Bug 1590032 - Propagate the first party domain when creating new browser in Fission. r=smaug

In this patch, we add the propagation of the first party domain through the tabContext while creating OOP browsers. In the window.open() case, we will propagate the first party domain from the opener's browser parent. And in the frame case, we will propagate it from the manager of the browserBridgeParent of the OOP frame. Differential Revision: https://phabricator.services.mozilla.com/D49886 --HG-- extra : moz-landing-system : lando
2025-02-27 04:38:02 +00:00 · 2019-10-24 08:51:06 +00:00 · 2019-10-24 08:51:06 +00:00 · 336cd10b0e
commit 336cd10b0e
parent 2ea88f4ba9
9 changed files with 67 additions and 7 deletions
--- a/caps/OriginAttributes.cpp
+++ b/caps/OriginAttributes.cpp
@ -104,6 +104,11 @@ void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,

 void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
                                           const nsACString& aDomain) {
+  SetFirstPartyDomain(aIsTopLevelDocument, NS_ConvertUTF8toUTF16(aDomain));
+}
+
+void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
+                                           const nsAString& aDomain) {
  bool isFirstPartyEnabled = IsFirstPartyEnabled();

  // If the pref is off or this is not a top level load, bail out.
@ -111,7 +116,7 @@ void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
    return;
  }

-  mFirstPartyDomain = NS_ConvertUTF8toUTF16(aDomain);
+  mFirstPartyDomain = aDomain;
 }

 void OriginAttributes::CreateSuffix(nsACString& aStr) const {
--- a/caps/OriginAttributes.h
+++ b/caps/OriginAttributes.h
@ -29,6 +29,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
                           bool aForced = false);
  void SetFirstPartyDomain(const bool aIsTopLevelDocument,
                           const nsACString& aDomain);
+  void SetFirstPartyDomain(const bool aIsTopLevelDocument,
+                           const nsAString& aDomain);

  enum {
    STRIP_FIRST_PARTY_DOMAIN = 0x01,
--- a/docshell/base/CanonicalBrowsingContext.cpp
+++ b/docshell/base/CanonicalBrowsingContext.cpp
@ -309,10 +309,16 @@ void CanonicalBrowsingContext::PendingRemotenessChange::Complete(

  // FIXME: We should get the correct principal for the to-be-created window so
  // we can avoid creating unnecessary extra windows in the new process.
+  OriginAttributes attrs = embedderBrowser->OriginAttributesRef();
+  RefPtr<nsIPrincipal> principal = embedderBrowser->GetContentPrincipal();
+  if (principal) {
+    attrs.SetFirstPartyDomain(
+        true, principal->OriginAttributesRef().mFirstPartyDomain);
+  }
+
  nsCOMPtr<nsIPrincipal> initialPrincipal =
-      NullPrincipal::CreateWithInheritedAttributes(
-          embedderBrowser->OriginAttributesRef(),
-          /* isFirstParty */ false);
+      NullPrincipal::CreateWithInheritedAttributes(attrs,
+                                                   /* isFirstParty */ false);
  WindowGlobalInit windowInit =
      WindowGlobalActor::AboutBlankInitializer(target, initialPrincipal);

--- a/dom/base/nsFrameLoader.cpp
+++ b/dom/base/nsFrameLoader.cpp
@ -2524,9 +2524,11 @@ bool nsFrameLoader::TryRemoteBrowserInternal() {
  }

  RefPtr<ContentParent> openerContentParent;
+  RefPtr<nsIPrincipal> openerContentPrincipal;
  RefPtr<BrowserParent> sameTabGroupAs;
  if (auto* host = BrowserHost::GetFrom(parentDocShell->GetOpener())) {
    openerContentParent = host->GetContentParent();
+    openerContentPrincipal = host->GetActor()->GetContentPrincipal();
  }

  // <iframe mozbrowser> gets to skip these checks.
@ -2604,6 +2606,12 @@ bool nsFrameLoader::TryRemoteBrowserInternal() {
  nsresult rv = GetNewTabContext(&context);
  NS_ENSURE_SUCCESS(rv, false);

+  // We need to propagate the first party domain if the opener is presented.
+  if (openerContentPrincipal) {
+    context.SetFirstPartyDomainAttributes(
+        openerContentPrincipal->OriginAttributesRef().mFirstPartyDomain);
+  }
+
  uint64_t nextRemoteTabId = 0;
  if (mOwnerContent) {
    nsAutoString nextBrowserParentIdAttr;
--- a/dom/ipc/BrowserBridgeParent.cpp
+++ b/dom/ipc/BrowserBridgeParent.cpp
@ -34,11 +34,19 @@ nsresult BrowserBridgeParent::InitWithProcess(
      aWindowInit.browsingContext()->Canonical();

  // We can inherit most TabContext fields for the new BrowserParent actor from
-  // our Manager BrowserParent.
+  // our Manager BrowserParent. We also need to sync the first party domain if
+  // the content principal exists.
  MutableTabContext tabContext;
+  OriginAttributes attrs;
+  attrs = Manager()->OriginAttributesRef();
+  RefPtr<nsIPrincipal> principal = Manager()->GetContentPrincipal();
+  if (principal) {
+    attrs.SetFirstPartyDomain(
+        true, principal->OriginAttributesRef().mFirstPartyDomain);
+  }
+
  tabContext.SetTabContext(false, Manager()->ChromeOuterWindowID(),
-                           Manager()->ShowFocusRings(),
-                           Manager()->OriginAttributesRef(), aPresentationURL,
+                           Manager()->ShowFocusRings(), attrs, aPresentationURL,
                           Manager()->GetMaxTouchPoints());

  // Ensure that our content process is subscribed to our newly created
--- a/dom/ipc/BrowserParent.cpp
+++ b/dom/ipc/BrowserParent.cpp
@ -492,6 +492,20 @@ ShowInfo BrowserParent::GetShowInfo() {
                  mDefaultScale.scale);
 }

+already_AddRefed<nsIPrincipal> BrowserParent::GetContentPrincipal() const {
+  nsCOMPtr<nsIBrowser> browser =
+      mFrameElement ? mFrameElement->AsBrowser() : nullptr;
+  NS_ENSURE_TRUE(browser, nullptr);
+
+  RefPtr<nsIPrincipal> principal;
+
+  nsresult rv;
+  rv = browser->GetContentPrincipal(getter_AddRefs(principal));
+  NS_ENSURE_SUCCESS(rv, nullptr);
+
+  return principal.forget();
+}
+
 void BrowserParent::SetOwnerElement(Element* aElement) {
  // If we held previous content then unregister for its events.
  RemoveWindowListeners();
--- a/dom/ipc/BrowserParent.h
+++ b/dom/ipc/BrowserParent.h
@ -192,6 +192,9 @@ class BrowserParent final : public PBrowserParent,

  ShowInfo GetShowInfo();

+  // Get the content principal from the owner element.
+  already_AddRefed<nsIPrincipal> GetContentPrincipal() const;
+
  /**
   * Let managees query if Destroy() is already called so they don't send out
   * messages when the PBrowser actor is being destroyed.
--- a/dom/ipc/TabContext.cpp
+++ b/dom/ipc/TabContext.cpp
@ -51,6 +51,11 @@ void TabContext::SetPrivateBrowsingAttributes(bool aIsPrivateBrowsing) {
  mOriginAttributes.SyncAttributesWithPrivateBrowsing(aIsPrivateBrowsing);
 }

+void TabContext::SetFirstPartyDomainAttributes(
+    const nsAString& aFirstPartyDomain) {
+  mOriginAttributes.SetFirstPartyDomain(true, aFirstPartyDomain);
+}
+
 bool TabContext::UpdateTabContextAfterSwap(const TabContext& aContext) {
  // This is only used after already initialized.
  MOZ_ASSERT(mInitialized);
--- a/dom/ipc/TabContext.h
+++ b/dom/ipc/TabContext.h
@ -97,6 +97,11 @@ class TabContext {
   */
  void SetPrivateBrowsingAttributes(bool aIsPrivateBrowsing);

+  /**
+   * Set the first party domain of the tab context's origin attributes.
+   */
+  void SetFirstPartyDomainAttributes(const nsAString& aFirstPartyDomain);
+
  bool SetTabContext(bool aIsMozBrowserElement, uint64_t aChromeOuterWindowID,
                     UIStateChangeType aShowFocusRings,
                     const OriginAttributes& aOriginAttributes,
@ -194,6 +199,10 @@ class MutableTabContext : public TabContext {
  bool SetTabContextForJSPluginFrame(uint32_t aJSPluginID) {
    return TabContext::SetTabContextForJSPluginFrame(aJSPluginID);
  }
+
+  void SetFirstPartyDomainAttributes(const nsAString& aFirstPartyDomain) {
+    TabContext::SetFirstPartyDomainAttributes(aFirstPartyDomain);
+  }
 };

 /**