These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
Before this change, all XPIDL constants were declared using an anonymous
`enum` rather than using a static constant. This change makes the
generated code more consistent with what is done in languages like Rust.
Some small changes were needed due to signed/unsigned comparison
warnings which were previously silent.
Differential Revision: https://phabricator.services.mozilla.com/D143090
Given that we only support samesite lax/strict/none in our storage schema,
it's useful to introduce a default value, as required by the spec.
However, that would it hard to distinguish between none/lax when we switch
the default.
So, instead of doing that we use the peculiarities of our current schema
to our advantage: There's a "sameSite" attribute and a "rawSameSite"
attribute, where the latter is the literal value we received from the
server. With this patch, we'll interpret the "sameSite" attribute
based on the laxByDefault pref. This also has the advantage that various
front-end code (e.g., in DevTools) is always reading the "sameSite"
value of nsICookies.
Differential Revision: https://phabricator.services.mozilla.com/D137460
This patch implements that the referrer protection can be disabled by
the ETP toggle. When ETP is toggled off, it will stop the protection for
iframe and sub-resource loads. Also, it will stop the protection for a
loading to a site that has ETP disabled.
This patch also makes
CookieJarSettings::UpdateIsOnContentBlockingAllowList() be more
efficient when calling it multiple times.
Differential Revision: https://phabricator.services.mozilla.com/D142249
Given that we only support samesite lax/strict/none in our storage schema,
it's useful to introduce a default value, as required by the spec.
However, that would it hard to distinguish between none/lax when we switch
the default.
So, instead of doing that we use the peculiarities of our current schema
to our advantage: There's a "sameSite" attribute and a "rawSameSite"
attribute, where the latter is the literal value we received from the
server. With this patch, we'll interpret the "sameSite" attribute
based on the laxByDefault pref. This also has the advantage that various
front-end code (e.g., in DevTools) is always reading the "sameSite"
value of nsICookies.
Differential Revision: https://phabricator.services.mozilla.com/D137460
This removes a part of the erroneous scheme-comparison and the logging
that was implemented in those functions. The tests for that logging were
also removed.
Differential Revision: https://phabricator.services.mozilla.com/D136229
Firefox background tasks use a new temporary profile directory for
every invocation. We would like to write as little data as possible
into the temporary profile directory in this mode. This patch allows
to make the persistent cookie storage discard cookies just like
private cookie storage.
This approach simply uses that the base `CookieStorage` class is close
to sufficient already. There may be a performance impact with more
virtual invocations, but none of these functions seem likely to be
hot.
Differential Revision: https://phabricator.services.mozilla.com/D139910
This removes a part of the erroneous scheme-comparison and the logging
that was implemented in those functions. The tests for that logging were
also removed.
Differential Revision: https://phabricator.services.mozilla.com/D136229
-Wshadow warnings are not enabled globally, so these -Wno-shadow suppressions have no effect. I had intended to enable -Wshadow globally along with these suppressions in some directories (in bug 1272513), but that was blocked by other issues.
There are too many -Wshadow warnings (now over 2000) to realistically fix them all. We should remove all these unnecessary -Wno-shadow flags cluttering many moz.build files.
Differential Revision: https://phabricator.services.mozilla.com/D132289
We used to use the principal URL for the partitionKey in
ServiceWorkerPrivateImpl. This is correct if the ServiceWorker only
works in first-party context. But, it isn't correct in third-party
context.
To fix that, we can directly use the foreign paritioned principal from
the ServiceWorkerPrivate to get the partitionKey in third-party context.
For the first-party context, we can still use the original approach to
get the partitionKey.
Differential Revision: https://phabricator.services.mozilla.com/D128733
Add a test to validate behavior on non-tracking first-party requests
Add tests to ensure we don't say we are granting storage access to third parties with cookiePolicies that forbid it
Add check near the top of Document::HasStorageAccess to immediately return false when cookiePolicy is REJECT.
Add check near the top of Document::RequestStorageAccess to reject when cookiePolicy is REJECT.
Add check in Document::RequestStorageAccess to reject when the cookie policy forbids third party cookies
Note, BEHAVIOR_LIMIT_FOREIGN is treated like BEHAVIOR_REJECT_FOREIGN, just like in ContentBlocking::ShouldAllowAccessFor
Add comparable checks to the priveleged version of RequestStorageAccess
This also resolves Bug 1661152
Differential Revision: https://phabricator.services.mozilla.com/D129278
Add a test to validate behavior on non-tracking first-party requests
Add tests to ensure we don't say we are granting storage access to third parties with cookiePolicies that forbid it
Add check near the top of Document::HasStorageAccess to immediately return false when cookiePolicy is REJECT.
Add check near the top of Document::RequestStorageAccess to reject when cookiePolicy is REJECT.
Add check in Document::RequestStorageAccess to reject when the cookie policy forbids third party cookies
Note, BEHAVIOR_LIMIT_FOREIGN is treated like BEHAVIOR_REJECT_FOREIGN, just like in ContentBlocking::ShouldAllowAccessFor
Add comparable checks to the priveleged version of RequestStorageAccess
This also resolves Bug 1661152
Differential Revision: https://phabricator.services.mozilla.com/D129278
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
For every cookie permission check CookieJarSettings::CookiePermission has to create a new principal.
This is slow. It uses a cloned principal so it can strip the origin attributes which should not be
used for the permission check.
With this patch we no longer need to clone the principal. We pass in the original principal and perform
the OA stripping on an OA copy in BasePrincipal::EqualsForPermission.
Before, EqualsForPermission was guaranteed to get a content principal, because ClonePrincipalForPermission
enforced it. BasePrincipal::EqualsForPermission was refactored to account for non content principals.
Differential Revision: https://phabricator.services.mozilla.com/D120834
This changeset is the result of adding modernize-use-default-member-init to
tools/clang-tidy/config.yaml then proceeding to run
`./mach static-analysis check netwerk/ --fix`
I then went through the resulting fix and manually updated all of the member
variables which were missed due to them having a non-trivial constructor.
Note that the tool was only run on Linux, so code that only runs on some
platforms may have been missed.
The member variables that are still initialized in the contructor definition
are:
- bitfields (not all currently supported compilers allow default-member-init
- variables that are initialized via a parameter
- variables that use code not visible in the header file
There are a few advantages to landing this change:
- fewer lines of code - now declaration is in the same place as initialization
this also makes it easier to see when looking at the header.
- it makes it harder to miss initializing a member when adding a new contructor
- variables that depend on an include guard look much nicer now
Additionally I removed some unnecessary reinitialization of NetAddr members
(it has a constructor that does that now), and changed nsWifiScannerDBus to
use the thread-safe strtok_r instead of strtok.
Differential Revision: https://phabricator.services.mozilla.com/D116980
This changeset is the result of adding modernize-use-default-member-init to
tools/clang-tidy/config.yaml then proceeding to run
`./mach static-analysis check netwerk/ --fix`
I then went through the resulting fix and manually updated all of the member
variables which were missed due to them having a non-trivial constructor.
Note that the tool was only run on Linux, so code that only runs on some
platforms may have been missed.
The member variables that are still initialized in the contructor definition
are:
- bitfields (not all currently supported compilers allow default-member-init
- variables that are initialized via a parameter
- variables that use code not visible in the header file
There are a few advantages to landing this change:
- fewer lines of code - now declaration is in the same place as initialization
this also makes it easier to see when looking at the header.
- it makes it harder to miss initializing a member when adding a new contructor
- variables that depend on an include guard look much nicer now
Additionally I removed some unnecessary reinitialization of NetAddr members
(it has a constructor that does that now), and changed nsWifiScannerDBus to
use the thread-safe strtok_r instead of strtok.
Differential Revision: https://phabricator.services.mozilla.com/D116980
If the user has a non-default regular cookieBehavior, we will make the
private cookieBehavior getter to return the regular pref to mirror the
cookieBehavior in ETP custom mode.
In addition, we don't need to do the pref migration because if the user
has a non-default cookieBehavior, it will directly mirror to the private
cookieBehavior pref so that the cookieBehavior is consistent for private
mode.
Differential Revision: https://phabricator.services.mozilla.com/D111002
This patch adds a method `initwithURI` to nsICookieJarSetting in order
to allow JS code to be able to set the paritionKey of the
CookieJarSettings.
This is needed for web extension for creating and setting the
cookieJarSettings for the download resource.
Differential Revision: https://phabricator.services.mozilla.com/D109759
This patch updates the call-sites of CookieJarSettings::Create() in both
LoadInfo.cpp, nsHttpChannel.cpp and CookieCommons.cpp.
Differential Revision: https://phabricator.services.mozilla.com/D109048
This patch modifies the current CookieJarSettings::Create() function.
It removes the current function and adds two variants. One takes the
nsIPrincipal as input and another takes the enum value. The new
functions will test if the input is for the private browsing window to
create the corresponding cookieJarSettings.
Differential Revision: https://phabricator.services.mozilla.com/D109045
The new method is mandatory because mozStorageTransaction constructor no longer
starts the transaction. It must be started explicitely.
All consumers have been adjusted, but only dom/quota, dom/indexedDB, dom/cache,
dom/localstorage and dom/storage handle the error. Other components like
netwerk/cache, netwerk/cookie and toolkit/components currently only warn on
failure to start a transaction. Bug 1696129, 1696130 and 1696133 have been
filed for proper handling of transaction start failures in those components.
Differential Revision: https://phabricator.services.mozilla.com/D106893
It should be called "Get" rather than "Lookup" because it returns
UserDataType. "Add" is called "Insert" in the other methods.
Differential Revision: https://phabricator.services.mozilla.com/D105470
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
With these changes, on my Linux analysis with ClangBuildAnalyzer, the
top two expensive headers, DOMTypes.h and TabMessageUtils.h are no longer
among the 30 most expensive headers.
Differential Revision: https://phabricator.services.mozilla.com/D82935
We also need to propagate the IsOnContentBlockingAllowList to the script
generated document. For this kind of document, it won't have the
CookieJarSettings at the first place. It will generate its
CookieJarSettings when someone requests it. And we need to propagate the
flag when generating the CookieJarSettings in this case. Or the script
generated document will have a wrong IsOnContentBlockingAllowList flag.
Differential Revision: https://phabricator.services.mozilla.com/D81727
Tom Schuster
Hannah Peuckmann
Mark Banner
Norisz Fay
Tom Schuster
Benjamin VanderSloot
Marian-Vasile Laza
Molnar Sandor
Sebastian Hengst
Cristian Tuns
Thomas Wisniewski
Butkovits Atila
Nika Layzell
Frederik Braun
Tim Huang
Gijs Kruitbosch
Csoregi Natalia
Nick Alexander
Randell Jesup
Noemi Erli
Jari Jalkanen
Haiyang Xu
Christoph Kerschbaumer
Chris Peterson
Niklas Goegge
Alexandru Michis
Johann Hofmann
Evgenia Kotovich
Valentin Gosu
Cosmin Sabou
Florian Quèze
Andi-Bogdan Postelnicu
Paul Zuehlcke
Kashav Madan
Simon Giesecke
Jan Varga
Kershaw Chang
Masatoshi Kimura
Narcis Beleuzu
Dorel Luca
Steven Englehardt
Kartik Gautam
Ricky Stewart
Bogdan Tara
Andrea Marchesini
Honza Bambas
Liang-Heng Chen