Bug 1975753 - Force site specific zoom when RFPTarget::SiteSpecificZoom is active. r=timhuang,tabbrowser-reviewers,dao

I wasn't around when RFPTarget::SiteSpecificZoom was implemented, but the current implementation is very confusing.

In Firefox, we have two modes of zoom level. Per tab zoom, and site specific zoom. It is controlled in two (maybe more) places. browser-fullZoom.js and in [CanonicalBrowsingContext.cpp](https://searchfox.org/mozilla-central/rev/ac81a39dfe0663eb40a34c7c36d89e34be29cb20/docshell/base/CanonicalBrowsingContext.cpp#285-289).

Our current implementation disables site specific zoom in `browser-fullZoom.js` by checking the RFP target, but it doesn't modify `CanonicalBrowsingContext.cpp`. So,`CanonicalBrowsingContext` still thinks we are using site specific zoom.

Pre-bug1914149 this method worked because we didn't keep/inherit zoom level across navigations. Post-bug1914149, it no longer works because we keep the zoom level across navigations in `CanonicalBrowsingContext` and let `browser-fullZoom.js` reset to its correct value back.

The issue is caused because `CanonicalBrowsingContext` keeps the previous page's zoom level, but `browser-fullZoom.js` thinks we use tab zoom mode, so it doesn't bother setting the zoom level for the site/page. So, we end up keeping the zoom level.

The solution here I'm suggesting is, doing the opposite of what we are doing in `browser-fullZoom.js`. So, now we should force SiteSpecificZoom with RFP. The reason I'm suggesting this is because within the same site, even acrss tabs, we persist cookies, so fingerprinting isn't much of concern here. We also don't persist zoom levels in private browsing. So, linking normal to PBM isn't a concern either.

So, in summary,
- If you open the same site, in 100 tabs, all of them will get the same zoom level with this patch (just like default normal Firefox)
- If you are in PBM, the zoom level is NOT persisted.
- If you are in normal browsing, the zoom level is persisted, but so are cookies.

Differential Revision: https://phabricator.services.mozilla.com/D257497

Author: FKLC

browser/components/resistfingerprinting/test/browser/browser.toml

@@ -58,7 +58,7 @@ support-files = [
 
 ["browser_block_mozAddonManager.js"]
 
-["browser_bug1369357_site_specific_zoom_level.js"]
+["browser_bug1975753_site_specific_zoom_level.js"]
 https_first_disabled = true
 
 ["browser_canvas_iframes.js"]

browser/components/resistfingerprinting/test/browser/browser_bug1369357_site_specific_zoom_level.js

@@ -0,0 +1,58 @@
+"use strict";
+
+const PATH_NET = TEST_PATH + "file_dummy.html";
+const PATH_ORG = PATH_NET.replace("example.net", "example.org");
+
+add_task(async function () {
+  let tab1, tab1Zoom;
+
+  tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, PATH_NET);
+  await FullZoom.setZoom(1.25, tab1.linkedBrowser);
+  tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser);
+
+  await new Promise(resolve => {
+    Services.clearData.deleteDataFromHost(
+      PATH_NET,
+      true /* user request */,
+      Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE,
+      _ => {
+        resolve();
+      }
+    );
+  });
+
+  is(
+    tab1Zoom,
+    1.25,
+    `privacy.resistFingerprinting is false, site-specific zoom should not be reset when clearing FPP state`
+  );
+
+  await SpecialPowers.pushPrefEnv({
+    set: [["privacy.resistFingerprinting", true]],
+  });
+
+  await new Promise(resolve => {
+    Services.clearData.deleteDataFromHost(
+      PATH_NET,
+      true /* user request */,
+      Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE,
+      _ => {
+        resolve();
+      }
+    );
+  });
+
+  tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser);
+
+  is(
+    tab1Zoom,
+    1.0,
+    "privacy.resistFingerprinting is true, site-specific zoom should be reset when clearing FPP state for tab1"
+  );
+
+  await FullZoom.reset();
+
+  BrowserTestUtils.removeTab(tab1);
+
+  await SpecialPowers.popPrefEnv();
+});

browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js

@@ -236,7 +236,7 @@ var FullZoom = {
     // to the new location.
     this._ignorePendingZoomAccesses(browser);
 
-    if (!aURI || (aIsTabSwitch && !this._isSiteSpecific(browser))) {
+    if (!aURI || (aIsTabSwitch && !this.siteSpecific)) {
       this._notifyOnLocationChange(browser);
       return;
     }
@@ -530,13 +530,13 @@ var FullZoom = {
     if (
       !aBrowser.mInitialized ||
       aBrowser.isSyntheticDocument ||
-      (!this._isSiteSpecific(aBrowser) && aBrowser.tabHasCustomZoom)
+      (!this.siteSpecific && aBrowser.tabHasCustomZoom)
     ) {
       this._executeSoon(aCallback);
       return;
     }
 
-    if (aValue !== undefined && this._isSiteSpecific(aBrowser)) {
+    if (aValue !== undefined && this.siteSpecific) {
       ZoomManager.setZoomForBrowser(aBrowser, this._ensureValid(aValue));
       this._ignorePendingZoomAccesses(aBrowser);
       this._executeSoon(aCallback);
@@ -563,11 +563,11 @@ var FullZoom = {
    * @param browser  The zoom of this browser will be saved.  Required.
    */
   _applyZoomToPref: function FullZoom__applyZoomToPref(browser) {
-    if (!this._isSiteSpecific(browser) || browser.isSyntheticDocument) {
+    if (!this.siteSpecific || browser.isSyntheticDocument) {
       // If site-specific zoom is disabled, we have called this function
       // to adjust our tab's zoom level. It is now considered "custom"
       // and we mark that here.
-      browser.tabHasCustomZoom = !this._isSiteSpecific(browser);
+      browser.tabHasCustomZoom = !this.siteSpecific;
       return null;
     }
 
@@ -697,23 +697,6 @@ var FullZoom = {
     return aValue;
   },
 
-  // Whether to remember the site specific zoom level for this browser.
-  // This returns false when `browser.zoom.siteSpecific` is false or
-  // the browser has content loaded that should resist fingerprinting.
-  _isSiteSpecific(aBrowser) {
-    if (!this.siteSpecific) {
-      return false;
-    }
-    return (
-      !aBrowser?.browsingContext?.topWindowContext.shouldResistFingerprinting ||
-      !ChromeUtils.shouldResistFingerprinting(
-        "SiteSpecificZoom",
-        aBrowser?.browsingContext?.topWindowContext
-          .overriddenFingerprintingSettings
-      )
-    );
-  },
-
   /**
    * Gets the load context from the given Browser.
    *

browser/components/tabbrowser/content/browser-fullZoom.js

@@ -416,32 +416,114 @@ const CookieBannerExecutedRecordCleaner = {
 
 // A cleaner for cleaning fingerprinting protection states.
 const FingerprintingProtectionStateCleaner = {
+  async _maybeClearSiteSpecificZoom(
+    deleteAll,
+    aSchemelessSite,
+    aOriginAttributes = {}
+  ) {
+    if (
+      !ChromeUtils.shouldResistFingerprinting("SiteSpecificZoom", null, true)
+    ) {
+      return;
+    }
+
+    const cps2 = Cc["@mozilla.org/content-pref/service;1"].getService(
+      Ci.nsIContentPrefService2
+    );
+    const ZOOM_PREF_NAME = "browser.content.full-zoom";
+
+    await new Promise((aResolve, aReject) => {
+      if (deleteAll) {
+        cps2.removeByName(ZOOM_PREF_NAME, null, {
+          handleCompletion: aReason => {
+            if (aReason === cps2.COMPLETE_ERROR) {
+              aReject();
+            } else {
+              aResolve();
+            }
+          },
+        });
+      } else {
+        aOriginAttributes =
+          ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes);
+
+        let loadContext;
+        if (
+          aOriginAttributes.privateBrowsingId ==
+          Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID
+        ) {
+          loadContext = Cu.createLoadContext();
+        } else {
+          loadContext = Cu.createPrivateLoadContext();
+        }
+
+        cps2.removeBySubdomainAndName(
+          aSchemelessSite,
+          ZOOM_PREF_NAME,
+          loadContext,
+          {
+            handleCompletion: aReason => {
+              if (aReason === cps2.COMPLETE_ERROR) {
+                aReject();
+              } else {
+                aResolve();
+              }
+            },
+          }
+        );
+      }
+    });
+  },
+
   async deleteAll() {
     Services.rfp.cleanAllRandomKeys();
+
+    await this._maybeClearSiteSpecificZoom(true);
   },
 
   async deleteByPrincipal(aPrincipal) {
     Services.rfp.cleanRandomKeyByPrincipal(aPrincipal);
+
+    await this._maybeClearSiteSpecificZoom(
+      false,
+      aPrincipal.host,
+      aPrincipal.originAttributes
+    );
   },
 
   async deleteBySite(aSchemelessSite, aOriginAttributesPattern) {
     Services.rfp.cleanRandomKeyBySite(
       aSchemelessSite,
       aOriginAttributesPattern
     );
+
+    await this._maybeClearSiteSpecificZoom(
+      false,
+      aSchemelessSite,
+      aOriginAttributesPattern
+    );
   },
 
   async deleteByHost(aHost, aOriginAttributesPattern) {
     Services.rfp.cleanRandomKeyByHost(
       aHost,
       JSON.stringify(aOriginAttributesPattern)
     );
+
+    await this._maybeClearSiteSpecificZoom(
+      false,
+      aHost,
+      aOriginAttributesPattern
+    );
   },
 
   async deleteByOriginAttributes(aOriginAttributesString) {
     Services.rfp.cleanRandomKeyByOriginAttributesPattern(
       aOriginAttributesString
     );
+
+    // For deleteByOriginAttributes, we only receive userContextId which is not enough to target specific
+    // site-specific zooms. So we don't clear site-specific zooms here.
   },
 };