.equal(gHits, test.hitsCount, "The number of hits match");
+  }
+});
--- a/toolkit/components/antitracking/test/xpcshell/xpcshell.ini
+++ b/toolkit/components/antitracking/test/xpcshell/xpcshell.ini
@ -7,6 +7,10 @@ head = head.js ../../../../components/url-classifier/tests/unit/head_urlclassifi
 [test_tracking_db_service.js]
 [test_rejectForeignAllowList.js]
 skip-if = toolkit == 'android' # Bug 1567341
+[test_staticPartition_font.js]
+support-files =
+  data/font.woff
+skip-if = toolkit == 'android' # Bug 1567341
 [test_staticPartition_image.js]
 skip-if = toolkit == 'android' # Bug 1567341
 [test_staticPartition_authhttp.js]