Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 19:04:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1658578 - Remove nsContentUtils::IsThirdPartyWindowOrChannel. r=timhuang

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D122272
This commit is contained in:
Paul Zuehlcke 2021-08-11 10:37:18 +00:00
parent 61aaa19c3c
commit 099c7a952f
12 changed files with 56 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dom/base/Document.cpp
View File

@ -15967,18 +15967,17 @@ void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
return;
}
// We want to ensure the following check works for both fission mode
// and non-fission mode:
// "If the opener is not a 3rd party and if this window is not a 3rd
// party with respect to the opener, we should not continue."
// We want to ensure the following check works for both fission mode and
// non-fission mode:
// "If the opener is not a 3rd party and if this window is not a 3rd party
// with respect to the opener, we should not continue."
//
// In non-fission mode, the opener and the opened window are in the same
// process, we can use nsContentUtils::IsThirdPartyWindowOrChannel to
// do the check.
// In fission mode, if this window is not a 3rd party with respect to
// the opener, they must be in the same process, so we can still use
// IsThirdPartyWindowOrChannel(openerInner) to continue to check if
// the opener is a 3rd party.
// process, we can use AntiTrackingUtils::IsThirdPartyWindow to do the check.
// In fission mode, if this window is not a 3rd party with respect to the
// opener, they must be in the same process, so we can still use
// IsThirdPartyWindow(openerInner) to continue to check if the opener is a 3rd
// party.
if (openerBC->IsInProcess()) {
nsCOMPtr<nsPIDOMWindowOuter> outerOpener = openerBC->GetDOMWindow();
if (NS_WARN_IF(!outerOpener)) {
@ -16003,10 +16002,8 @@ void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
// If the opener is not a 3rd party and if this window is not
// a 3rd party with respect to the opener, we should not continue.
if (!nsContentUtils::IsThirdPartyWindowOrChannel(inner, nullptr,
openerURI) &&
!nsContentUtils::IsThirdPartyWindowOrChannel(openerInner, nullptr,
nullptr)) {
if (!AntiTrackingUtils::IsThirdPartyWindow(inner, openerURI) &&
!AntiTrackingUtils::IsThirdPartyWindow(openerInner, nullptr)) {
return;
}
}

61
dom/base/nsContentUtils.cpp
View File

@ -8390,67 +8390,6 @@ bool nsContentUtils::IsNonSubresourceInternalPolicyType(
aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER;
}
// static public
bool nsContentUtils::IsThirdPartyWindowOrChannel(nsPIDOMWindowInner* aWindow,
nsIChannel* aChannel,
nsIURI* aURI) {
MOZ_ASSERT(!aWindow || !aChannel,
"A window and channel should not both be provided.");
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (!thirdPartyUtil) {
return false;
}
// In the absence of a window or channel, we assume that we are first-party.
bool thirdParty = false;
if (aWindow) {
nsresult rv = thirdPartyUtil->IsThirdPartyWindow(aWindow->GetOuterWindow(),
aURI, &thirdParty);
if (NS_FAILED(rv)) {
// Ideally we would do something similar to the channel code path here,
// but existing code depends on this behaviour.
return false;
}
}
if (aChannel) {
// Note, we must call IsThirdPartyChannel() here and not just try to
// use nsILoadInfo.isThirdPartyContext. That nsILoadInfo property only
// indicates if the parent loading window is third party or not. We
// want to check the channel URI against the loading principal as well.
nsresult rv =
thirdPartyUtil->IsThirdPartyChannel(aChannel, nullptr, &thirdParty);
if (NS_FAILED(rv)) {
// Assume third-party in case of failure
thirdParty = true;
}
// We check isThirdPartyWindow to expand the list of domains that are
// considered first party (e.g., if facebook.com includes an iframe from
// fatratgames.com, all subsources included in that iframe are considered
// third-party with isThirdPartyChannel, even if they are not third-party
// w.r.t. facebook.com), and isThirdPartyChannel to prevent top-level
// navigations from being detected as third-party.
bool isThirdPartyWindow = true;
nsCOMPtr<nsIHttpChannelInternal> chan = do_QueryInterface(aChannel, &rv);
if (NS_SUCCEEDED(rv) && chan) {
nsCOMPtr<nsIURI> topWinURI;
rv = chan->GetTopWindowURI(getter_AddRefs(topWinURI));
if (NS_SUCCEEDED(rv) && topWinURI) {
rv = thirdPartyUtil->IsThirdPartyURI(aURI, topWinURI,
&isThirdPartyWindow);
if (NS_SUCCEEDED(rv)) {
thirdParty = thirdParty && isThirdPartyWindow;
}
}
}
}
return thirdParty;
}
// static public
bool nsContentUtils::IsThirdPartyTrackingResourceWindow(
nsPIDOMWindowInner* aWindow) {

6
dom/base/nsContentUtils.h
View File

@ -2930,12 +2930,6 @@ class nsContentUtils {
static bool IsNonSubresourceInternalPolicyType(nsContentPolicyType aType);
public:
/*
* Returns true if this window/channel is a 3rd party context.
*/
static bool IsThirdPartyWindowOrChannel(nsPIDOMWindowInner* aWindow,
nsIChannel* aChannel, nsIURI* aURI);
/*
* Returns true if this window's channel has been marked as a third-party
* tracking resource.

2
dom/base/nsGlobalWindowOuter.cpp
View File

@ -7189,7 +7189,7 @@ void nsGlobalWindowOuter::MaybeAllowStorageForOpenedWindow(nsIURI* aURI) {
}
// No 3rd party URL/window.
if (!nsContentUtils::IsThirdPartyWindowOrChannel(inner, nullptr, aURI)) {
if (!AntiTrackingUtils::IsThirdPartyWindow(inner, aURI)) {
return;
}

5
image/ImageCacheKey.cpp
View File

@ -7,6 +7,7 @@
#include <utility>
#include "mozilla/AntiTrackingUtils.h"
#include "mozilla/ContentBlocking.h"
#include "mozilla/HashFunctions.h"
#include "mozilla/StorageAccess.h"
@ -137,8 +138,8 @@ nsCString ImageCacheKey::GetIsolationKey(Document* aDocument, nsIURI* aURI) {
// If the window is 3rd party resource, let's see if first-party storage
// access is granted for this image.
if (nsContentUtils::IsThirdPartyWindowOrChannel(aDocument->GetInnerWindow(),
nullptr, nullptr)) {
if (AntiTrackingUtils::IsThirdPartyWindow(aDocument->GetInnerWindow(),
nullptr)) {
uint32_t rejectedReason = 0;
Unused << rejectedReason;
return StorageDisabledByAntiTracking(aDocument, aURI, rejectedReason)

15
netwerk/cookie/CookieCommons.cpp
View File

@ -23,6 +23,7 @@
#include "nsIWebProgressListener.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "ThirdPartyUtil.h"
constexpr auto CONSOLE_SCHEMEFUL_CATEGORY = "cookieSchemeful"_ns;
@ -316,9 +317,17 @@ CookieStatus CookieStatusForWindow(nsPIDOMWindowInner* aWindow,
MOZ_ASSERT(aWindow);
MOZ_ASSERT(aDocumentURI);
if (!nsContentUtils::IsThirdPartyWindowOrChannel(aWindow, nullptr,
aDocumentURI)) {
return STATUS_ACCEPTED;
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (thirdPartyUtil) {
bool isThirdParty = true;
nsresult rv = thirdPartyUtil->IsThirdPartyWindow(
aWindow->GetOuterWindow(), aDocumentURI, &isThirdParty);
NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Third-party window check failed.");
if (NS_SUCCEEDED(rv) && !isThirdParty) {
return STATUS_ACCEPTED;
}
}
if (StaticPrefs::network_cookie_thirdparty_sessionOnly()) {

17
netwerk/cookie/CookieService.cpp
View File

@ -29,6 +29,7 @@
#include "nsIWebProgressListener.h"
#include "nsNetUtil.h"
#include "prprf.h"
#include "ThirdPartyUtil.h"
using namespace mozilla::dom;
@ -362,8 +363,12 @@ CookieService::GetCookieStringFromDocument(Document* aDocument,
// in gtests we don't have a window, let's consider those requests as 3rd
// party.
if (innerWindow) {
thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow,
nullptr, nullptr);
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (thirdPartyUtil) {
Unused << thirdPartyUtil->IsThirdPartyWindow(
innerWindow->GetOuterWindow(), nullptr, &thirdParty);
}
}
bool stale = false;
@ -509,8 +514,12 @@ CookieService::SetCookieStringFromDocument(Document* aDocument,
// in gtests we don't have a window, let's consider those requests as 3rd
// party.
if (innerWindow) {
thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow,
nullptr, nullptr);
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (thirdPartyUtil) {
Unused << thirdPartyUtil->IsThirdPartyWindow(
innerWindow->GetOuterWindow(), nullptr, &thirdParty);
}
}
if (thirdParty &&

16
netwerk/cookie/CookieServiceChild.cpp
View File

@ -366,8 +366,12 @@ CookieServiceChild::GetCookieStringFromDocument(Document* aDocument,
// in gtests we don't have a window, let's consider those requests as 3rd
// party.
if (innerWindow) {
thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow,
nullptr, nullptr);
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (thirdPartyUtil) {
Unused << thirdPartyUtil->IsThirdPartyWindow(
innerWindow->GetOuterWindow(), nullptr, &thirdParty);
}
}
bool isPotentiallyTrustworthy =
@ -464,8 +468,12 @@ CookieServiceChild::SetCookieStringFromDocument(
// in gtests we don't have a window, let's consider those requests as 3rd
// party.
if (innerWindow) {
thirdParty = nsContentUtils::IsThirdPartyWindowOrChannel(innerWindow,
nullptr, nullptr);
ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
if (thirdPartyUtil) {
Unused << thirdPartyUtil->IsThirdPartyWindow(
innerWindow->GetOuterWindow(), nullptr, &thirdParty);
}
}
if (thirdParty &&

4
netwerk/protocol/http/ClassifierDummyChannelChild.cpp
View File

@ -9,6 +9,7 @@
#include "mozilla/ipc/BackgroundUtils.h"
#include "mozilla/ipc/URIUtils.h"
#include "nsIURI.h"
#include "mozilla/AntiTrackingUtils.h"
namespace mozilla {
namespace net {
@ -44,8 +45,7 @@ bool ClassifierDummyChannelChild::Create(
return false;
}
bool isThirdParty =
nsContentUtils::IsThirdPartyWindowOrChannel(nullptr, aChannel, aURI);
bool isThirdParty = AntiTrackingUtils::IsThirdPartyChannel(aChannel);
static_cast<ClassifierDummyChannelChild*>(actor)->Initialize(
aChannel, aURI, isThirdParty, aCallback);

4
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -1342,8 +1342,8 @@ HttpTrafficCategory nsHttpChannel::CreateTrafficCategory() {
}
}
bool isThirdParty =
nsContentUtils::IsThirdPartyWindowOrChannel(nullptr, this, mURI);
bool isThirdParty = AntiTrackingUtils::IsThirdPartyChannel(this);
HttpTrafficAnalyzer::TrackingClassification tc;
{
uint32_t flags = isThirdParty ? mThirdPartyClassificationFlags

1
toolkit/components/antitracking/AntiTrackingUtils.cpp
View File

@ -617,7 +617,6 @@ bool AntiTrackingUtils::IsThirdPartyChannel(nsIChannel* aChannel) {
bool AntiTrackingUtils::IsThirdPartyWindow(nsPIDOMWindowInner* aWindow,
nsIURI* aURI) {
MOZ_ASSERT(aWindow);
MOZ_ASSERT(aURI);
// We assume that the window is foreign to the URI by default.
bool thirdParty = true;

15
toolkit/components/antitracking/ContentBlocking.cpp
View File

@ -989,21 +989,6 @@ bool ContentBlocking::ShouldAllowAccessFor(nsPIDOMWindowInner* aWindow,
blockedReason = nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN;
}
#ifdef DEBUG
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
components::ThirdPartyUtil::Service();
if (thirdPartyUtil) {
bool thirdParty = false;
nsresult rv = thirdPartyUtil->IsThirdPartyWindow(aWindow->GetOuterWindow(),
aURI, &thirdParty);
// The result of this assertion depends on whether IsThirdPartyWindow
// succeeds, because otherwise IsThirdPartyWindowOrChannel artificially
// fails.
MOZ_ASSERT_IF(NS_SUCCEEDED(rv), nsContentUtils::IsThirdPartyWindowOrChannel(
aWindow, nullptr, aURI) == thirdParty);
}
#endif
Document* doc = aWindow->GetExtantDoc();
// Make sure storage access isn't disabled
if (doc && (doc->StorageAccessSandboxed())) {