Backed out 4 changesets (bug 1603969) for failing at /browser_startup_mainthreadio.js on a CLOSED TREE.

Backed out changeset 959f12e42db9 (bug 1603969)
Backed out changeset 18bf461b9630 (bug 1603969)
Backed out changeset 8c3bb23a048b (bug 1603969)
Backed out changeset 450eec13d73e (bug 1603969)
This commit is contained in:
Gurzau Raul 2019-12-18 20:53:13 +02:00
Родитель da50d29a09
Коммит e92fa08412
20 изменённых файлов: 161 добавлений и 378 удалений

Просмотреть файл

@ -779,7 +779,10 @@ var ThirdPartyCookies = {
for (let perm of Services.perms.getAllForPrincipal( for (let perm of Services.perms.getAllForPrincipal(
gBrowser.contentPrincipal gBrowser.contentPrincipal
)) { )) {
if (perm.type == "3rdPartyStorage^" + origin) { if (
perm.type == "3rdPartyStorage^" + origin ||
perm.type.startsWith("3rdPartyStorage^" + origin + "^")
) {
return perm.capability; return perm.capability;
} }
} }
@ -796,7 +799,10 @@ var ThirdPartyCookies = {
for (let perm of Services.perms.getAllForPrincipal( for (let perm of Services.perms.getAllForPrincipal(
gBrowser.contentPrincipal gBrowser.contentPrincipal
)) { )) {
if (perm.type == "3rdPartyStorage^" + origin) { if (
perm.type == "3rdPartyStorage^" + origin ||
perm.type.startsWith("3rdPartyStorage^" + origin + "^")
) {
Services.perms.removePermission(perm); Services.perms.removePermission(perm);
} }
} }

Просмотреть файл

@ -1,7 +1,6 @@
[DEFAULT] [DEFAULT]
support-files = support-files =
head.js head.js
!/browser/base/content/test/trackingUI/trackingPage.html
[browser_protections_UI.js] [browser_protections_UI.js]
fail-if = fission # Bug 1590696 fail-if = fission # Bug 1590696

Просмотреть файл

@ -2,19 +2,8 @@
* http://creativecommons.org/publicdomain/zero/1.0/ * http://creativecommons.org/publicdomain/zero/1.0/
*/ */
// A 1x1 PNG image.
// Source: https://commons.wikimedia.org/wiki/File:1x1.png (Public Domain)
const IMAGE = atob("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAA" +
"ACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=");
function handleRequest(request, response) { function handleRequest(request, response) {
response.setStatusLine(request.httpVersion, 200); response.setStatusLine(request.httpVersion, 200);
if (request.queryString && response.setHeader("Set-Cookie", "foopy=1");
request.queryString.includes("type=image-no-cookie")) { response.write("cookie served");
response.setHeader("Content-Type", "image/png", false);
response.write(IMAGE);
} else {
response.setHeader("Set-Cookie", "foopy=1");
response.write("cookie served");
}
} }

Просмотреть файл

@ -4,15 +4,6 @@ function createIframe(src) {
document.body.appendChild(ifr); document.body.appendChild(ifr);
} }
function createImage(src) {
let img = document.createElement("img");
img.src = src;
img.onload = () => {
parent.postMessage("done", "*");
};
document.body.appendChild(img);
}
onmessage = event => { onmessage = event => {
switch (event.data) { switch (event.data) {
case "tracking": case "tracking":
@ -50,11 +41,6 @@ onmessage = event => {
"https://test1.example.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs" "https://test1.example.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs"
); );
break; break;
case "image":
createImage(
"http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs?type=image-no-cookie"
);
break;
case "window-open": case "window-open":
window.win = window.open( window.win = window.open(
"http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs", "http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs",

Просмотреть файл

@ -5759,11 +5759,13 @@ mozilla::ipc::IPCResult ContentParent::RecvAutomaticStorageAccessCanBeGranted(
mozilla::ipc::IPCResult mozilla::ipc::IPCResult
ContentParent::RecvFirstPartyStorageAccessGrantedForOrigin( ContentParent::RecvFirstPartyStorageAccessGrantedForOrigin(
const Principal& aParentPrincipal, const Principal& aTrackingPrincipal, const Principal& aParentPrincipal, const Principal& aTrackingPrincipal,
const nsCString& aTrackingOrigin, const int& aAllowMode, const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
const int& aAllowMode,
FirstPartyStorageAccessGrantedForOriginResolver&& aResolver) { FirstPartyStorageAccessGrantedForOriginResolver&& aResolver) {
AntiTrackingCommon:: AntiTrackingCommon::
SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess( SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
aParentPrincipal, aTrackingPrincipal, aTrackingOrigin, aAllowMode) aParentPrincipal, aTrackingPrincipal, aTrackingOrigin, aGrantedOrigin,
aAllowMode)
->Then(GetCurrentThreadSerialEventTarget(), __func__, ->Then(GetCurrentThreadSerialEventTarget(), __func__,
[aResolver = std::move(aResolver)]( [aResolver = std::move(aResolver)](
AntiTrackingCommon::FirstPartyStorageAccessGrantPromise:: AntiTrackingCommon::FirstPartyStorageAccessGrantPromise::

Просмотреть файл

@ -1193,7 +1193,8 @@ class ContentParent final
mozilla::ipc::IPCResult RecvFirstPartyStorageAccessGrantedForOrigin( mozilla::ipc::IPCResult RecvFirstPartyStorageAccessGrantedForOrigin(
const Principal& aParentPrincipal, const Principal& aTrackingPrincipal, const Principal& aParentPrincipal, const Principal& aTrackingPrincipal,
const nsCString& aTrackingOrigin, const int& aAllowMode, const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
const int& aAllowMode,
FirstPartyStorageAccessGrantedForOriginResolver&& aResolver); FirstPartyStorageAccessGrantedForOriginResolver&& aResolver);
mozilla::ipc::IPCResult RecvStoreUserInteractionAsPermission( mozilla::ipc::IPCResult RecvStoreUserInteractionAsPermission(

Просмотреть файл

@ -1481,6 +1481,7 @@ parent:
async FirstPartyStorageAccessGrantedForOrigin(Principal aParentPrincipal, async FirstPartyStorageAccessGrantedForOrigin(Principal aParentPrincipal,
Principal aTrackingPrincipal, Principal aTrackingPrincipal,
nsCString aTrackingOrigin, nsCString aTrackingOrigin,
nsCString aGrantedOrigin,
int aAllowMode) int aAllowMode)
returns (bool unused); returns (bool unused);

Просмотреть файл

@ -882,7 +882,7 @@ void nsPermissionManager::Startup() {
// nsPermissionManager Implementation // nsPermissionManager Implementation
#define PERMISSIONS_FILE_NAME "permissions.sqlite" #define PERMISSIONS_FILE_NAME "permissions.sqlite"
#define HOSTS_SCHEMA_VERSION 11 #define HOSTS_SCHEMA_VERSION 10
// Default permissions are read from a URL - this is the preference we read // Default permissions are read from a URL - this is the preference we read
// to find that URL. If not set, don't use any default permissions. // to find that URL. If not set, don't use any default permissions.
@ -1539,25 +1539,6 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
MOZ_FALLTHROUGH; MOZ_FALLTHROUGH;
case 9: { case 9: {
rv = mDBConn->SetSchemaVersion(10);
NS_ENSURE_SUCCESS(rv, rv);
}
// fall through to the next upgrade
MOZ_FALLTHROUGH;
case 10: {
// Filter out the rows with storage access API permissions with a
// granted origin, and remove the granted origin part from the
// permission type.
rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
"UPDATE moz_perms "
"SET type=SUBSTR(type, 0, INSTR(SUBSTR(type, INSTR(type, '^') + "
"1), '^') + INSTR(type, '^')) "
"WHERE INSTR(SUBSTR(type, INSTR(type, '^') + 1), '^') AND "
"SUBSTR(type, 0, 18) == \"storageAccessAPI^\";"));
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->SetSchemaVersion(HOSTS_SCHEMA_VERSION); rv = mDBConn->SetSchemaVersion(HOSTS_SCHEMA_VERSION);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
} }

Просмотреть файл

@ -223,9 +223,9 @@ function run_test() {
// Initialize the permission manager service // Initialize the permission manager service
var pm = Services.perms; var pm = Services.perms;
// The schema should be upgraded to 11, and a 'modificationTime' column should // The schema should be upgraded to 10, and a 'modificationTime' column should
// exist with all records having a value of 0. // exist with all records having a value of 0.
Assert.equal(connection.schemaVersion, 11); Assert.equal(connection.schemaVersion, 10);
let select = connection.createStatement( let select = connection.createStatement(
"SELECT modificationTime FROM moz_perms" "SELECT modificationTime FROM moz_perms"

Просмотреть файл

@ -1,193 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
ChromeUtils.defineModuleGetter(
this,
"PlacesTestUtils",
"resource://testing-common/PlacesTestUtils.jsm"
);
var PERMISSIONS_FILE_NAME = "permissions.sqlite";
function GetPermissionsFile(profile) {
let file = profile.clone();
file.append(PERMISSIONS_FILE_NAME);
return file;
}
add_task(async function test() {
/* Create and set up the permissions database */
let profile = do_get_profile();
Services.prefs.setCharPref("permissions.manager.defaultsUrl", "");
let db = Services.storage.openDatabase(GetPermissionsFile(profile));
db.schemaVersion = 10;
let stmt6Insert = db.createStatement(
"INSERT INTO moz_perms (" +
"id, origin, type, permission, expireType, expireTime, modificationTime" +
") VALUES (" +
":id, :origin, :type, :permission, :expireType, :expireTime, :modificationTime" +
")"
);
let id = 0;
function insertOrigin(
origin,
type,
permission,
expireType,
expireTime,
modificationTime
) {
let thisId = id++;
stmt6Insert.bindByName("id", thisId);
stmt6Insert.bindByName("origin", origin);
stmt6Insert.bindByName("type", type);
stmt6Insert.bindByName("permission", permission);
stmt6Insert.bindByName("expireType", expireType);
stmt6Insert.bindByName("expireTime", expireTime);
stmt6Insert.bindByName("modificationTime", modificationTime);
try {
stmt6Insert.execute();
} finally {
stmt6Insert.reset();
}
return {
id: thisId,
origin,
type,
permission,
expireType,
expireTime,
modificationTime,
};
}
insertOrigin(
"https://foo.com",
"storageAccessAPI^https://foo.com",
2,
0,
0,
0
);
insertOrigin(
"http://foo.com",
"storageAccessAPI^https://bar.com^https://foo.com",
2,
0,
0,
0
);
insertOrigin(
"http://foo.com",
"storageAccessAPI^https://bar.com^https://baz.com",
2,
0,
0,
0
);
insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0);
// CLose the db connection
stmt6Insert.finalize();
db.close();
db = null;
let expected = [
["https://foo.com", "storageAccessAPI^https://foo.com", 2, 0, 0, 0],
["http://foo.com", "storageAccessAPI^https://bar.com", 2, 0, 0, 0],
["http://foo.com", "storageAccessAPI^https://bar.com", 2, 0, 0, 0],
["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
];
let found = expected.map(it => 0);
// Add some places to the places database
await PlacesTestUtils.addVisits(
Services.io.newURI("https://foo.com/some/other/subdirectory")
);
await PlacesTestUtils.addVisits(
Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory")
);
await PlacesTestUtils.addVisits(Services.io.newURI("ftp://127.0.0.1:8080"));
await PlacesTestUtils.addVisits(Services.io.newURI("https://localhost:8080"));
// This will force the permission-manager to reload the data.
Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk");
// Force initialization of the nsPermissionManager
for (let permission of Services.perms.all) {
let isExpected = false;
expected.forEach((it, i) => {
if (
permission.principal.origin == it[0] &&
permission.type == it[1] &&
permission.capability == it[2] &&
permission.expireType == it[3] &&
permission.expireTime == it[4]
) {
isExpected = true;
found[i]++;
}
});
Assert.ok(
isExpected,
"Permission " +
(isExpected ? "should" : "shouldn't") +
" be in permission database: " +
permission.principal.origin +
", " +
permission.type +
", " +
permission.capability +
", " +
permission.expireType +
", " +
permission.expireTime
);
}
found.forEach((count, i) => {
Assert.ok(
count == 1,
"Expected count = 1, got count = " +
count +
" for permission " +
expected[i]
);
});
// Check to make sure that all of the tables which we care about are present
{
db = Services.storage.openDatabase(GetPermissionsFile(profile));
Assert.ok(db.tableExists("moz_perms"));
Assert.ok(db.tableExists("moz_hosts"));
Assert.ok(!db.tableExists("moz_perms_v6"));
let mozHostsCount = db.createStatement("SELECT count(*) FROM moz_hosts");
try {
mozHostsCount.executeStep();
Assert.equal(mozHostsCount.getInt64(0), 0);
} finally {
mozHostsCount.finalize();
}
let mozPermsCount = db.createStatement("SELECT count(*) FROM moz_perms");
try {
mozPermsCount.executeStep();
Assert.equal(mozPermsCount.getInt64(0), expected.length);
} finally {
mozPermsCount.finalize();
}
db.close();
}
});

Просмотреть файл

@ -30,5 +30,4 @@ skip-if = debug == true
[test_permmanager_migrate_4-7_no_history.js] [test_permmanager_migrate_4-7_no_history.js]
[test_permmanager_migrate_7-8.js] [test_permmanager_migrate_7-8.js]
[test_permmanager_migrate_9-10.js] [test_permmanager_migrate_9-10.js]
[test_permmanager_migrate_10-11.js]
[test_permmanager_oa_strip.js] [test_permmanager_oa_strip.js]

Просмотреть файл

@ -44,7 +44,11 @@ CookieBlockedTracker=Request to access cookie or storage on “%1$S” was block
CookieBlockedAll=Request to access cookie or storage on “%1$S” was blocked because we are blocking all storage access requests. CookieBlockedAll=Request to access cookie or storage on “%1$S” was blocked because we are blocking all storage access requests.
CookieBlockedForeign=Request to access cookie or storage on “%1$S” was blocked because we are blocking all third-party storage access requests and content blocking is enabled. CookieBlockedForeign=Request to access cookie or storage on “%1$S” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.
# LOCALIZATION NOTE (CookieAllowedForOriginOnTrackerByStorageAccessAPI): %3$S, %2$S and %1$S are URLs.
CookieAllowedForOriginOnTrackerByStorageAccessAPI=Storage access granted for “%3$S” opened by tracker “%2$S” on “%1$S”.
# LOCALIZATION NOTE (CookieAllowedForTrackerByStorageAccessAPI): %2$S and %1$S are URLs. # LOCALIZATION NOTE (CookieAllowedForTrackerByStorageAccessAPI): %2$S and %1$S are URLs.
CookieAllowedForTrackerByStorageAccessAPI=Storage access granted for tracker “%2$S” on “%1$S”. CookieAllowedForTrackerByStorageAccessAPI=Storage access granted for tracker “%2$S” on “%1$S”.
# LOCALIZATION NOTE (CookieAllowedForOriginOnTrackerByHeuristic): %3$S, %2$S and %1$S are URLs.
CookieAllowedForOriginOnTrackerByHeuristic=Storage access automatically granted for “%3$S” opened by tracker “%2$S” on “%1$S”.
# LOCALIZATION NOTE (CookieAllowedForTrackerByHeuristic): %2$S and %1$S are URLs. # LOCALIZATION NOTE (CookieAllowedForTrackerByHeuristic): %2$S and %1$S are URLs.
CookieAllowedForTrackerByHeuristic=Storage access automatically granted for tracker “%2$S” on “%1$S”. CookieAllowedForTrackerByHeuristic=Storage access automatically granted for tracker “%2$S” on “%1$S”.

Просмотреть файл

@ -128,6 +128,27 @@ void CreatePermissionKey(const nsCString& aTrackingOrigin,
aPermissionKey.Append(aTrackingOrigin); aPermissionKey.Append(aTrackingOrigin);
} }
void CreatePermissionKey(const nsCString& aTrackingOrigin,
const nsCString& aGrantedOrigin,
nsACString& aPermissionKey) {
MOZ_ASSERT(aPermissionKey.IsEmpty());
if (aTrackingOrigin == aGrantedOrigin) {
CreatePermissionKey(aTrackingOrigin, aPermissionKey);
return;
}
static const nsLiteralCString prefix =
NS_LITERAL_CSTRING(ANTITRACKING_PERM_KEY "^");
aPermissionKey.SetCapacity(prefix.Length() + 1 + aTrackingOrigin.Length() +
aGrantedOrigin.Length());
aPermissionKey.Append(prefix);
aPermissionKey.Append(aTrackingOrigin);
aPermissionKey.AppendLiteral("^");
aPermissionKey.Append(aGrantedOrigin);
}
// This internal method returns ACCESS_DENY if the access is denied, // This internal method returns ACCESS_DENY if the access is denied,
// ACCESS_DEFAULT if unknown, some other access code if granted. // ACCESS_DEFAULT if unknown, some other access code if granted.
uint32_t CheckCookiePermissionForPrincipal(nsICookieSettings* aCookieSettings, uint32_t CheckCookiePermissionForPrincipal(nsICookieSettings* aCookieSettings,
@ -443,6 +464,7 @@ void ReportBlockingToConsole(nsPIDOMWindowOuter* aWindow, nsIURI* aURI,
void ReportUnblockingToConsole( void ReportUnblockingToConsole(
nsPIDOMWindowInner* aWindow, const nsAString& aTrackingOrigin, nsPIDOMWindowInner* aWindow, const nsAString& aTrackingOrigin,
const nsAString& aGrantedOrigin,
AntiTrackingCommon::StorageAccessGrantedReason aReason) { AntiTrackingCommon::StorageAccessGrantedReason aReason) {
nsCOMPtr<nsIPrincipal> principal = nsCOMPtr<nsIPrincipal> principal =
nsGlobalWindowInner::Cast(aWindow)->GetPrincipal(); nsGlobalWindowInner::Cast(aWindow)->GetPrincipal();
@ -456,6 +478,7 @@ void ReportUnblockingToConsole(
} }
nsAutoString trackingOrigin(aTrackingOrigin); nsAutoString trackingOrigin(aTrackingOrigin);
nsAutoString grantedOrigin(aGrantedOrigin);
nsAutoString sourceLine; nsAutoString sourceLine;
uint32_t lineNumber = 0, columnNumber = 0; uint32_t lineNumber = 0, columnNumber = 0;
@ -466,8 +489,8 @@ void ReportUnblockingToConsole(
RefPtr<Runnable> runnable = NS_NewRunnableFunction( RefPtr<Runnable> runnable = NS_NewRunnableFunction(
"ReportUnblockingToConsoleDelayed", "ReportUnblockingToConsoleDelayed",
[doc, principal, trackingOrigin, sourceLine, lineNumber, columnNumber, [doc, principal, trackingOrigin, grantedOrigin, sourceLine, lineNumber,
aReason]() { columnNumber, aReason]() {
nsAutoString origin; nsAutoString origin;
nsresult rv = nsContentUtils::GetUTFOrigin(principal, origin); nsresult rv = nsContentUtils::GetUTFOrigin(principal, origin);
if (NS_WARN_IF(NS_FAILED(rv))) { if (NS_WARN_IF(NS_FAILED(rv))) {
@ -476,24 +499,39 @@ void ReportUnblockingToConsole(
// Not adding grantedOrigin yet because we may not want it later. // Not adding grantedOrigin yet because we may not want it later.
AutoTArray<nsString, 3> params = {origin, trackingOrigin}; AutoTArray<nsString, 3> params = {origin, trackingOrigin};
const char* messageWithDifferentOrigin = nullptr;
const char* messageWithSameOrigin = nullptr; const char* messageWithSameOrigin = nullptr;
switch (aReason) { switch (aReason) {
case AntiTrackingCommon::eStorageAccessAPI: case AntiTrackingCommon::eStorageAccessAPI:
messageWithDifferentOrigin =
"CookieAllowedForOriginOnTrackerByStorageAccessAPI";
messageWithSameOrigin = "CookieAllowedForTrackerByStorageAccessAPI"; messageWithSameOrigin = "CookieAllowedForTrackerByStorageAccessAPI";
break; break;
case AntiTrackingCommon::eOpenerAfterUserInteraction: case AntiTrackingCommon::eOpenerAfterUserInteraction:
MOZ_FALLTHROUGH; MOZ_FALLTHROUGH;
case AntiTrackingCommon::eOpener: case AntiTrackingCommon::eOpener:
messageWithDifferentOrigin =
"CookieAllowedForOriginOnTrackerByHeuristic";
messageWithSameOrigin = "CookieAllowedForTrackerByHeuristic"; messageWithSameOrigin = "CookieAllowedForTrackerByHeuristic";
break; break;
} }
nsContentUtils::ReportToConsole( if (trackingOrigin == grantedOrigin) {
nsIScriptError::warningFlag, NS_LITERAL_CSTRING("Content Blocking"), nsContentUtils::ReportToConsole(
doc, nsContentUtils::eNECKO_PROPERTIES, messageWithSameOrigin, nsIScriptError::warningFlag,
params, nullptr, sourceLine, lineNumber, columnNumber); NS_LITERAL_CSTRING("Content Blocking"), doc,
nsContentUtils::eNECKO_PROPERTIES, messageWithSameOrigin, params,
nullptr, sourceLine, lineNumber, columnNumber);
} else {
params.AppendElement(grantedOrigin);
nsContentUtils::ReportToConsole(
nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("Content Blocking"), doc,
nsContentUtils::eNECKO_PROPERTIES, messageWithDifferentOrigin,
params, nullptr, sourceLine, lineNumber, columnNumber);
}
}); });
RunConsoleReportingRunnable(runnable.forget()); RunConsoleReportingRunnable(runnable.forget());
@ -905,13 +943,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
return StorageAccessGrantPromise::CreateAndReject(false, __func__); return StorageAccessGrantPromise::CreateAndReject(false, __func__);
} }
if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug)) { nsAutoCString origin;
nsAutoCString origin; nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
Unused << nsContentUtils::GetASCIIOrigin(uri, origin); if (NS_WARN_IF(NS_FAILED(rv))) {
LOG(("Adding a first-party storage exception for %s...", LOG(("Can't get the origin from the URI"));
PromiseFlatCString(origin).get())); return StorageAccessGrantPromise::CreateAndReject(false, __func__);
} }
LOG(("Adding a first-party storage exception for %s...",
PromiseFlatCString(origin).get()));
Document* parentDoc = aParentWindow->GetExtantDoc(); Document* parentDoc = aParentWindow->GetExtantDoc();
if (!parentDoc) { if (!parentDoc) {
LOG(("Parent window has no doc")); LOG(("Parent window has no doc"));
@ -955,13 +996,6 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
// We are a first party resource. // We are a first party resource.
if (outerParentWindow->IsTopLevelWindow()) { if (outerParentWindow->IsTopLevelWindow()) {
nsAutoCString origin;
nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
if (NS_WARN_IF(NS_FAILED(rv))) {
LOG(("Can't get the origin from the URI"));
return StorageAccessGrantPromise::CreateAndReject(false, __func__);
}
trackingOrigin = origin; trackingOrigin = origin;
trackingPrincipal = aPrincipal; trackingPrincipal = aPrincipal;
rv = trackingPrincipal->GetURI(getter_AddRefs(trackingURI)); rv = trackingPrincipal->GetURI(getter_AddRefs(trackingURI));
@ -1064,11 +1098,11 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
} }
auto storePermission = auto storePermission =
[pwin, parentWindow, trackingOrigin, trackingPrincipal, trackingURI, [pwin, parentWindow, origin, trackingOrigin, trackingPrincipal,
topInnerWindow, topLevelStoragePrincipal, trackingURI, topInnerWindow, topLevelStoragePrincipal,
aReason](int aAllowMode) -> RefPtr<StorageAccessGrantPromise> { aReason](int aAllowMode) -> RefPtr<StorageAccessGrantPromise> {
nsAutoCString permissionKey; nsAutoCString permissionKey;
CreatePermissionKey(trackingOrigin, permissionKey); CreatePermissionKey(trackingOrigin, origin, permissionKey);
// Let's store the permission in the current parent window. // Let's store the permission in the current parent window.
topInnerWindow->SaveStorageAccessGranted(permissionKey); topInnerWindow->SaveStorageAccessGranted(permissionKey);
@ -1084,14 +1118,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
Some(aReason)); Some(aReason));
ReportUnblockingToConsole(parentWindow, ReportUnblockingToConsole(parentWindow,
NS_ConvertUTF8toUTF16(trackingOrigin), aReason); NS_ConvertUTF8toUTF16(trackingOrigin),
NS_ConvertUTF8toUTF16(origin), aReason);
if (XRE_IsParentProcess()) { if (XRE_IsParentProcess()) {
LOG(("Saving the permission: trackingOrigin=%s", trackingOrigin.get())); LOG(("Saving the permission: trackingOrigin=%s, grantedOrigin=%s",
trackingOrigin.get(), origin.get()));
return SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess( return SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
topLevelStoragePrincipal, trackingPrincipal, trackingOrigin, topLevelStoragePrincipal, trackingPrincipal, trackingOrigin,
aAllowMode) origin, aAllowMode)
->Then(GetCurrentThreadSerialEventTarget(), __func__, ->Then(GetCurrentThreadSerialEventTarget(), __func__,
[](FirstPartyStorageAccessGrantPromise::ResolveOrRejectValue&& [](FirstPartyStorageAccessGrantPromise::ResolveOrRejectValue&&
aValue) { aValue) {
@ -1111,15 +1147,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
LOG( LOG(
("Asking the parent process to save the permission for us: " ("Asking the parent process to save the permission for us: "
"trackingOrigin=%s", "trackingOrigin=%s, grantedOrigin=%s",
trackingOrigin.get())); trackingOrigin.get(), origin.get()));
// This is not really secure, because here we have the content process // This is not really secure, because here we have the content process
// sending the request of storing a permission. // sending the request of storing a permission.
return cc return cc
->SendFirstPartyStorageAccessGrantedForOrigin( ->SendFirstPartyStorageAccessGrantedForOrigin(
IPC::Principal(topLevelStoragePrincipal), IPC::Principal(topLevelStoragePrincipal),
IPC::Principal(trackingPrincipal), trackingOrigin, aAllowMode) IPC::Principal(trackingPrincipal), trackingOrigin, origin,
aAllowMode)
->Then(GetCurrentThreadSerialEventTarget(), __func__, ->Then(GetCurrentThreadSerialEventTarget(), __func__,
[](const ContentChild:: [](const ContentChild::
FirstPartyStorageAccessGrantedForOriginPromise:: FirstPartyStorageAccessGrantedForOriginPromise::
@ -1151,7 +1188,8 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
RefPtr<mozilla::AntiTrackingCommon::FirstPartyStorageAccessGrantPromise> RefPtr<mozilla::AntiTrackingCommon::FirstPartyStorageAccessGrantPromise>
AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess( AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
nsIPrincipal* aParentPrincipal, nsIPrincipal* aTrackingPrincipal, nsIPrincipal* aParentPrincipal, nsIPrincipal* aTrackingPrincipal,
const nsCString& aTrackingOrigin, int aAllowMode) { const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
int aAllowMode) {
MOZ_ASSERT(XRE_IsParentProcess()); MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(aAllowMode == eAllow || aAllowMode == eAllowAutoGrant || MOZ_ASSERT(aAllowMode == eAllow || aAllowMode == eAllowAutoGrant ||
aAllowMode == eAllowOnAnySite); aAllowMode == eAllowOnAnySite);
@ -1165,8 +1203,8 @@ AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
nsCOMPtr<nsIURI> parentPrincipalURI; nsCOMPtr<nsIURI> parentPrincipalURI;
Unused << aParentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI)); Unused << aParentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
LOG_SPEC(("Saving a first-party storage permission on %s for " LOG_SPEC(("Saving a first-party storage permission on %s for "
"trackingOrigin=%s", "trackingOrigin=%s grantedOrigin=%s",
_spec, aTrackingOrigin.get()), _spec, aTrackingOrigin.get(), aGrantedOrigin.get()),
parentPrincipalURI); parentPrincipalURI);
if (NS_WARN_IF(!aParentPrincipal)) { if (NS_WARN_IF(!aParentPrincipal)) {
@ -1227,7 +1265,7 @@ AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
} }
nsAutoCString type; nsAutoCString type;
CreatePermissionKey(aTrackingOrigin, type); CreatePermissionKey(aTrackingOrigin, aGrantedOrigin, type);
LOG( LOG(
("Computed permission key: %s, expiry: %u, proceeding to save in the " ("Computed permission key: %s, expiry: %u, proceeding to save in the "
@ -1490,8 +1528,15 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
} }
Unused << parentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI)); Unused << parentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
nsAutoCString grantedOrigin;
nsresult rv = nsContentUtils::GetASCIIOrigin(aURI, grantedOrigin);
if (NS_WARN_IF(NS_FAILED(rv))) {
LOG_SPEC(("Failed to compute the origin from %s", _spec), aURI);
return false;
}
nsAutoCString type; nsAutoCString type;
CreatePermissionKey(trackingOrigin, type); CreatePermissionKey(trackingOrigin, grantedOrigin, type);
if (topInnerWindow->HasStorageAccessGranted(type)) { if (topInnerWindow->HasStorageAccessGranted(type)) {
LOG(("Permission stored in the window. All good.")); LOG(("Permission stored in the window. All good."));
@ -1757,8 +1802,15 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
return false; return false;
} }
nsAutoCString origin;
rv = nsContentUtils::GetASCIIOrigin(aURI, origin);
if (NS_WARN_IF(NS_FAILED(rv))) {
LOG_SPEC(("Failed to compute the origin from %s", _spec), aURI);
return false;
}
nsAutoCString type; nsAutoCString type;
CreatePermissionKey(trackingOrigin, type); CreatePermissionKey(trackingOrigin, origin, type);
uint32_t privateBrowsingId = 0; uint32_t privateBrowsingId = 0;
rv = channelPrincipal->GetPrivateBrowsingId(&privateBrowsingId); rv = channelPrincipal->GetPrivateBrowsingId(&privateBrowsingId);

Просмотреть файл

@ -130,7 +130,8 @@ class AntiTrackingCommon final {
static RefPtr<FirstPartyStorageAccessGrantPromise> static RefPtr<FirstPartyStorageAccessGrantPromise>
SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess( SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
nsIPrincipal* aPrincipal, nsIPrincipal* aTrackingPrinciapl, nsIPrincipal* aPrincipal, nsIPrincipal* aTrackingPrinciapl,
const nsCString& aTrackingOrigin, int aAllowMode); const nsCString& aParentOrigin, const nsCString& aGrantedOrigin,
int aAllowMode);
// Check whether a top window principal is on the content blocking allow list. // Check whether a top window principal is on the content blocking allow list.
static nsresult IsOnContentBlockingAllowList(nsIPrincipal* aTopWinPrincipal, static nsresult IsOnContentBlockingAllowList(nsIPrincipal* aTopWinPrincipal,

Просмотреть файл

@ -696,31 +696,13 @@ this.AntiTracking = {
is(allMessages.length, 0, "No console messages should be generated"); is(allMessages.length, 0, "No console messages should be generated");
} else { } else {
ok(!!allMessages.length, "Some console message should be generated"); ok(!!allMessages.length, "Some console message should be generated");
if (options.errorMessageDomains) {
is(
allMessages.length,
options.errorMessageDomains.length,
"Enough items provided in errorMessageDomains"
);
}
} }
let index = 0;
for (let msg of allMessages) { for (let msg of allMessages) {
is( is(
msg.category, msg.category,
expectedCategory, expectedCategory,
"Message should be of expected category" "Message should be of expected category"
); );
if (options.errorMessageDomains) {
ok(
msg.errorMessage.includes(options.errorMessageDomains[index]),
`Error message domain ${
options.errorMessageDomains[index]
} (${index}) found in "${msg.errorMessage}"`
);
index++;
}
} }
if (options.allowList) { if (options.allowList) {

Просмотреть файл

@ -39,9 +39,6 @@ support-files =
raptor.jpg raptor.jpg
!/browser/modules/test/browser/head.js !/browser/modules/test/browser/head.js
!/browser/base/content/test/general/head.js !/browser/base/content/test/general/head.js
!/browser/base/content/test/trackingUI/cookieServer.sjs
!/browser/base/content/test/trackingUI/trackingPage.html
!/browser/base/content/test/trackingUI/trackingAPI.js
[browser_allowListNotifications.js] [browser_allowListNotifications.js]
support-files = subResources.sjs support-files = subResources.sjs
@ -112,8 +109,6 @@ skip-if = fission
skip-if = fission skip-if = fission
[browser_storageAccessSandboxed.js] [browser_storageAccessSandboxed.js]
skip-if = fission skip-if = fission
[browser_storageAccessThirdPartyChecks.js]
skip-if = fission
[browser_storageAccessWithHeuristics.js] [browser_storageAccessWithHeuristics.js]
skip-if = fission skip-if = fission
[browser_networkIsolation.js] [browser_networkIsolation.js]

Просмотреть файл

@ -1,63 +0,0 @@
/* import-globals-from antitracking_head.js */
AntiTracking._createTask({
name:
"Test that after a storage access grant we have full first-party access",
cookieBehavior: BEHAVIOR_REJECT_TRACKER,
blockingByContentBlockingRTUI: true,
allowList: false,
callback: async _ => {
/* import-globals-from storageAccessAPIHelpers.js */
await noStorageAccessInitially();
await callRequestStorageAccess();
const TRACKING_PAGE =
"http://another-tracking.example.net/browser/browser/base/content/test/trackingUI/trackingPage.html";
async function runChecks(name) {
let iframe = document.createElement("iframe");
iframe.src = TRACKING_PAGE;
document.body.appendChild(iframe);
await new Promise(resolve => {
iframe.onload = resolve;
});
await SpecialPowers.spawn(iframe, [name], name => {
content.postMessage(name, "*");
});
await new Promise(resolve => {
onmessage = e => {
if (e.data == "done") {
resolve();
}
};
});
}
await runChecks("image");
},
extraPrefs: null,
expectedBlockingNotifications:
Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER,
runInPrivateWindow: false,
iframeSandbox: null,
accessRemoval: null,
callbackAfterRemoval: null,
thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP,
errorMessageDomains: [
"http://tracking.example.org",
"http://tracking.example.org",
"http://tracking.example.org",
"http://tracking.example.org",
"http://tracking.example.org",
],
});
add_task(async _ => {
await new Promise(resolve => {
Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value =>
resolve()
);
});
});

Просмотреть файл

@ -29,8 +29,6 @@ const TEST_TOP_PAGE_6 = TEST_DOMAIN_6 + TEST_PATH + "page.html";
const TEST_EMBEDDER_PAGE = TEST_DOMAIN + TEST_PATH + "embedder.html"; const TEST_EMBEDDER_PAGE = TEST_DOMAIN + TEST_PATH + "embedder.html";
const TEST_POPUP_PAGE = TEST_DOMAIN + TEST_PATH + "popup.html"; const TEST_POPUP_PAGE = TEST_DOMAIN + TEST_PATH + "popup.html";
const TEST_3RD_PARTY_PAGE = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdParty.html"; const TEST_3RD_PARTY_PAGE = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdParty.html";
const TEST_3RD_PARTY_PAGE_HTTP =
TEST_3RD_PARTY_DOMAIN_HTTP + TEST_PATH + "3rdParty.html";
const TEST_3RD_PARTY_PAGE_WO = const TEST_3RD_PARTY_PAGE_WO =
TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartyWO.html"; TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartyWO.html";
const TEST_3RD_PARTY_PAGE_UI = const TEST_3RD_PARTY_PAGE_UI =

Просмотреть файл

@ -879,14 +879,19 @@ const PermissionsCleaner = {
if (!toBeRemoved && perm.type.startsWith("3rdPartyStorage^")) { if (!toBeRemoved && perm.type.startsWith("3rdPartyStorage^")) {
let parts = perm.type.split("^"); let parts = perm.type.split("^");
let uri; for (let i = 1; i < parts.length; ++i) {
try { let uri;
uri = Services.io.newURI(parts[1]); try {
} catch (ex) { uri = Services.io.newURI(parts[i]);
continue; } catch (ex) {
} continue;
}
toBeRemoved = Services.eTLD.hasRootDomain(uri.host, aHost); toBeRemoved = Services.eTLD.hasRootDomain(uri.host, aHost);
if (toBeRemoved) {
break;
}
}
} }
if (!toBeRemoved) { if (!toBeRemoved) {

Просмотреть файл

@ -133,6 +133,16 @@ add_task(async function test_3rdpartystorage_permissions() {
"cookie", "cookie",
Services.perms.ALLOW_ACTION Services.perms.ALLOW_ACTION
); );
Services.perms.addFromPrincipal(
oneMorePrincipal,
"3rdPartyStorage^https://example.net^https://example.org",
Services.perms.ALLOW_ACTION
);
Services.perms.addFromPrincipal(
oneMorePrincipal,
"3rdPartyStorage^https://example.org^https://example.net",
Services.perms.ALLOW_ACTION
);
Assert.ok( Assert.ok(
Services.perms.getPermissionObject(principal, "cookie", true) != null Services.perms.getPermissionObject(principal, "cookie", true) != null
@ -150,6 +160,20 @@ add_task(async function test_3rdpartystorage_permissions() {
Assert.ok( Assert.ok(
Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
); );
Assert.ok(
Services.perms.getPermissionObject(
oneMorePrincipal,
"3rdPartyStorage^https://example.net^https://example.org",
true
) != null
);
Assert.ok(
Services.perms.getPermissionObject(
oneMorePrincipal,
"3rdPartyStorage^https://example.org^https://example.net",
true
) != null
);
await new Promise(aResolve => { await new Promise(aResolve => {
Services.clearData.deleteDataFromPrincipal( Services.clearData.deleteDataFromPrincipal(
@ -179,6 +203,20 @@ add_task(async function test_3rdpartystorage_permissions() {
Assert.ok( Assert.ok(
Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
); );
Assert.ok(
Services.perms.getPermissionObject(
oneMorePrincipal,
"3rdPartyStorage^https://example.net^https://example.org",
true
) == null
);
Assert.ok(
Services.perms.getPermissionObject(
oneMorePrincipal,
"3rdPartyStorage^https://example.org^https://example.net",
true
) == null
);
await new Promise(aResolve => { await new Promise(aResolve => {
Services.clearData.deleteData( Services.clearData.deleteData(