Skip to content

Commit

Permalink
Bug 21569: Add first-party domain to Permissions key
Browse files Browse the repository at this point in the history
  • Loading branch information
@arthuredelstein
arthuredelstein committed May 8, 2017
1 parent 58d186d commit 7a8a74e
Show file tree
Hide file tree
Showing 7 changed files with 50 additions and 40 deletions.
1 change: 1 addition & 0 deletions browser/components/originattributes/test/browser/browser.ini
View file
Expand Up @@ -70,3 +70,4 @@ support-files =
[browser_clientAuth.js]
[browser_cacheAPI.js]
[browser_permissions.js]
[browser_permissions_isolation.js]
46 changes: 46 additions & 0 deletions browser/components/originattributes/test/browser/browser_permissions_isolation.js
View file
@@ -0,0 +1,46 @@
/**
* Tor Bug 21569 - A test case for permissions isolation.
*/

const TEST_PAGE = "http://mochi.test:8888/browser/browser/components/" +
"originattributes/test/browser/file_firstPartyBasic.html";

function* init() {
let permPromise = TestUtils.topicObserved("perm-changed");
Services.perms.removeAll();
info("called removeAll");
yield permPromise;
info("cleared permissions for new test");
}

// Define the testing function
function* doTest(aBrowser) {
// Promise will result when permissions popup appears:
let popupShowPromise = BrowserTestUtils.waitForEvent(PopupNotifications.panel, "popupshown");
let originalStatus = yield ContentTask.spawn(aBrowser, null, function* (key) {
let status = (yield content.navigator.permissions.query({name: "notifications"})).state;
content.Notification.requestPermission();
return status;
});
info(`originalStatus: '${originalStatus}'`);
if (originalStatus === "prompt") {
// Wait for the popup requesting permission to show notifications:
yield popupShowPromise;
let popupHidePromise = BrowserTestUtils.waitForEvent(PopupNotifications.panel, "popuphidden");
let popupNotification = PopupNotifications.panel.childNodes[0];
// Click to grant permission:
popupNotification.button.click();
// Wait for popup to hide again.
yield popupHidePromise;
}
return originalStatus;
}

add_task(function* () {
yield SpecialPowers.pushPrefEnv({
set: [["dom.webnotifications.enabled", true]]
});
IsolationTestTools.runTests(TEST_PAGE, doTest,
(isolated, val1, val2) => (isolated === ( val2 === "prompt")),
init, true);
});
24 changes: 0 additions & 24 deletions caps/BasePrincipal.cpp
View file
Expand Up @@ -60,13 +60,6 @@ PrincipalOriginAttributes::InheritFromNecko(const NeckoOriginAttributes& aAttrs)
mFirstPartyDomain = aAttrs.mFirstPartyDomain;
}

void
PrincipalOriginAttributes::StripUserContextIdAndFirstPartyDomain()
{
mUserContextId = nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
mFirstPartyDomain.Truncate();
}

void
DocShellOriginAttributes::InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs)
{
Expand Down Expand Up @@ -727,23 +720,6 @@ BasePrincipal::CreateCodebasePrincipal(const nsACString& aOrigin)
return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
}

already_AddRefed<BasePrincipal>
BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain()
{
PrincipalOriginAttributes attrs = OriginAttributesRef();
attrs.StripUserContextIdAndFirstPartyDomain();

nsAutoCString originNoSuffix;
nsresult rv = GetOriginNoSuffix(originNoSuffix);
NS_ENSURE_SUCCESS(rv, nullptr);

nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
NS_ENSURE_SUCCESS(rv, nullptr);

return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
}

bool
BasePrincipal::AddonAllowsLoad(nsIURI* aURI)
{
Expand Down
4 changes: 0 additions & 4 deletions caps/BasePrincipal.h
View file
Expand Up @@ -107,8 +107,6 @@ class PrincipalOriginAttributes : public OriginAttributes

// Inherit OriginAttributes from Necko.
void InheritFromNecko(const NeckoOriginAttributes& aAttrs);

void StripUserContextIdAndFirstPartyDomain();
};

// For OriginAttributes stored on docshells / loadcontexts / browsing contexts.
Expand Down Expand Up @@ -311,8 +309,6 @@ class BasePrincipal : public nsJSPrincipals

virtual PrincipalKind Kind() = 0;

already_AddRefed<BasePrincipal> CloneStrippingUserContextIdAndFirstPartyDomain();

protected:
virtual ~BasePrincipal();

Expand Down
2 changes: 1 addition & 1 deletion dom/permission/PermissionStatus.cpp
View file
Expand Up @@ -107,7 +107,7 @@ PermissionStatus::GetPrincipal() const
}

nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::Cast(doc->NodePrincipal())->CloneStrippingUserContextIdAndFirstPartyDomain();
mozilla::BasePrincipal::Cast(doc->NodePrincipal());
NS_ENSURE_TRUE(principal, nullptr);

return principal.forget();
Expand Down
4 changes: 2 additions & 2 deletions extensions/cookie/nsPermission.cpp
View file
Expand Up @@ -36,7 +36,7 @@ nsPermission::Create(nsIPrincipal* aPrincipal,
{
NS_ENSURE_TRUE(aPrincipal, nullptr);
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::Cast(aPrincipal)->CloneStrippingUserContextIdAndFirstPartyDomain();
mozilla::BasePrincipal::Cast(aPrincipal);

NS_ENSURE_TRUE(principal, nullptr);

Expand Down Expand Up @@ -90,7 +90,7 @@ nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches)
*aMatches = false;

nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::Cast(aPrincipal)->CloneStrippingUserContextIdAndFirstPartyDomain();
mozilla::BasePrincipal::Cast(aPrincipal);

if (!principal) {
*aMatches = false;
Expand Down
9 changes: 0 additions & 9 deletions extensions/cookie/nsPermissionManager.cpp
View file
Expand Up @@ -122,9 +122,6 @@ GetOriginFromPrincipal(nsIPrincipal* aPrincipal, nsACString& aOrigin)
// any knowledge of private browsing. Allowing it to be true changes the suffix being hashed.
attrs.mPrivateBrowsingId = 0;

// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();

attrs.CreateSuffix(suffix);
aOrigin.Append(suffix);
return NS_OK;
Expand All @@ -139,9 +136,6 @@ GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal)
return NS_ERROR_FAILURE;
}

// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();

nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
NS_ENSURE_SUCCESS(rv, rv);
Expand Down Expand Up @@ -2201,9 +2195,6 @@ nsPermissionManager::GetPermissionHashKey(nsIPrincipal* aPrincipal,
mozilla::PrincipalOriginAttributes attrs =
mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();

// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();

nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);

Expand Down

0 comments on commit 7a8a74e

Please sign in to comment.