Backed out 2 changesets (bug 1560741) for mochitest failures at test_permission_isHandlingUserInput.xul. CLOSED TREE

Backed out changeset c08aa2078829 (bug 1560741)
Backed out changeset 9dc1d39d2786 (bug 1560741)

browser/components/BrowserGlue.jsm

@@ -3965,6 +3965,16 @@ ContentPermissionPrompt.prototype = {
     }
     schemeHistogram.add(type, scheme);
 
+    // request.element should be the browser element in e10s.
+    if (request.element && request.element.contentPrincipal) {
+      let thirdPartyHistogram = Services.telemetry.getKeyedHistogramById(
+        "PERMISSION_REQUEST_THIRD_PARTY_ORIGIN"
+      );
+      let isThirdParty =
+        request.principal.origin != request.element.contentPrincipal.origin;
+      thirdPartyHistogram.add(type, isThirdParty);
+    }
+
     let userInputHistogram = Services.telemetry.getKeyedHistogramById(
       "PERMISSION_REQUEST_HANDLING_USER_INPUT"
     );

browser/modules/webrtcUI.jsm

@@ -1152,6 +1152,9 @@ function prompt(aBrowser, aRequest) {
   let schemeHistogram = Services.telemetry.getKeyedHistogramById(
     "PERMISSION_REQUEST_ORIGIN_SCHEME"
   );
+  let thirdPartyHistogram = Services.telemetry.getKeyedHistogramById(
+    "PERMISSION_REQUEST_THIRD_PARTY_ORIGIN"
+  );
   let userInputHistogram = Services.telemetry.getKeyedHistogramById(
     "PERMISSION_REQUEST_HANDLING_USER_INPUT"
   );
@@ -1171,6 +1174,7 @@ function prompt(aBrowser, aRequest) {
     requestType = requestType.toLowerCase();
 
     schemeHistogram.add(requestType, scheme);
+    thirdPartyHistogram.add(requestType, aRequest.isThirdPartyOrigin);
     userInputHistogram.add(requestType, aRequest.isHandlingUserInput);
   }
 }

dom/locales/en-US/chrome/dom/dom.properties

@@ -324,7 +324,6 @@ LargeAllocationNotOnlyToplevelInTabGroup=A Large-Allocation header was ignored d
 LargeAllocationNonE10S=A Large-Allocation header was ignored due to the document not being loaded out of process.
 GeolocationInsecureRequestIsForbidden=A Geolocation request can only be fulfilled in a secure context.
 NotificationsInsecureRequestIsForbidden=The Notification permission may only be requested in a secure context.
-NotificationsCrossOriginIframeRequestIsForbidden=The Notification permission may only be requested in a top-level document or same-origin iframe.
 NotificationsRequireUserGesture=The Notification permission may only be requested from inside a short running user-generated event handler.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name.
 LargeAllocationNonWin32=This page would be loaded in a new process due to a Large-Allocation header, however Large-Allocation process creation is disabled on non-Win32 platforms.

dom/notification/Notification.cpp

@@ -470,9 +470,7 @@ NS_IMPL_QUERY_INTERFACE_CYCLE_COLLECTION_INHERITED(
 
 NS_IMETHODIMP
 NotificationPermissionRequest::Run() {
-  bool isSystem = nsContentUtils::IsSystemPrincipal(mPrincipal);
-  bool blocked = false;
-  if (isSystem) {
+  if (nsContentUtils::IsSystemPrincipal(mPrincipal)) {
     mPermission = NotificationPermission::Granted;
   } else {
     // File are automatically granted permission.
@@ -484,7 +482,6 @@ NotificationPermissionRequest::Run() {
     } else if (!StaticPrefs::dom_webnotifications_allowinsecure() &&
                !mWindow->IsSecureContext()) {
       mPermission = NotificationPermission::Denied;
-      blocked = true;
       nsCOMPtr<Document> doc = mWindow->GetExtantDoc();
       if (doc) {
         nsContentUtils::ReportToConsole(
@@ -512,22 +509,6 @@ NotificationPermissionRequest::Run() {
       break;
   }
 
-  // Check this after checking the prompt prefs to make sure this pref overrides
-  // those.  We rely on this for testing purposes.
-  if (!isSystem && !blocked &&
-      !StaticPrefs::dom_webnotifications_allowcrossoriginiframe() &&
-      !mPrincipal->Subsumes(mTopLevelPrincipal)) {
-    mPermission = NotificationPermission::Denied;
-    blocked = true;
-    nsCOMPtr<Document> doc = mWindow->GetExtantDoc();
-    if (doc) {
-      nsContentUtils::ReportToConsole(
-          nsIScriptError::errorFlag, NS_LITERAL_CSTRING("DOM"), doc,
-          nsContentUtils::eDOM_PROPERTIES,
-          "NotificationsCrossOriginIframeRequestIsForbidden");
-    }
-  }
-
   if (mPermission != NotificationPermission::Default) {
     return DispatchResolvePromise();
   }

dom/notification/test/mochitest/blank.html

@@ -1,4 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <body></body>
-</html>

dom/notification/test/mochitest/mochitest.ini

@@ -1,14 +1,12 @@
 [DEFAULT]
 
 support-files =
-  blank.html
   create_notification.html
   MockServices.js
   NotificationTest.js
 skip-if = toolkit == 'android' && !is_fennec # Bug 1531097
 
 [test_notification_basics.html]
-[test_notification_crossorigin_iframe.html]
 # This test needs to be run on HTTP (not HTTPS).
 [test_notification_insecure_context.html]
 [test_notification_storage.html]

dom/notification/test/mochitest/test_notification_crossorigin_iframe.html

@@ -1,52 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Tests that Notification permissions are denied in cross-origin iframes.
-https://bugzilla.mozilla.org/show_bug.cgi?id=1560741
--->
-<head>
-  <title>Notification permission in cross-origin iframes</title>
-  <script src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-  <p id="display"></p>
-  <div id="content" style="display: none">
-  </div>
-  <pre id="test">
-  <script class="testbody" type="text/javascript">
-  SimpleTest.waitForExplicitFinish();
-
-  const kBlankURL = "https://example.com/tests/dom/notification/test/mochitest/blank.html";
-
-  (async function runTest() {
-    await SpecialPowers.setBoolPref("notification.prompt.testing", true);
-    await SpecialPowers.setBoolPref("notification.prompt.testing.allow", true);
-    await SpecialPowers.setBoolPref("dom.webnotifications.allowinsecure", true);
-
-    let iframe = document.createElement("iframe");
-    iframe.src = kBlankURL;
-    document.body.appendChild(iframe);
-    await new Promise(resolve => {
-      iframe.onload = resolve;
-    });
-
-    const Notif = SpecialPowers.wrap(iframe.contentWindow).Notification;
-    let response = await Notif.requestPermission();
-    is(response, "denied", "Denied permission in cross-origin iframe");
-
-    await SpecialPowers.pushPrefEnv({"set": [["dom.webnotifications.allowcrossoriginiframe", true]]});
-
-    response = await Notif.requestPermission();
-    is(response, "granted", "Granted permission in cross-origin iframe with pref set");
-
-    await SpecialPowers.clearUserPref("notification.prompt.testing");
-    await SpecialPowers.clearUserPref("notification.prompt.testing.allow");
-    await SpecialPowers.clearUserPref("dom.webnotifications.allowinsecure");
-
-    SimpleTest.finish();
-  })();
-  </script>
-  </pre>
-</body>
-</html>

modules/libpref/init/StaticPrefList.yaml

@@ -2337,11 +2337,6 @@
   value: false
   mirror: always
 
-- name: dom.webnotifications.allowcrossoriginiframe
-  type: RelaxedAtomicBool
-  value: false
-  mirror: always
-
 - name: dom.webnotifications.enabled
   type: RelaxedAtomicBool
   value: true

toolkit/components/telemetry/Histograms.json

@@ -15177,6 +15177,16 @@
     "keyed": true,
     "description": "Permission requests (showing a permission prompt) by origin scheme (0=other,1=http,2=https)."
   },
+  "PERMISSION_REQUEST_THIRD_PARTY_ORIGIN": {
+    "record_in_processes": ["main"],
+    "products": ["firefox", "fennec", "geckoview"],
+    "alert_emails": ["jhofmann@mozilla.com"],
+    "bug_numbers": [1345077, 1494589],
+    "expires_in_version": "70",
+    "kind": "boolean",
+    "keyed": true,
+    "description": "Permission requests (showing a permission prompt) by whether they come from a third party origin."
+  },
   "PERMISSION_REQUEST_HANDLING_USER_INPUT": {
     "record_in_processes": ["main"],
     "products": ["firefox", "fennec", "geckoview"],