Backed out changeset 68ff34ec8e96 (bug 1597704) for causing perma bc3 failures in browser/extensions/formautofill/test/browser/browser_autocomplete_footer.js CLOSED TREE

caps/BasePrincipal.cpp

@@ -24,7 +24,6 @@
 #include "mozilla/dom/BlobURLProtocolHandler.h"
 #include "mozilla/dom/ChromeUtils.h"
 #include "mozilla/dom/ToJSValue.h"
-#include "mozilla/dom/nsMixedContentBlocker.h"
 
 #include "json/json.h"
 #include "nsSerializationHelper.h"
@@ -499,21 +498,6 @@ BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
-  MOZ_ASSERT(NS_IsMainThread());
-  *aResult = false;
-
-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = GetURI(getter_AddRefs(uri));
-  if (NS_FAILED(rv) || !uri) {
-    return NS_OK;
-  }
-
-  *aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
   *flags = 0;

caps/BasePrincipal.h

@@ -133,7 +133,6 @@ class BasePrincipal : public nsJSPrincipals {
   NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override;
   NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
   NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
-  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
 
   nsresult ToJSON(nsACString& aJSON);
   static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);

caps/NullPrincipal.cpp

@@ -136,11 +136,6 @@ NullPrincipal::GetURI(nsIURI** aURI) {
   uri.forget(aURI);
   return NS_OK;
 }
-NS_IMETHODIMP
-NullPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
-  *aResult = false;
-  return NS_OK;
-}
 
 NS_IMETHODIMP
 NullPrincipal::GetDomain(nsIURI** aDomain) {

caps/NullPrincipal.h

@@ -51,7 +51,6 @@ class NullPrincipal final : public BasePrincipal {
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
   uint32_t GetHashValue() override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
-  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;

caps/SystemPrincipal.cpp

@@ -51,12 +51,6 @@ SystemPrincipal::GetURI(nsIURI** aURI) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-SystemPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
-  *aResult = true;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 SystemPrincipal::GetDomain(nsIURI** aDomain) {
   *aDomain = nullptr;

caps/SystemPrincipal.h

@@ -44,7 +44,6 @@ class SystemPrincipal final : public BasePrincipal {
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
-  NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
 
   virtual nsresult GetScriptLocation(nsACString& aStr) override;
 

caps/nsIPrincipal.idl

@@ -237,18 +237,6 @@ interface nsIPrincipal : nsISerializable
     */
     bool IsURIInPrefList(in string pref);
 
-    /**
-     * Implementation of
-     * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
-     *
-     * The value returned by this method feeds into the the Secure Context
-     * algorithm that determins the value of Window.isSecureContext and
-     * WorkerGlobalScope.isSecureContext.
-     *
-     * This method returns false instead of throwing upon errors.
-     */ 
-    readonly attribute bool IsOriginPotentiallyTrustworthy;
-
     /**
      * Returns the Flags of the Principals 
      * associated AboutModule, in case there is one.

dom/base/nsContentUtils.cpp

@@ -8891,9 +8891,18 @@ bool nsContentUtils::HttpsStateIsModern(Document* aDocument) {
 
   MOZ_ASSERT(principal->GetIsContentPrincipal());
 
-  bool isTrustworthyOrigin = false;
-  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
-  return isTrustworthyOrigin;
+  nsCOMPtr<nsIContentSecurityManager> csm =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  NS_WARNING_ASSERTION(csm, "csm is null");
+  if (csm) {
+    bool isTrustworthyOrigin = false;
+    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
+    if (isTrustworthyOrigin) {
+      return true;
+    }
+  }
+
+  return false;
 }
 
 /* static */
@@ -8923,9 +8932,15 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
     return false;
   }
 
-  bool isTrustworthyOrigin = false;
-  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
-  return isTrustworthyOrigin;
+  nsCOMPtr<nsIContentSecurityManager> csm =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  NS_WARNING_ASSERTION(csm, "csm is null");
+  if (csm) {
+    bool isTrustworthyOrigin = false;
+    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
+    return isTrustworthyOrigin;
+  }
+  return true;
 }
 
 /* static */

dom/base/nsGlobalWindowOuter.cpp

@@ -1693,9 +1693,18 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument,
     }
   }
 
-  bool isTrustworthyOrigin = false;
-  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
-  return isTrustworthyOrigin;
+  nsCOMPtr<nsIContentSecurityManager> csm =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  NS_WARNING_ASSERTION(csm, "csm is null");
+  if (csm) {
+    bool isTrustworthyOrigin = false;
+    csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
+    if (isTrustworthyOrigin) {
+      return true;
+    }
+  }
+
+  return false;
 }
 
 // We need certain special behavior for remote XUL whitelisted domains, but we

dom/interfaces/security/nsIContentSecurityManager.idl

@@ -42,4 +42,15 @@ interface nsIContentSecurityManager : nsISupports
    nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
                                           in nsIStreamListener aStreamListener);
 
+  /**
+   * Implementation of
+   * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+   *
+   * The value returned by this method feeds into the the Secure Context
+   * algorithm that determins the value of Window.isSecureContext and
+   * WorkerGlobalScope.isSecureContext.
+   *
+   * This method returns false instead of throwing upon errors.
+   */
+  boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
 };

dom/presentation/PresentationRequest.cpp

@@ -509,8 +509,14 @@ bool PresentationRequest::IsPrioriAuthenticatedURL(const nsAString& aUrl) {
     return false;
   }
 
+  nsCOMPtr<nsIContentSecurityManager> csm =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  if (NS_WARN_IF(!csm)) {
+    return false;
+  }
+
   bool isTrustworthyOrigin = false;
-  principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
+  csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
   return isTrustworthyOrigin;
 }
 

dom/security/nsContentSecurityManager.cpp

@@ -1051,3 +1051,30 @@ nsContentSecurityManager::PerformSecurityCheck(
   inAndOutListener.forget(outStreamListener);
   return NS_OK;
 }
+
+NS_IMETHODIMP
+nsContentSecurityManager::IsOriginPotentiallyTrustworthy(
+    nsIPrincipal* aPrincipal, bool* aIsTrustWorthy) {
+  MOZ_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+  NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
+
+  if (aPrincipal->IsSystemPrincipal()) {
+    *aIsTrustWorthy = true;
+    return NS_OK;
+  }
+  *aIsTrustWorthy = false;
+  if (aPrincipal->GetIsNullPrincipal()) {
+    return NS_OK;
+  }
+
+  MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(),
+             "Nobody is expected to call us with an nsIExpandedPrincipal");
+
+  nsCOMPtr<nsIURI> uri;
+  nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
+  NS_ENSURE_SUCCESS(rv, rv);
+  *aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
+
+  return NS_OK;
+}

dom/security/test/gtest/TestSecureContext.cpp

@@ -70,7 +70,8 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
     rv = nsScriptSecurityManager::GetScriptSecurityManager()
              ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
     bool isPotentiallyTrustworthy = false;
-    rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
+    rv = csManager->IsOriginPotentiallyTrustworthy(prin,
+                                                   &isPotentiallyTrustworthy);
     ASSERT_EQ(NS_OK, rv);
     ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
   }
@@ -81,10 +82,14 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal)
   RefPtr<nsScriptSecurityManager> ssManager =
       nsScriptSecurityManager::GetScriptSecurityManager();
   ASSERT_TRUE(!!ssManager);
+  nsCOMPtr<nsIContentSecurityManager> csManager =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  ASSERT_TRUE(!!csManager);
+
   nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
   bool isPotentiallyTrustworthy;
-  nsresult rv =
-      sysPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
+  nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
+      sysPrin, &isPotentiallyTrustworthy);
   ASSERT_EQ(rv, NS_OK);
   ASSERT_TRUE(isPotentiallyTrustworthy);
 }
@@ -94,12 +99,15 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal)
   RefPtr<nsScriptSecurityManager> ssManager =
       nsScriptSecurityManager::GetScriptSecurityManager();
   ASSERT_TRUE(!!ssManager);
+  nsCOMPtr<nsIContentSecurityManager> csManager =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+  ASSERT_TRUE(!!csManager);
 
   RefPtr<NullPrincipal> nullPrin =
       NullPrincipal::CreateWithoutOriginAttributes();
   bool isPotentiallyTrustworthy;
-  nsresult rv =
-      nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
+  nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
+      nullPrin, &isPotentiallyTrustworthy);
   ASSERT_EQ(rv, NS_OK);
   ASSERT_TRUE(!isPotentiallyTrustworthy);
 }

dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js

@@ -49,12 +49,18 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
   ]) {
     let uri = NetUtil.newURI(uriSpec);
     let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
-    Assert.equal(principal.IsOriginPotentiallyTrustworthy, expectedResult);
+    Assert.equal(
+      gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
+      expectedResult
+    );
   }
   // And now let's test whether .onion sites are properly treated when
   // whitelisted, see bug 1382359.
   Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
   let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
   let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
-  Assert.equal(principal.IsOriginPotentiallyTrustworthy, true);
+  Assert.equal(
+    gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
+    true
+  );
 });

toolkit/components/clearsitedata/ClearSiteData.cpp

@@ -162,8 +162,11 @@ void ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel) {
     return;
   }
 
+  nsCOMPtr<nsIContentSecurityManager> csm =
+      do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+
   bool secure;
-  rv = principal->GetIsOriginPotentiallyTrustworthy(&secure);
+  rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure);
   if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
     return;
   }

toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js

@@ -6,13 +6,16 @@
 
 add_task(
   function test_isOriginPotentiallyTrustworthnsIContentSecurityManagery() {
+    let contentSecManager = Cc[
+      "@mozilla.org/contentsecuritymanager;1"
+    ].getService(Ci.nsIContentSecurityManager);
     let uri = NetUtil.newURI("moz-extension://foobar/something.html");
     let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       {}
     );
     Assert.equal(
-      principal.IsOriginPotentiallyTrustworthy(),
+      contentSecManager.isOriginPotentiallyTrustworthy(principal),
       true,
       "it is potentially trustworthy"
     );