diff --git a/browser/modules/PermissionUI.jsm b/browser/modules/PermissionUI.jsm index dbf2aefa6654..11f32f13184a 100644 --- a/browser/modules/PermissionUI.jsm +++ b/browser/modules/PermissionUI.jsm @@ -363,10 +363,8 @@ var PermissionPromptPrototype = { this.permissionKey, promptAction.action, scope); - } else if (promptAction.action == SitePermissions.BLOCK || - SitePermissions.permitTemporaryAllow(this.permissionKey)) { - // Temporarily store BLOCK permissions only unless permission object - // sets permitTemporaryAllow: true + } else if (promptAction.action == SitePermissions.BLOCK) { + // Temporarily store BLOCK permissions only // SitePermissions does not consider subframes when storing temporary // permissions on a tab, thus storing ALLOW could be exploited. SitePermissions.set(this.principal.URI, diff --git a/browser/modules/SitePermissions.jsm b/browser/modules/SitePermissions.jsm index 6063c4015e1b..5f2a976219a3 100644 --- a/browser/modules/SitePermissions.jsm +++ b/browser/modules/SitePermissions.jsm @@ -400,23 +400,6 @@ var SitePermissions = { return this._defaultPrefBranch.getIntPref(permissionID, this.UNKNOWN); }, - /* - * Return whether SitePermissions is permitted to store a TEMPORARY ALLOW - * state for a particular permission. - * - * @param {string} permissionID - * The ID to get the state for. - * - * @return boolean Whether storing TEMPORARY ALLOW is permitted. - */ - permitTemporaryAllow(permissionID) { - if (permissionID in gPermissionObject && - gPermissionObject[permissionID].permitTemporaryAllow) - return gPermissionObject[permissionID].permitTemporaryAllow; - - return false; - }, - /** * Returns the state and scope of a particular permission for a given URI. * @@ -522,7 +505,7 @@ var SitePermissions = { // If you ever consider removing this line, you likely want to implement // a more fine-grained TemporaryPermissions that temporarily blocks for the // entire browser, but temporarily allows only for specific frames. - if (state != this.BLOCK && !this.permitTemporaryAllow(permissionID)) { + if (state != this.BLOCK) { throw "'Block' is the only permission we can save temporarily on a browser"; } @@ -712,7 +695,6 @@ var gPermissionObject = { "autoplay-media": { exactHostMatch: true, - permitTemporaryAllow: true, getDefault() { let state = Services.prefs.getIntPref("media.autoplay.default", Ci.nsIAutoplay.BLOCKED); diff --git a/browser/modules/test/browser/browser_SitePermissions.js b/browser/modules/test/browser/browser_SitePermissions.js index 21c981cab78b..94121c622682 100644 --- a/browser/modules/test/browser/browser_SitePermissions.js +++ b/browser/modules/test/browser/browser_SitePermissions.js @@ -19,32 +19,6 @@ add_task(async function testTempAllowThrows() { }); }); -// Tests that we can set TEMPORARY ALLOW permissions for autoplay-media -add_task(async function testTempAutoplayAllowed() { - Services.prefs.setIntPref("media.autoplay.default", 2); - - let uri = Services.io.newURI("https://example.com"); - let permId = "autoplay-media"; - - let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, uri.spec); - - SitePermissions.set(uri, permId, SitePermissions.ALLOW, - SitePermissions.SCOPE_TEMPORARY, tab.linkedBrowser); - - let permissions = SitePermissions.getAllPermissionDetailsForBrowser(tab.linkedBrowser); - - let autoplay = permissions.find(({id}) => id === "autoplay-media"); - Assert.deepEqual(autoplay, { - id: "autoplay-media", - label: "Automatically Play Media with Sound", - state: SitePermissions.ALLOW, - scope: SitePermissions.SCOPE_TEMPORARY, - }); - - Services.prefs.clearUserPref("media.autoplay.default"); - BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - // This tests the SitePermissions.getAllPermissionDetailsForBrowser function. add_task(async function testGetAllPermissionDetailsForBrowser() { let uri = Services.io.newURI("https://example.com");