Bug 1848783, part 5 - Move UsingStorageAccess onto the WindowContext to fix the storage access check for resource reuqests within subdocuments without active storage access but with permission r=timhuang,nika

Differential Revision: https://phabricator.services.mozilla.com/D187138
2024-11-24 05:11:16 +00:00 · 2023-09-19 21:03:08 +00:00 · 2023-09-19 21:03:08 +00:00 · 4297663528
commit 4297663528
parent e83a883573
8 changed files with 44 additions and 26 deletions
--- a/docshell/base/WindowContext.cpp
+++ b/docshell/base/WindowContext.cpp
@ -228,6 +228,12 @@ bool WindowContext::CanSet(FieldIndex<IDX_IsThirdPartyTrackingResourceWindow>,
  return CheckOnlyOwningProcessCanSet(aSource);
 }
 bool WindowContext::CanSet(FieldIndex<IDX_UsingStorageAccess>,
                           const bool& aUsingStorageAccess,
                           ContentParent* aSource) {
  return CheckOnlyOwningProcessCanSet(aSource);
 }
 bool WindowContext::CanSet(FieldIndex<IDX_ShouldResistFingerprinting>,
                           const bool& aShouldResistFingerprinting,
                           ContentParent* aSource) {
--- a/docshell/base/WindowContext.h
+++ b/docshell/base/WindowContext.h
@ -51,6 +51,9 @@ class BrowsingContextGroup;
  /* Whether this window's channel has been marked as a third-party      \
   * tracking resource */                                                \
  FIELD(IsThirdPartyTrackingResourceWindow, bool)                        \
  /* Whether this window is using its unpartitioned cookies due to       \
   * the Storage Access API */                                           \
  FIELD(UsingStorageAccess, bool)                                        \
  FIELD(ShouldResistFingerprinting, bool)                                \
  FIELD(IsSecureContext, bool)                                           \
  FIELD(IsOriginalFrameSource, bool)                                     \
@ -266,6 +269,8 @@ class WindowContext : public nsISupports, public nsWrapperCache {
  bool CanSet(FieldIndex<IDX_IsThirdPartyTrackingResourceWindow>,
              const bool& aIsThirdPartyTrackingResourceWindow,
              ContentParent* aSource);
  bool CanSet(FieldIndex<IDX_UsingStorageAccess>,
              const bool& aUsingStorageAccess, ContentParent* aSource);
  bool CanSet(FieldIndex<IDX_ShouldResistFingerprinting>,
              const bool& aShouldResistFingerprinting, ContentParent* aSource);
  bool CanSet(FieldIndex<IDX_IsSecureContext>, const bool& aIsSecureContext,
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@ -18361,14 +18361,12 @@ nsICookieJarSettings* Document::CookieJarSettings() {
 }
 bool Document::UsingStorageAccess() {
-  // The HasStoragePermission flag in LoadInfo remains fixed when
+  if (WindowContext* wc = GetWindowContext()) {
-  // it is set in the parent process, so we need to check the cache
+    return wc->GetUsingStorageAccess();
  // to see if the permission is granted afterwards.
  nsPIDOMWindowInner* inner = GetInnerWindow();
  if (inner && inner->UsingStorageAccess()) {
    return true;
  }
  // If we don't yet have a window context, we have to use the decision
  // from the Document's Channel's LoadInfo directly.
  if (!mChannel) {
    return false;
  }
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@ -7644,12 +7644,22 @@ const nsIGlobalObject* nsPIDOMWindowInner::AsGlobal() const {
 }
 void nsPIDOMWindowInner::SaveStorageAccessPermissionGranted() {
-  mUsingStorageAccess = true;
+  WindowContext* wc = GetWindowContext();
  if (wc) {
    Unused << wc->SetUsingStorageAccess(true);
  }
  nsGlobalWindowInner::Cast(this)->StorageAccessPermissionGranted();
 }
-bool nsPIDOMWindowInner::UsingStorageAccess() { return mUsingStorageAccess; }
+bool nsPIDOMWindowInner::UsingStorageAccess() {
  WindowContext* wc = GetWindowContext();
  if (!wc) {
    return false;
  }
  return wc->GetUsingStorageAccess();
 }
 nsPIDOMWindowInner::nsPIDOMWindowInner(nsPIDOMWindowOuter* aOuterWindow,
                                       WindowGlobalChild* aActor)
@ -7674,7 +7684,6 @@ nsPIDOMWindowInner::nsPIDOMWindowInner(nsPIDOMWindowOuter* aOuterWindow,
      mNumOfIndexedDBDatabases(0),
      mNumOfOpenWebSockets(0),
      mEvent(nullptr),
      mUsingStorageAccess(false),
      mWindowGlobalChild(aActor),
      mWasSuspendedByGroup(false) {
  MOZ_ASSERT(aOuterWindow);
--- a/dom/base/nsPIDOMWindow.h
+++ b/dom/base/nsPIDOMWindow.h
@ -760,10 +760,6 @@ class nsPIDOMWindowInner : public mozIDOMWindow {
  // the event object alive.
  mozilla::dom::Event* mEvent;
  // A boolean flag indicating whether storage access is granted for the
  // current window and that it is currently being used by this window.
  bool mUsingStorageAccess;
  // The WindowGlobalChild actor for this window.
  //
  // This will be non-null during the full lifetime of the window, initialized
--- a/dom/ipc/WindowGlobalActor.cpp
+++ b/dom/ipc/WindowGlobalActor.cpp
@ -150,6 +150,8 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer(
    nsCOMPtr<nsILoadInfo> loadInfo(channel->LoadInfo());
    fields.Get<Indexes::IDX_IsOriginalFrameSource>() =
        loadInfo->GetOriginalFrameSrcLoad();
    fields.Get<Indexes::IDX_UsingStorageAccess>() =
        loadInfo->GetStoragePermission() != nsILoadInfo::NoStoragePermission;
    channel->GetSecurityInfo(getter_AddRefs(securityInfo));
  }
--- a/dom/ipc/WindowGlobalChild.cpp
+++ b/dom/ipc/WindowGlobalChild.cpp
@ -219,6 +219,8 @@ void WindowGlobalChild::OnNewDocument(Document* aDocument) {
  if (nsCOMPtr<nsIChannel> channel = aDocument->GetChannel()) {
    nsCOMPtr<nsILoadInfo> loadInfo(channel->LoadInfo());
    txn.SetIsOriginalFrameSource(loadInfo->GetOriginalFrameSrcLoad());
    txn.SetUsingStorageAccess(loadInfo->GetStoragePermission() !=
                              nsILoadInfo::NoStoragePermission);
  } else {
    txn.SetIsOriginalFrameSource(false);
  }
--- a/toolkit/components/antitracking/AntiTrackingUtils.cpp
+++ b/toolkit/components/antitracking/AntiTrackingUtils.cpp
@ -557,23 +557,23 @@ AntiTrackingUtils::GetStoragePermissionStateInParent(nsIChannel* aChannel) {
      return nsILoadInfo::HasStoragePermission;
    }
  } else if (!bc->IsTop()) {
-    // Only check the frame only permission if the channel is not in the top
+    // For subframe resources, check if the document has storage access
-    // browsing context.
+    // and that the resource being loaded is same-site to the page.
-    RefPtr<nsEffectiveTLDService> etld = nsEffectiveTLDService::GetInstance();
+    WindowContext* wc = bc->GetCurrentWindowContext();
-    if (!etld) {
+    if (!wc) {
      return nsILoadInfo::NoStoragePermission;
    }
-    nsCString trackingSite;
+    WindowGlobalParent* wgp = wc->Canonical();
-    rv = etld->GetSite(trackingURI, trackingSite);
+    if (!wgp) {
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return nsILoadInfo::NoStoragePermission;
    }
-    nsAutoCString type;
+    nsIPrincipal* framePrincipal = wgp->DocumentPrincipal();
-    AntiTrackingUtils::CreateStorageFramePermissionKey(trackingSite, type);
+    if (!framePrincipal) {
-
+      return nsILoadInfo::NoStoragePermission;
-    if (AntiTrackingUtils::CheckStoragePermission(
+    }
-            targetPrincipal, type, NS_UsePrivateBrowsing(aChannel),
+    bool isThirdParty = true;
-            &unusedReason, unusedReason)) {
+    nsresult rv = framePrincipal->IsThirdPartyURI(trackingURI, &isThirdParty);
    if (NS_SUCCEEDED(rv) && wc->GetUsingStorageAccess() && !isThirdParty) {
      return nsILoadInfo::HasStoragePermission;
    }
  }