Bug 1658878 - Isolate BlobURLs per agent-cluster - pref, r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D86968
This commit is contained in:
Andrea Marchesini 2020-08-17 09:55:56 +00:00
parent 2a7a7cfe86
commit 6b8618a091
9 changed files with 43 additions and 6 deletions

View File

@ -135,6 +135,12 @@ async function openInNewTabAndReturnContent(selector) {
return blobDataFromContent;
}
add_task(async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
});
add_task(async function test_rightclick_open_bloburl_in_new_tab() {
let blobDataFromLoadedPage = await rightClickOpenInNewTabAndReturnContent(
"blob-url-link"

View File

@ -109,4 +109,10 @@ for (let blobify of [page_blobify, worker_blobify]) {
}
}
IsolationTestTools.runTests(TEST_PAGE, tests);
async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
}
IsolationTestTools.runTests(TEST_PAGE, tests, null, setup);

View File

@ -4,6 +4,12 @@ requestLongerTimeout(3);
const BASE_URI = "http://mochi.test:8888/browser/dom/file/ipc/tests/empty.html";
add_task(async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
});
// More than 1mb memory blob childA-parent-childB.
add_task(async function test_CtoPtoC_big() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);

View File

@ -6,12 +6,19 @@ const { CookieXPCShellUtils } = ChromeUtils.import(
"resource://testing-common/CookieXPCShellUtils.jsm"
);
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
CookieXPCShellUtils.init(this);
// Same agent cluster, all works fine: blobURLs can be opened.
add_task(async () => {
do_get_profile();
Services.prefs.setBoolPref(
"privacy.partition.bloburl_per_agent_cluster",
true
);
const server = CookieXPCShellUtils.createServer({ hosts: ["example.org"] });
let result = new Promise(resolve => {

View File

@ -739,8 +739,9 @@ bool BlobURLProtocolHandler::GetDataEntry(
return false;
}
// Same agent-cluster only.
if (aAgentClusterId.isSome() && info->mAgentClusterId.isSome() &&
// BlobURLs are openable on the same agent-cluster-id only.
if (StaticPrefs::privacy_partition_bloburl_per_agent_cluster() &&
aAgentClusterId.isSome() && info->mAgentClusterId.isSome() &&
!aAgentClusterId.value().Equals(info->mAgentClusterId.value())) {
return false;
}

View File

@ -19,10 +19,14 @@ onmessage = function(e) {
}
};
var ifr = document.createElement("iframe");
document.body.appendChild(ifr);
SpecialPowers.pushPrefEnv({
"set": [["privacy.partition.bloburl_per_agent_cluster", false]]
}).then(() => {
var ifr = document.createElement("iframe");
document.body.appendChild(ifr);
ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>";
ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>";
});
SimpleTest.waitForExplicitFinish();

View File

@ -8766,6 +8766,11 @@
value: @IS_NIGHTLY_BUILD@
mirror: always
- name: privacy.partition.bloburl_per_agent_cluster
type: RelaxedAtomicBool
value: @IS_NIGHTLY_BUILD@
mirror: always
# By default, the network state isolation is not active when there is a proxy
# setting. This pref forces the network isolation even in these scenarios.
- name: privacy.partition.network_state.connection_with_proxy

View File

@ -0,0 +1 @@
prefs: [privacy.partition.bloburl_per_agent_cluster:false]

View File

@ -0,0 +1 @@
prefs: [privacy.partition.bloburl_per_agent_cluster:false]