Bug 1648036 - Use window.location to determine the sourceURL/sourceHost when installing an add-on. r=rpl

Differential Revision: https://phabricator.services.mozilla.com/D82738
2025-02-18 14:56:07 +00:00 · 2020-07-10 17:56:40 +00:00 · 2020-07-10 17:56:40 +00:00 · 699043a34c
commit 699043a34c
parent b979f62e15
5 changed files with 167 additions and 16 deletions
--- a/toolkit/mozapps/extensions/amInstallTrigger.jsm
+++ b/toolkit/mozapps/extensions/amInstallTrigger.jsm
@ -151,25 +151,14 @@ InstallTrigger.prototype = {
      }
    }

-    let sourceHost;
-    let sourceURL;
-
-    try {
-      sourceHost = this._principal.URI.host;
-      sourceURL = this._principal.URI.spec;
-    } catch (err) {
-      // Ignore errors when retrieving the host for the principal (e.g. null principals raise
-      // an NS_ERROR_FAILURE when principal.URI.host is accessed).
-    }
-
    let installData = {
      uri: url.spec,
      hash: item.Hash || null,
      name: item.name,
      icon: iconUrl ? iconUrl.spec : null,
      method: "installTrigger",
-      sourceHost,
-      sourceURL,
+      sourceHost: this._window.location?.host,
+      sourceURL: this._window.location?.href,
    };

    return this._mediator.install(
--- a/toolkit/mozapps/extensions/amWebAPI.jsm
+++ b/toolkit/mozapps/extensions/amWebAPI.jsm
@ -256,8 +256,8 @@ class WebAPI extends APIObject {
      // Provide the host from which the amWebAPI is being called
      // (so that we can detect if the API is being used from the disco pane,
      // AMO, testpilot or another unknown webpage).
-      sourceHost: triggeringPrincipal.URI && triggeringPrincipal.URI.host,
-      sourceURL: triggeringPrincipal.URI && triggeringPrincipal.URI.spec,
+      sourceHost: this.window.location?.host,
+      sourceURL: this.window.location?.href,
    };
    return this._apiTask("createInstall", [installOptions], installInfo => {
      if (!installInfo) {
--- a/toolkit/mozapps/extensions/test/browser/browser.ini
+++ b/toolkit/mozapps/extensions/test/browser/browser.ini
@ -83,6 +83,7 @@ skip-if = (os == 'win' && processor == 'aarch64') # aarch64 has no plugin suppor
 [browser_html_warning_messages.js]
 [browser_installssl.js]
 skip-if = verify
+[browser_installtrigger_install.js]
 [browser_interaction_telemetry.js]
 [browser_manage_shortcuts.js]
 [browser_manage_shortcuts_hidden.js]
--- a/toolkit/mozapps/extensions/test/browser/browser_installtrigger_install.js
+++ b/toolkit/mozapps/extensions/test/browser/browser_installtrigger_install.js
@ -0,0 +1,84 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const { AddonTestUtils } = ChromeUtils.import(
+  "resource://testing-common/AddonTestUtils.jsm"
+);
+
+const { PermissionTestUtils } = ChromeUtils.import(
+  "resource://testing-common/PermissionTestUtils.jsm"
+);
+
+const XPI_URL = `${SECURE_TESTROOT}../xpinstall/amosigned.xpi`;
+const XPI_ADDON_ID = "amosigned-xpi@tests.mozilla.org";
+
+AddonTestUtils.initMochitest(this);
+
+add_task(async function testInstallAfterHistoryPushState() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["extensions.webapi.testing", true],
+      ["extensions.install.requireBuiltInCerts", false],
+    ],
+  });
+
+  PermissionTestUtils.add(
+    "https://example.com/",
+    "install",
+    Services.perms.ALLOW_ACTION
+  );
+
+  registerCleanupFunction(async () => {
+    PermissionTestUtils.remove("https://example.com", "install");
+    await SpecialPowers.popPrefEnv();
+  });
+
+  await BrowserTestUtils.withNewTab(SECURE_TESTROOT, async browser => {
+    let installPromptPromise = promisePopupNotificationShown(
+      "addon-webext-permissions"
+    ).then(panel => {
+      panel.button.click();
+    });
+
+    let promptPromise = acceptAppMenuNotificationWhenShown(
+      "addon-installed",
+      XPI_ADDON_ID
+    );
+
+    await SpecialPowers.spawn(
+      browser,
+      [SECURE_TESTROOT, XPI_URL],
+      (secureTestRoot, xpiUrl) => {
+        // `sourceURL` should match the exact location, even after a location
+        // update using the history API. In this case, we update the URL with
+        // query parameters and expect `sourceURL` to contain those parameters.
+        content.history.pushState(
+          {}, // state
+          "", // title
+          `${secureTestRoot}?some=query&par=am`
+        );
+
+        content.InstallTrigger.install({ URL: xpiUrl });
+      }
+    );
+
+    await Promise.all([installPromptPromise, promptPromise]);
+
+    let addon = await promiseAddonByID(XPI_ADDON_ID);
+
+    registerCleanupFunction(async () => {
+      await addon.uninstall();
+    });
+
+    // Check that the expected installTelemetryInfo has been stored in the
+    // addon details.
+    AddonTestUtils.checkInstallInfo(addon, {
+      method: "installTrigger",
+      source: "test-host",
+      sourceURL:
+        "https://example.com/browser/toolkit/mozapps/extensions/test/browser/?some=query&par=am",
+    });
+  });
+});
--- a/toolkit/mozapps/extensions/test/browser/browser_webapi_install.js
+++ b/toolkit/mozapps/extensions/test/browser/browser_webapi_install.js
@ -8,7 +8,8 @@ const { AddonTestUtils } = ChromeUtils.import(
  "resource://testing-common/AddonTestUtils.jsm"
 );

-const TESTPAGE = `${SECURE_TESTROOT}webapi_checkavailable.html`;
+const TESTPATH = "webapi_checkavailable.html";
+const TESTPAGE = `${SECURE_TESTROOT}${TESTPATH}`;
 const XPI_URL = `${SECURE_TESTROOT}../xpinstall/amosigned.xpi`;
 const XPI_ADDON_ID = "amosigned-xpi@tests.mozilla.org";

@ -463,3 +464,79 @@ add_task(
    is(addons[0], null, "The addon was not installed");
  })
 );
+
+add_task(
+  makeInstallTest(async function(browser) {
+    const options = { url: XPI_URL, addonId };
+    let steps = [
+      { action: "install" },
+      {
+        event: "onDownloadStarted",
+        props: { state: "STATE_DOWNLOADING" },
+      },
+      {
+        event: "onDownloadProgress",
+        props: { maxProgress: XPI_LEN },
+      },
+      {
+        event: "onDownloadEnded",
+        props: {
+          state: "STATE_DOWNLOADED",
+          progress: XPI_LEN,
+          maxProgress: XPI_LEN,
+        },
+      },
+      {
+        event: "onInstallStarted",
+        props: { state: "STATE_INSTALLING" },
+      },
+      {
+        event: "onInstallEnded",
+        props: { state: "STATE_INSTALLED" },
+      },
+    ];
+
+    await SpecialPowers.spawn(browser, [TESTPATH], testPath => {
+      // `sourceURL` should match the exact location, even after a location
+      // update using the history API. In this case, we update the URL with
+      // query parameters and expect `sourceURL` to contain those parameters.
+      content.history.pushState(
+        {}, // state
+        "", // title
+        `/${testPath}?some=query&par=am`
+      );
+    });
+
+    let installPromptPromise = promisePopupNotificationShown(
+      "addon-webext-permissions"
+    ).then(panel => {
+      panel.button.click();
+    });
+
+    let promptPromise = acceptAppMenuNotificationWhenShown(
+      "addon-installed",
+      options.addonId
+    );
+
+    await Promise.all([
+      testInstall(browser, options, steps, "install to check source URL"),
+      installPromptPromise,
+      promptPromise,
+    ]);
+
+    let addon = await promiseAddonByID(ID);
+
+    registerCleanupFunction(async () => {
+      await addon.uninstall();
+    });
+
+    // Check that the expected installTelemetryInfo has been stored in the
+    // addon details.
+    AddonTestUtils.checkInstallInfo(addon, {
+      method: "amWebAPI",
+      source: "test-host",
+      sourceURL:
+        "https://example.com/webapi_checkavailable.html?some=query&par=am",
+    });
+  })
+);