Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 05:41:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backed out changeset 1047cef8519b (bug 1605305) for perma failures on test_trr.js. CLOSED TREE

Browse Source
This commit is contained in:
Razvan Maries 2020-08-18 17:39:29 +03:00
parent 69414bafb5
commit 44ae0cd57e
10 changed files with 87 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
browser/components/search/test/browser/mozsearch.sjs
View File

@ -3,7 +3,7 @@
function handleRequest(req, resp) {
resp.setHeader("Content-Type", "text/html", false);
if (req.hasHeader("Origin") && req.getHeader("Origin") != "null") {
if (req.hasHeader("Origin")) {
resp.write("error");
return;
}

71
dom/security/ReferrerInfo.cpp
View File

@ -50,42 +50,6 @@ NS_IMPL_ISUPPORTS_CI(ReferrerInfo, nsIReferrerInfo, nsISerializable)
#define MIN_CROSS_ORIGIN_SENDING_POLICY 0
#define MIN_TRIMMING_POLICY 0
/*
* Default referrer policy to use
*/
enum DefaultReferrerPolicy : uint32_t {
eDefaultPolicyNoReferrer = 0,
eDefaultPolicySameOrgin = 1,
eDefaultPolicyStrictWhenXorigin = 2,
eDefaultPolicyNoReferrerWhenDownGrade = 3,
};
static uint32_t GetDefaultFirstPartyReferrerPolicyPref(bool privateBrowsing) {
return privateBrowsing
? StaticPrefs::network_http_referer_defaultPolicy_pbmode()
: StaticPrefs::network_http_referer_defaultPolicy();
}
static uint32_t GetDefaultThirdPartyReferrerPolicyPref(bool privateBrowsing) {
return privateBrowsing
? StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode()
: StaticPrefs::network_http_referer_defaultPolicy_trackers();
}
static ReferrerPolicy DefaultReferrerPolicyToReferrerPolicy(
uint32_t defaultToUse) {
switch (defaultToUse) {
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
return ReferrerPolicy::No_referrer;
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
return ReferrerPolicy::Same_origin;
case DefaultReferrerPolicy::eDefaultPolicyStrictWhenXorigin:
return ReferrerPolicy::Strict_origin_when_cross_origin;
}
return ReferrerPolicy::No_referrer_when_downgrade;
}
struct LegacyReferrerPolicyTokenMap {
const char* mToken;
ReferrerPolicy mPolicy;
@ -254,17 +218,32 @@ ReferrerPolicy ReferrerInfo::GetDefaultReferrerPolicy(nsIHttpChannel* aChannel,
}
}
return DefaultReferrerPolicyToReferrerPolicy(
thirdPartyTrackerIsolated
? GetDefaultThirdPartyReferrerPolicyPref(privateBrowsing)
: GetDefaultFirstPartyReferrerPolicyPref(privateBrowsing));
}
uint32_t defaultToUse;
if (thirdPartyTrackerIsolated) {
if (privateBrowsing) {
defaultToUse =
StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode();
} else {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_trackers();
}
} else {
if (privateBrowsing) {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_pbmode();
} else {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy();
}
}
/* static */
ReferrerPolicy ReferrerInfo::GetDefaultThirdPartyReferrerPolicy(
bool privateBrowsing) {
uint32_t pref = GetDefaultThirdPartyReferrerPolicyPref(privateBrowsing);
return DefaultReferrerPolicyToReferrerPolicy(pref);
switch (defaultToUse) {
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
return ReferrerPolicy::No_referrer;
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
return ReferrerPolicy::Same_origin;
case DefaultReferrerPolicy::eDefaultPolicyStrictWhenXorigin:
return ReferrerPolicy::Strict_origin_when_cross_origin;
}
return ReferrerPolicy::No_referrer_when_downgrade;
}
/* static */

21
dom/security/ReferrerInfo.h
View File

@ -219,16 +219,7 @@ class ReferrerInfo : public nsIReferrerInfo {
*/
static ReferrerPolicyEnum GetDefaultReferrerPolicy(
nsIHttpChannel* aChannel = nullptr, nsIURI* aURI = nullptr,
bool aPrivateBrowsing = false);
/**
* Return default referrer policy for third party which is controlled by user
* prefs:
* network.http.referer.defaultPolicy.trackers for regular mode
* network.http.referer.defaultPolicy.trackers.pbmode for private mode
*/
static ReferrerPolicyEnum GetDefaultThirdPartyReferrerPolicy(
bool aPrivateBrowsing = false);
bool privateBrowsing = false);
/*
* Helper function to parse ReferrerPolicy from meta tag referrer content.
@ -284,6 +275,16 @@ class ReferrerInfo : public nsIReferrerInfo {
ReferrerInfo(const ReferrerInfo& rhs);
/*
* Default referrer policy to use
*/
enum DefaultReferrerPolicy : uint32_t {
eDefaultPolicyNoReferrer = 0,
eDefaultPolicySameOrgin = 1,
eDefaultPolicyStrictWhenXorigin = 2,
eDefaultPolicyNoReferrerWhenDownGrade = 3,
};
/*
* Trimming policy when compute referrer, indicate how much information in the
* referrer will be sent. Order matters here.

32
netwerk/protocol/http/HttpBaseChannel.cpp
View File

@ -215,7 +215,6 @@ HttpBaseChannel::HttpBaseChannel()
mAsyncOpenWaitingForStreamLength(false),
mUpgradableToSecure(true),
mHasNonEmptySandboxingFlag(false),
mTaintedOriginFlag(false),
mTlsFlags(0),
mSuspendCount(0),
mInitialRwin(0),
@ -3874,9 +3873,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
CallQueryInterface(newChannel, realChannel.StartAssignment());
if (realChannel) {
realChannel->SetTopWindowURI(mTopWindowURI);
realChannel->mTaintedOriginFlag =
ShouldTaintReplacementChannelOrigin(newURI);
}
// update the DocumentURI indicator since we are being redirected.
@ -3959,34 +3955,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
return NS_OK;
}
bool HttpBaseChannel::ShouldTaintReplacementChannelOrigin(nsIURI* aNewURI) {
if (mTaintedOriginFlag) {
return true;
}
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
bool isPrivateWin = mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
nsresult rv = ssm->CheckSameOriginURI(aNewURI, mURI, false, isPrivateWin);
if (NS_SUCCEEDED(rv)) {
return false;
}
nsCOMPtr<nsIURI> originURI;
if (mLoadInfo->GetLoadingPrincipal()) {
originURI = mLoadInfo->GetLoadingPrincipal()->GetURI();
} else {
MOZ_ASSERT(mLoadInfo->GetExternalContentPolicyType() ==
nsIContentPolicy::TYPE_DOCUMENT,
"Missing loading principal allowed only on document loads");
// Use our original URI instead, the first URI in the redirect chain.
originURI = mOriginalURI;
}
rv = ssm->CheckSameOriginURI(originURI, mURI, false, isPrivateWin);
return NS_FAILED(rv);
}
// Redirect Tracking
bool HttpBaseChannel::SameOriginWithOriginalUri(nsIURI* aURI) {
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();

6
netwerk/protocol/http/HttpBaseChannel.h
View File

@ -635,9 +635,6 @@ class HttpBaseChannel : public nsHashPropertyBag,
nsCOMPtr<nsIEventTarget> mCurrentThread;
private:
// WHATWG Fetch Standard 4.4. HTTP-redirect fetch, step 10
bool ShouldTaintReplacementChannelOrigin(nsIURI* aNewURI);
// Proxy release all members above on main thread.
void ReleaseMainThreadOnlyReferences();
@ -824,9 +821,6 @@ class HttpBaseChannel : public nsHashPropertyBag,
// True if the docshell's sandboxing flag set is not empty.
uint32_t mHasNonEmptySandboxingFlag : 1;
// Tainted origin flag of a request, specified by WHATWG Fetch Standard 2.2.5.
uint32_t mTaintedOriginFlag : 1;
// An opaque flags for non-standard behavior of the TLS system.
// It is unlikely this will need to be set outside of telemetry studies
// relating to the TLS implementation.

54
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -9599,19 +9599,10 @@ void nsHttpChannel::SetOriginHeader() {
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader);
if (!existingHeader.IsEmpty()) {
LOG(("nsHttpChannel::SetOriginHeader Origin header already present"));
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader);
auto const shouldNullifyOriginHeader =
[&existingHeader](nsHttpChannel* self) {
if (self->mTaintedOriginFlag) {
return true;
}
nsCOMPtr<nsIURI> uri;
return NS_SUCCEEDED(NS_NewURI(getter_AddRefs(uri), existingHeader)) &&
ReferrerInfo::ShouldSetNullOriginHeader(self, uri);
};
if (shouldNullifyOriginHeader(this)) {
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), existingHeader);
if (NS_SUCCEEDED(rv) &&
ReferrerInfo::ShouldSetNullOriginHeader(this, uri)) {
LOG(("nsHttpChannel::SetOriginHeader null Origin by Referrer-Policy"));
rv = mRequestHead.SetHeader(nsHttp::Origin, "null"_ns, false /* merge */);
MOZ_ASSERT(NS_SUCCEEDED(rv));
@ -9619,29 +9610,35 @@ void nsHttpChannel::SetOriginHeader() {
return;
}
if (StaticPrefs::network_http_sendOriginHeader() == 0) {
// Origin header suppressed by user setting
return;
}
nsCOMPtr<nsIURI> referrer;
auto* basePrin = BasePrincipal::Cast(mLoadInfo->TriggeringPrincipal());
basePrin->GetURI(getter_AddRefs(referrer));
if (!referrer || !dom::ReferrerInfo::IsReferrerSchemeAllowed(referrer)) {
return;
}
nsAutoCString origin("null");
nsContentUtils::GetASCIIOrigin(referrer, origin);
if (StaticPrefs::network_http_sendOriginHeader() != 0 && referrer &&
ReferrerInfo::IsReferrerSchemeAllowed(referrer) &&
!ReferrerInfo::ShouldSetNullOriginHeader(this, referrer) &&
!mTaintedOriginFlag) {
nsContentUtils::GetASCIIOrigin(referrer, origin);
// Restrict Origin to same-origin loads if requested by user
if (StaticPrefs::network_http_sendOriginHeader() == 1) {
nsAutoCString currentOrigin;
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
// Origin header suppressed by user setting
origin.AssignLiteral("null");
}
// Restrict Origin to same-origin loads if requested by user
if (StaticPrefs::network_http_sendOriginHeader() == 1) {
nsAutoCString currentOrigin;
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
// Origin header suppressed by user setting
return;
}
}
if (ReferrerInfo::ShouldSetNullOriginHeader(this, referrer)) {
origin.AssignLiteral("null");
}
rv = mRequestHead.SetHeader(nsHttp::Origin, origin, false /* merge */);
MOZ_ASSERT(NS_SUCCEEDED(rv));
}
@ -10258,8 +10255,7 @@ void nsHttpChannel::ReEvaluateReferrerAfterTrackingStatusIsKnown() {
ReferrerInfo::GetDefaultReferrerPolicy(nullptr, nullptr,
isPrivate)) {
nsCOMPtr<nsIReferrerInfo> newReferrerInfo =
referrerInfo->CloneWithNewPolicy(
ReferrerInfo::GetDefaultReferrerPolicy(this, mURI, isPrivate));
referrerInfo->CloneWithNewPolicy(ReferrerPolicy::_empty);
// The arguments passed to SetReferrerInfoInternal here should mirror
// the arguments passed in
// HttpChannelChild::RecvOverrideReferrerInfoDuringBeginConnect().

1
netwerk/test/mochitests/mochitest.ini
View File

@ -16,7 +16,6 @@ support-files =
redirect_idn.html
empty.html
redirect.sjs
redirect_to.sjs
origin_header.sjs
origin_header_form_post.html
origin_header_form_post_xorigin.html

4
netwerk/test/mochitests/redirect_to.sjs
View File

@ -1,4 +0,0 @@
function handleRequest(request, response) {
response.setStatusLine(request.httpVersion, 308, "Permanent Redirect");
response.setHeader("Location", request.queryString);
}

95
netwerk/test/mochitests/test_origin_header.html
View File

@ -23,18 +23,15 @@ let testsToRun = [
["network.http.sendOriginHeader", 0],
],
results: {
framePost: "Origin: null",
framePostXOrigin: "Origin: null",
framePost: EMPTY_ORIGIN,
framePostXOrigin: EMPTY_ORIGIN,
frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: null",
framePostNonSandboxedXOrigin: "Origin: null",
framePostSandboxed: "Origin: null",
framePostSrcDoc: "Origin: null",
framePostSrcDocXOrigin: "Origin: null",
framePostDataURI: "Origin: null",
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
framePostNonSandboxed: EMPTY_ORIGIN,
framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: EMPTY_ORIGIN,
framePostSrcDocXOrigin: EMPTY_ORIGIN,
framePostDataURI: EMPTY_ORIGIN,
},
},
{
@ -44,17 +41,14 @@ let testsToRun = [
],
results: {
framePost: "Origin: http://mochi.test:8888",
framePostXOrigin: "Origin: null",
framePostXOrigin: EMPTY_ORIGIN,
frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: null",
framePostSandboxed: "Origin: null",
framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: null",
framePostDataURI: "Origin: null",
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
framePostSrcDocXOrigin: EMPTY_ORIGIN,
framePostDataURI: EMPTY_ORIGIN,
},
},
{
@ -68,13 +62,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
framePostSandboxed: "Origin: null",
framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: "Origin: null",
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: EMPTY_ORIGIN,
},
},
{
@ -88,13 +79,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
framePostSandboxed: "Origin: null",
framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: "Origin: null",
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: EMPTY_ORIGIN,
},
},
{
@ -109,13 +97,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: null",
framePostNonSandboxedXOrigin: "Origin: null",
framePostSandboxed: "Origin: null",
framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: null",
framePostSrcDocXOrigin: "Origin: null",
framePostDataURI: "Origin: null",
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
framePostDataURI: EMPTY_ORIGIN,
},
},
];
@ -166,21 +151,6 @@ let checksToRun = [
frameID: "framePostDataURI",
dataURI: "origin_header_form_post.html",
},
{
name: "same-origin POST redirected to cross-origin",
frameID: "framePostSameOriginToXOrigin",
formID: "formPostSameOriginToXOrigin",
},
{
name: "cross-origin POST redirected to same-origin",
frameID: "framePostXOriginToSameOrigin",
formID: "formPostXOriginToSameOrigin",
},
{
name: "cross-origin POST redirected to cross-origin",
frameID: "framePostXOriginToXOrigin",
formID: "formPostXOriginToXOrigin",
},
];
function frameLoaded(test, check)
@ -336,33 +306,6 @@ addLoadEvent(runTests);
<input type="submit" value="Submit GET">
</form>
</td>
<td>
<iframe src="about:blank" name="framePostSameOriginToXOrigin" id="framePostSameOriginToXOrigin"></iframe>
<form action="redirect_to.sjs?http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostSameOriginToXOrigin"
target="framePostSameOriginToXOrigin">
<input type="Submit" value="Submit SameOrigin POST redirected to XOrigin">
</form>
</td>
<td>
<iframe src="about:blank" name="framePostXOriginToSameOrigin" id="framePostXOriginToSameOrigin"></iframe>
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostXOriginToSameOrigin"
target="framePostXOriginToSameOrigin">
<input type="Submit" value="Submit XOrigin POST redirected to SameOrigin">
</form>
</td>
<td>
<iframe src="about:blank" name="framePostXOriginToXOrigin" id="framePostXOriginToXOrigin"></iframe>
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostXOriginToXOrigin"
target="framePostXOriginToXOrigin">
<input type="Submit" value="Submit XOrigin POST redirected to XOrigin">
</form>
</td>
</tr>
<tr>
<td>

6
testing/web-platform/meta/fetch/origin/assorted.window.js.ini
View File

@ -1,4 +1,10 @@
[assorted.window.html]
[Origin header and 308 redirect]
expected: FAIL
[Origin header and POST navigation]
expected: FAIL
[Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer]
expected: FAIL