Attempting to get the siteOrigin for a URI of something like "https://.mozilla.org"
was returning NS_ERROR_ILLEGAL_VALUE, which caused breakage in parts of the browser
UI when trying to initialize a window to point at that URI.
It looks like the NS_ERROR_ILLEGAL_VALUE stuff was added back in bug 1491728 as
part of an effort to better handle some IPv6 stuff. I tested the STR in bug 1491728
for the original bug, and I cannot reproduce the issue even witht his change.
nika suggested that instead of returning NS_ERROR_ILLEGAL_VALUE for this form of
URI, we return the same value as `nsIPrincipal.origin`.
Differential Revision: https://phabricator.services.mozilla.com/D142493
Apparently the esc_NonASCIIOnly and esc_Forced flags to NS_EscapeURL are
incompatible, meaning that the escaping and unescaping code was not
handling existing escape sequences properly. This patch adds an explicit
gtest to make sure sequences round-trip correctly, and switches
serialization to use `esc_Query | esc_Forced` instead, which may escape
more aggressively than required but should work correctly.
Differential Revision: https://phabricator.services.mozilla.com/D142111
This patch is meant to be a proposed short run fix to prevent ApplyAddonContentScriptCSP
from leaking the ExpandedPrincipal and nsCSPContext instance because they keep a reference
to each other.
This patch prevent that leak by creating a clone of the ExpandedPrincipal and then use
that cloned instance in the call to nsCSPContext::SetRequestContextWithPrincipal.
Once Bug 1548468 will move the CSP off the ExpandedPrincipal class, cloning the expanded
principal to prevent that leak should not be necessary anymore.
Differential Revision: https://phabricator.services.mozilla.com/D132144
The URL query stripping doesn't want the URLParams::Serialize() to
encode the result because it will encode the unstripped parameters. This
will change the unstripped parameters once stripping was happened.
Therefore, we introduce an parameter to URLParams::Serialize() to
disable encoding.
Differential Revision: https://phabricator.services.mozilla.com/D131964
We need a helper function for checking principal if it's in the foreign
allow list.
In this patch we will add a BasePrincipal::IsURIInList() because this is
needed for RejectForeignAllowList::Check().
Differential Revision: https://phabricator.services.mozilla.com/D123804
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
For every cookie permission check CookieJarSettings::CookiePermission has to create a new principal.
This is slow. It uses a cloned principal so it can strip the origin attributes which should not be
used for the permission check.
With this patch we no longer need to clone the principal. We pass in the original principal and perform
the OA stripping on an OA copy in BasePrincipal::EqualsForPermission.
Before, EqualsForPermission was guaranteed to get a content principal, because ClonePrincipalForPermission
enforced it. BasePrincipal::EqualsForPermission was refactored to account for non content principals.
Differential Revision: https://phabricator.services.mozilla.com/D120834
These test various ways of loading documents which will end up with null
principals, and verify that they are loaded with the expected precursor URI.
Depends on D119693
Differential Revision: https://phabricator.services.mozilla.com/D119694
This change stores a generated nsID directly on the LoadInfo, rather
than the full SandboxedLoadingPrincipal. This allows for the sandboxed
principal to be constructed from GetChannelResultPrincipal using the
unsandboxed result principal as a precursor, rather than the loading
principal.
The nsID is reset by HttpChannelBase whenever a non-internal redirect
occurs to reduce the chance of multiple null result principals during a
redirect with the same nsID, but different precursors.
Depends on D119692
Differential Revision: https://phabricator.services.mozilla.com/D119693
This provides a getter which can be used to interact with the precursor
attribute of the null principal.
Depends on D119691
Differential Revision: https://phabricator.services.mozilla.com/D119692
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given
a content principal by CreateContentPrincipal. This patch changes the
algorithm for creating result principals for network requests such that
the null principal created in this situation has a precursor principal
tracked on it.
Depends on D119689
Differential Revision: https://phabricator.services.mozilla.com/D119690
This method will be the primary way to track the precursor for a null
principal, and will automatically handle tracking precursors in some common
cases.
While sandboxed principals are created with `CreateWithInheritedAttributes`,
they unfortunately currently use the wrong precursor principal, which will be
fixed in a later part.
Depends on D119688
Differential Revision: https://phabricator.services.mozilla.com/D119689
This patch only adds the machinery for tracking a precursor origin to the
principal, and does not actually track the precursor origin in any situations.
That is done in follow-up patches.
Differential Revision: https://phabricator.services.mozilla.com/D119688
This is slightly complicated by the fact that the editor code wants to be able
to set this from the content process, so we really need separate
BrowsingContext and WindowContext flags, the latter of which can be set by the
owning process.
Differential Revision: https://phabricator.services.mozilla.com/D114899
Mark Banner
Nika Layzell
june wilde
Cosmin Sabou
Mike Conley
Leslie Orellana
Bobby Holley
Emilio Cobos Álvarez
Kershaw Chang
Christian Holler
Luca Greco
Tim Huang
Niklas Goegge
Kagami Sascha Rosylight
Evgenia Kotovich
Noemi Erli
Alexandru Michis
Andrew McCreight
Andi-Bogdan Postelnicu
André Bargull
Paul Zuehlcke
Christoph Kerschbaumer
Iulian Moraru
Tom Schuster
Stefan Zabka
Shane Caraveo
Valentin Gosu
Kris Maglione
Andreas Farre