Bug 1543066 - P2 Do not obtain a cross-origin opener-policy through non-HTTPS r=nika

Differential Revision: https://phabricator.services.mozilla.com/D40671 --HG-- extra : moz-landing-system : lando
2024-10-20 00:35:44 +00:00 · 2019-08-13 02:03:32 +00:00 · 2019-08-13 02:03:32 +00:00 · 645c8b23f7
commit 645c8b23f7
parent 122ebb1e31
2 changed files with 7 additions and 2 deletions
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@ -4338,6 +4338,11 @@ NS_IMETHODIMP HttpBaseChannel::GetCrossOriginOpenerPolicy(
    return NS_ERROR_NOT_AVAILABLE;
  }

+  // A document delivered over insecure HTTP will always lack COOP.
+  if (!mURI->SchemeIs("https")) {
+    return NS_OK;
+  }
+
  nsAutoCString openerPolicy;
  Unused << mResponseHead->GetHeader(nsHttp::Cross_Origin_Opener_Policy,
                                     openerPolicy);
--- a/testing/web-platform/meta/html/cross-origin-opener/dir.ini
+++ b/testing/web-platform/meta/html/cross-origin-opener/dir.ini
@ -1,4 +1,4 @@
 prefs: [browser.tabs.remote.useCrossOriginOpenerPolicy:true]
-disabled:
-  if verify: intermittent timeouts in verify mode
+disabled: true # Bug 1543066 limits COOP to secure contexts only
 leak-threshold: [default:102400]
+bug: https://github.com/web-platform-tests/wpt/pull/17606