Bug 22343: Make 'Save Page As' obey first-party isolation

arthuredelstein · Jun 12, 2017 · 3968bf6 · 3968bf6
1 parent dda0385
commit 3968bf6
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 10 deletions.
diff --git a/embedding/browser/nsWebBrowser.cpp b/embedding/browser/nsWebBrowser.cpp
@@ -985,6 +985,18 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsWebBrowser::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsWebBrowser::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
 NS_IMETHODIMP
 nsWebBrowser::SaveURI(nsIURI* aURI,
                       nsISupports* aCacheKey,

diff --git a/embedding/components/webbrowserpersist/nsIWebBrowserPersist.idl b/embedding/components/webbrowserpersist/nsIWebBrowserPersist.idl
@@ -13,6 +13,7 @@ interface nsIWebProgressListener;
 interface nsIFile;
 interface nsIChannel;
 interface nsILoadContext;
+interface nsIPrincipal;
 
 /**
  * Interface for persisting DOM documents and URIs to local or remote storage.
@@ -111,6 +112,8 @@ interface nsIWebBrowserPersist : nsICancelable
    */
   attribute nsIWebProgressListener progressListener;
 
+  attribute nsIPrincipal loadingPrincipal;
+
   /**
    * Save the specified URI to file.
    *

diff --git a/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp b/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp
@@ -274,6 +274,7 @@ const char *kWebBrowserPersistStringBundle =
 nsWebBrowserPersist::nsWebBrowserPersist() :
     mCurrentDataPathIsRelative(false),
     mCurrentThingsToPersist(0),
+    mLoadingPrincipal(nsContentUtils::GetSystemPrincipal()),
     mFirstAndOnlyUse(true),
     mSavingDocument(false),
     mCancel(false),
@@ -410,6 +411,19 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener(
     return NS_OK;
 }
 
+NS_IMETHODIMP nsWebBrowserPersist::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
+{
+    *loadingPrincipal = mLoadingPrincipal;
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsWebBrowserPersist::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
+{
+    mLoadingPrincipal = loadingPrincipal ? loadingPrincipal :
+        nsContentUtils::GetSystemPrincipal();
+    return NS_OK;
+}
+
 NS_IMETHODIMP nsWebBrowserPersist::SaveURI(
     nsIURI *aURI, nsISupports *aCacheKey,
     nsIURI *aReferrer, uint32_t aReferrerPolicy,
@@ -1352,7 +1366,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
     nsCOMPtr<nsIChannel> inputChannel;
     rv = NS_NewChannel(getter_AddRefs(inputChannel),
                        aURI,
-                       nsContentUtils::GetSystemPrincipal(),
+                       mLoadingPrincipal,
                        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                        nsIContentPolicy::TYPE_OTHER,
                        nullptr,  // aLoadGroup
@@ -2696,7 +2710,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel)
 
     rv = NS_NewChannel(aChannel,
                        aURI,
-                       nsContentUtils::GetSystemPrincipal(),
+                       mLoadingPrincipal,
                        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                        nsIContentPolicy::TYPE_OTHER);
     NS_ENSURE_SUCCESS(rv, rv);

diff --git a/embedding/components/webbrowserpersist/nsWebBrowserPersist.h b/embedding/components/webbrowserpersist/nsWebBrowserPersist.h
@@ -146,6 +146,8 @@ class nsWebBrowserPersist final : public nsIInterfaceRequestor,
     nsCOMPtr<nsIMIMEService>  mMIMEService;
     nsCOMPtr<nsIURI>          mURI;
     nsCOMPtr<nsIWebProgressListener> mProgressListener;
+    nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
+
     /**
      * Progress listener for 64-bit values; this is the same object as
      * mProgressListener, but is a member to avoid having to qi it for each

diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp
@@ -118,8 +118,6 @@ GetLoadContextInfo(nsIChannel * aChannel)
 {
   nsresult rv;
 
-  DebugOnly<bool> pb = NS_UsePrivateBrowsing(aChannel);
-
   bool anon = false;
   nsLoadFlags loadFlags;
   rv = aChannel->GetLoadFlags(&loadFlags);
@@ -129,7 +127,21 @@ GetLoadContextInfo(nsIChannel * aChannel)
 
   NeckoOriginAttributes oa;
   NS_GetOriginAttributes(aChannel, oa);
-  MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
+
+#ifdef DEBUG
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+  if (loadInfo) {
+    nsCOMPtr<nsIPrincipal> principal = loadInfo->LoadingPrincipal();
+    if (principal) {
+      bool chrome;
+      principal->GetIsSystemPrincipal(&chrome);
+      if (!chrome) {
+        bool pb = NS_UsePrivateBrowsing(aChannel);
+        MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
+      }
+    }
+  }
+#endif
 
   return new LoadContextInfo(anon, oa);
 }

diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js
@@ -182,7 +182,7 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
 
   internalSave(aURL, null, aFileName, aContentDisp, aContentType,
                aShouldBypassCache, aFilePickerTitleKey, null, aReferrer,
-               null, aSkipPrompt, null, aIsContentWindowPrivate);
+               null, aSkipPrompt, null, undefined, aIsContentWindowPrivate);
 }
 
 // This is like saveDocument, but takes any browser/frame-like element
@@ -199,7 +199,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID=0)
   let stack = Components.stack.caller;
   persistable.startPersistence(aOuterWindowID, {
     onDocumentReady: function (document) {
-      saveDocument(document, aSkipPrompt);
+      saveDocument(document, aSkipPrompt, aBrowser.contentPrincipal);
     },
     onError: function (status) {
       throw new Components.Exception("saveBrowser failed asynchronously in startPersistence",
@@ -215,7 +215,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID=0)
 // case "save as" modes that serialize the document's DOM are
 // unavailable.  This is a temporary measure for the "Save Frame As"
 // command (bug 1141337) and pre-e10s add-ons.
-function saveDocument(aDocument, aSkipPrompt)
+function saveDocument(aDocument, aSkipPrompt, aContentPrincipal)
 {
   const Ci = Components.interfaces;
 
@@ -273,7 +273,7 @@ function saveDocument(aDocument, aSkipPrompt)
   internalSave(aDocument.documentURI, aDocument, null, contentDisposition,
                aDocument.contentType, false, null, null,
                aDocument.referrer ? makeURI(aDocument.referrer) : null,
-               aDocument, aSkipPrompt, cacheKey);
+               aDocument, aSkipPrompt, cacheKey, undefined, aContentPrincipal);
 }
 
 function DownloadListener(win, transfer) {
@@ -388,7 +388,7 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text);
 function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
                       aContentType, aShouldBypassCache, aFilePickerTitleKey,
                       aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt,
-                      aCacheKey, aIsContentWindowPrivate)
+                      aCacheKey, aIsContentWindowPrivate, aContentPrincipal)
 {
   forbidCPOW(aURL, "internalSave", "aURL");
   forbidCPOW(aReferrer, "internalSave", "aReferrer");
@@ -477,6 +477,7 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
       sourcePostData    : nonCPOWDocument ? getPostData(aDocument) : null,
       bypassCache       : aShouldBypassCache,
       isPrivate         : isPrivate,
+      loadingPrincipal  : aContentPrincipal,
     };
 
     // Start the actual save process
@@ -518,6 +519,8 @@ function internalPersist(persistArgs)
 {
   var persist = makeWebBrowserPersist();
 
+  persist.loadingPrincipal = persistArgs.loadingPrincipal;
+
   // Calculate persist flags.
   const nsIWBP = Components.interfaces.nsIWebBrowserPersist;
   const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES |