Bug 1621935 - Allow webRequest to see subresource requests in local files r=mixedpuppy

And remove the explicit "baseURL" origin check. This check was meant to
ensure that extensions can always intercept requests that it generated,
but changed in https://hg.mozilla.org/mozilla-central/rev/cd219dd096 by
accident to allowing access to the real `jar:`/`file:`-URL that backs
the `moz-extension:`-protocol handler.

That mistake did not break functionality, because the check was
redundant: the `moz-extension:`-origin is already explicitly added to
the internal set of host permissions of an extension. This scenario is
covered by the existing test_ext_webRequest_from_extension_page.js test.

Differential Revision: https://phabricator.services.mozilla.com/D67735

--HG--
extra : moz-landing-system : lando

toolkit/components/extensions/WebExtensionPolicy.h

@@ -75,10 +75,11 @@ class WebExtensionPolicy final : public nsISupports,
   void InjectContentScripts(ErrorResult& aRv);
 
   bool CanAccessURI(const URLInfo& aURI, bool aExplicit = false,
-                    bool aCheckRestricted = true) const {
+                    bool aCheckRestricted = true,
+                    bool aAllowFilePermission = false) const {
     return (!aCheckRestricted || !IsRestrictedURI(aURI)) && mHostPermissions &&
            mHostPermissions->Matches(aURI, aExplicit) &&
-           aURI.Scheme() != nsGkAtoms::file;
+           (aURI.Scheme() != nsGkAtoms::file || aAllowFilePermission);
   }
 
   bool IsPathWebAccessible(const nsAString& aPath) const {

toolkit/components/extensions/test/xpcshell/data/file_do_load_script_subresource.html

@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta charset="utf-8">
+</head>
+<body>
+<script src="http://example.net/intercept_by_webRequest.js"></script>
+</body>
+</html>

toolkit/components/extensions/test/xpcshell/test_ext_file_access.js

@@ -128,3 +128,66 @@ add_task(async function file_access_from_extension_page_not_allowed() {
 
   await extension.unload();
 });
+
+// webRequest listeners should see subresource requests from file:-principals.
+add_task(async function webRequest_script_request_from_file_principals() {
+  // Extension without file:-permission should not see the request.
+  let extensionWithoutFilePermission = ExtensionTestUtils.loadExtension({
+    manifest: {
+      permissions: ["http://example.net/", "webRequest"],
+    },
+    background() {
+      browser.webRequest.onBeforeRequest.addListener(
+        details => {
+          browser.test.fail(`Unexpected request from ${details.originUrl}`);
+        },
+        { urls: ["http://example.net/intercept_by_webRequest.js"] }
+      );
+    },
+  });
+
+  // Extension with <all_urls> (which matches the resource URL at example.net
+  // and the origin at file://*/*) can see the request.
+  let extension = ExtensionTestUtils.loadExtension({
+    manifest: {
+      permissions: ["<all_urls>", "webRequest", "webRequestBlocking"],
+      web_accessible_resources: ["testDONE.html"],
+    },
+    background() {
+      browser.webRequest.onBeforeRequest.addListener(
+        ({ originUrl }) => {
+          browser.test.assertTrue(
+            /^file:.*file_do_load_script_subresource.html/.test(originUrl),
+            `expected script to be loaded from a local file (${originUrl})`
+          );
+          let redirectUrl = browser.runtime.getURL("testDONE.html");
+          return {
+            redirectUrl: `data:text/javascript,location.href='${redirectUrl}';`,
+          };
+        },
+        { urls: ["http://example.net/intercept_by_webRequest.js"] },
+        ["blocking"]
+      );
+    },
+    files: {
+      "testDONE.html": `<!DOCTYPE html><script src="testDONE.js"></script>`,
+      "testDONE.js"() {
+        browser.test.sendMessage("webRequest_redirect_completed");
+      },
+    },
+  });
+
+  await extensionWithoutFilePermission.startup();
+  await extension.startup();
+
+  let contentPage = await ExtensionTestUtils.loadContentPage(
+    Services.io.newFileURI(
+      do_get_file("data/file_do_load_script_subresource.html")
+    ).spec
+  );
+  await extension.awaitMessage("webRequest_redirect_completed");
+  await contentPage.close();
+
+  await extension.unload();
+  await extensionWithoutFilePermission.unload();
+});

toolkit/components/extensions/webrequest/ChannelWrapper.cpp

@@ -572,7 +572,7 @@ bool ChannelWrapper::Matches(
     bool isProxy =
         aOptions.mIsProxy && aExtension->HasPermission(nsGkAtoms::proxy);
     // Proxies are allowed access to all urls, including restricted urls.
-    if (!aExtension->CanAccessURI(urlInfo, false, !isProxy)) {
+    if (!aExtension->CanAccessURI(urlInfo, false, !isProxy, true)) {
       return false;
     }
 
@@ -583,14 +583,12 @@ bool ChannelWrapper::Matches(
         return false;
       }
 
-      if (auto origin = DocumentURLInfo()) {
-        nsAutoCString baseURL;
-        aExtension->GetBaseURL(baseURL);
-
-        if (!StringBeginsWith(origin->CSpec(), baseURL) &&
-            !aExtension->CanAccessURI(*origin)) {
-          return false;
-        }
+      auto origin = DocumentURLInfo();
+      // Extensions with the file:-permission may observe requests from file:
+      // origins, because such documents can already be modified by content
+      // scripts anyway.
+      if (origin && !aExtension->CanAccessURI(*origin, false, true, true)) {
+        return false;
       }
     }
   }