mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1539595 - Reject FXA messages if they don't come from the correct type of process r=rfkelly 

Differential Revision: https://phabricator.services.mozilla.com/D30277

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Tom Ritter 2019-05-28 14:09:08 +00:00
Родитель 21a98d921b
Коммит f94a4bdb87
2 изменённых файлов: 24 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
browser/base/content/test/sync/browser_fxa_web_channel.js
Просмотреть файл

@ -191,8 +191,14 @@ function makeObserver(aObserveTopic, aObserveFunc) {
return removeMe; return removeMe;
} }
registerCleanupFunction(function() {
Services.prefs.clearUserPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess");
});
function test() { function test() {
waitForExplicitFinish(); waitForExplicitFinish();
Services.prefs.setBoolPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false);
(async function() { (async function() {
for (let testCase of gTests) { for (let testCase of gTests) {

18
services/fxaccounts/FxAccountsWebChannel.jsm
Просмотреть файл

@ -33,6 +33,14 @@ ChromeUtils.defineModuleGetter(this, "FxAccountsPairingFlow",
"resource://gre/modules/FxAccountsPairing.jsm"); "resource://gre/modules/FxAccountsPairing.jsm");
XPCOMUtils.defineLazyPreferenceGetter(this, "pairingEnabled", XPCOMUtils.defineLazyPreferenceGetter(this, "pairingEnabled",
"identity.fxaccounts.pairing.enabled"); "identity.fxaccounts.pairing.enabled");
XPCOMUtils.defineLazyPreferenceGetter(this, "separatePrivilegedMozillaWebContentProcess",
"browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false);
XPCOMUtils.defineLazyPreferenceGetter(this, "separatedMozillaDomains",
"browser.tabs.remote.separatedMozillaDomains", false,
false, val => val.split(","));
XPCOMUtils.defineLazyPreferenceGetter(this, "accountServer",
"identity.fxaccounts.remote.root", false, false,
val => Services.io.newURI(val));
// These engines were added years after Sync had been introduced, they need // These engines were added years after Sync had been introduced, they need
// special handling since they are system add-ons and are un-available on // special handling since they are system add-ons and are un-available on
@ -142,6 +150,16 @@ this.FxAccountsWebChannel.prototype = {
_receiveMessage(message, sendingContext) { _receiveMessage(message, sendingContext) {
const {command, data} = message; const {command, data} = message;
let shouldCheckRemoteType = separatePrivilegedMozillaWebContentProcess &&
separatedMozillaDomains.some(function(val) {
return accountServer.asciiHost == val || accountServer.asciiHost.endsWith("." + val);
});
if (shouldCheckRemoteType &&
sendingContext.browser.remoteType != "privilegedmozilla") {
log.error("Rejected FxA webchannel message from remoteType = " + sendingContext.browser.remoteType);
return;
}
switch (command) { switch (command) {
case COMMAND_PROFILE_CHANGE: case COMMAND_PROFILE_CHANGE:
Services.obs.notifyObservers(null, ON_PROFILE_CHANGE_NOTIFICATION, data.uid); Services.obs.notifyObservers(null, ON_PROFILE_CHANGE_NOTIFICATION, data.uid);