This patch adds the following components:
- nsICookieBannerService: Main service singleton managing the rules and initiating other components.
It's exposed via Services.cookieBanners and can be configured via the cookiebanners.* prefs.
To enable it set "cookiebanners.service.mode" to 1 or 2 and restart the browser.
- nsCookieInjector: Looks up rules and injects cookies for matching top level loads.
- nsICookieBannerListService: Imports and updates the cookie banner rules.
- nsICookieBannerRule: Rules for a given domain.
- nsICookieRule: Part of nsICookieBannerRule. Holds cookie specific rules.
Depends on D153641
Differential Revision: https://phabricator.services.mozilla.com/D153642
- Move ShouldRFP(char*), ShouldRFP(docshell), ShouldRFP(Document)
below some utility code.
- Now that we know we should check the CookieJarSettings, using
ShouldRFP(nsIPrincipal) is dangerous. We mark it as dangerous
and annotate the existing uses of it.
- At the same time, an nsILoadInfo has the CookieJarSettings we
want to check, so create a ShouldRFP(nsILoadInfo) that checks
it and cascades to the (marked-dangerous-but-not-dangerous-for-
this-call) principal function.
- We also correct a situation where WorkerLoadInfo does not
initialize the shouldRFP member.
Differential Revision: https://phabricator.services.mozilla.com/D150591
CookieJarSettings frequently gets populated in a place
where we have ready access to the Document/Channel it
is being constructed for. This lets us populate the boolean
and pass it into CookieJarSetting's constructor easily.
When it is created for LoadInfo, we need to plumb the URI
through by adding it to LoadInfo::CreateForDocument.
Differential Revision: https://phabricator.services.mozilla.com/D150588
Before we took a very simplistic view to domain-based RFP
exemptions - if the loading principal said an exempted
domain, you were exempted.
This did not intelligently take into account iframes. In
particular, if a non-exempted domain framed an exempted
domain, the exempted domain's iframe would be exempted.
It probably should not. This is debatable, but at this
point in time after consultation with Tor we are going
to take the approach described in the comments in
CookieJarSettings.h
Notably this is creating a gap when it comes to nested
iframes. If an exempted domain iframes a non-exempted
domain, which in turn iframes an exempted domain - the
innermost iframe will be exempted even though its parent
is not. This is not ideal, once a document is non-
exempted, all children should be non-exempted. But this
is especially difficult to implement with the facilities
easily available to us, so we leave this corner case for
another day.
Differential Revision: https://phabricator.services.mozilla.com/D150587
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
Before this change, all XPIDL constants were declared using an anonymous
`enum` rather than using a static constant. This change makes the
generated code more consistent with what is done in languages like Rust.
Some small changes were needed due to signed/unsigned comparison
warnings which were previously silent.
Differential Revision: https://phabricator.services.mozilla.com/D143090
Given that we only support samesite lax/strict/none in our storage schema,
it's useful to introduce a default value, as required by the spec.
However, that would it hard to distinguish between none/lax when we switch
the default.
So, instead of doing that we use the peculiarities of our current schema
to our advantage: There's a "sameSite" attribute and a "rawSameSite"
attribute, where the latter is the literal value we received from the
server. With this patch, we'll interpret the "sameSite" attribute
based on the laxByDefault pref. This also has the advantage that various
front-end code (e.g., in DevTools) is always reading the "sameSite"
value of nsICookies.
Differential Revision: https://phabricator.services.mozilla.com/D137460
This patch implements that the referrer protection can be disabled by
the ETP toggle. When ETP is toggled off, it will stop the protection for
iframe and sub-resource loads. Also, it will stop the protection for a
loading to a site that has ETP disabled.
This patch also makes
CookieJarSettings::UpdateIsOnContentBlockingAllowList() be more
efficient when calling it multiple times.
Differential Revision: https://phabricator.services.mozilla.com/D142249
Nika Layzell
Valentin Gosu
edgul
Paul Zuehlcke
edguloien
Mark Banner
Tooru Fujisawa
Tom Ritter
Thomas Wisniewski
Cristian Tuns
Kagami Sascha Rosylight
Norisz Fay
Cosmin Sabou
Andreea Pavel
Tom Schuster
Hannah Peuckmann
Tom Schuster
Benjamin VanderSloot
Marian-Vasile Laza
Molnar Sandor
Sebastian Hengst
Butkovits Atila
Frederik Braun
Tim Huang
Gijs Kruitbosch