mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 22:01:30 +00:00
Bug 1658878 - Isolate BlobURLs per agent-cluster - pref, r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D86968
This commit is contained in:
parent
2a7a7cfe86
commit
6b8618a091
@ -135,6 +135,12 @@ async function openInNewTabAndReturnContent(selector) {
|
||||
return blobDataFromContent;
|
||||
}
|
||||
|
||||
add_task(async function setup() {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
|
||||
});
|
||||
});
|
||||
|
||||
add_task(async function test_rightclick_open_bloburl_in_new_tab() {
|
||||
let blobDataFromLoadedPage = await rightClickOpenInNewTabAndReturnContent(
|
||||
"blob-url-link"
|
||||
|
@ -109,4 +109,10 @@ for (let blobify of [page_blobify, worker_blobify]) {
|
||||
}
|
||||
}
|
||||
|
||||
IsolationTestTools.runTests(TEST_PAGE, tests);
|
||||
async function setup() {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
|
||||
});
|
||||
}
|
||||
|
||||
IsolationTestTools.runTests(TEST_PAGE, tests, null, setup);
|
||||
|
@ -4,6 +4,12 @@ requestLongerTimeout(3);
|
||||
|
||||
const BASE_URI = "http://mochi.test:8888/browser/dom/file/ipc/tests/empty.html";
|
||||
|
||||
add_task(async function setup() {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
|
||||
});
|
||||
});
|
||||
|
||||
// More than 1mb memory blob childA-parent-childB.
|
||||
add_task(async function test_CtoPtoC_big() {
|
||||
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
|
||||
|
@ -6,12 +6,19 @@ const { CookieXPCShellUtils } = ChromeUtils.import(
|
||||
"resource://testing-common/CookieXPCShellUtils.jsm"
|
||||
);
|
||||
|
||||
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
|
||||
|
||||
CookieXPCShellUtils.init(this);
|
||||
|
||||
// Same agent cluster, all works fine: blobURLs can be opened.
|
||||
add_task(async () => {
|
||||
do_get_profile();
|
||||
|
||||
Services.prefs.setBoolPref(
|
||||
"privacy.partition.bloburl_per_agent_cluster",
|
||||
true
|
||||
);
|
||||
|
||||
const server = CookieXPCShellUtils.createServer({ hosts: ["example.org"] });
|
||||
|
||||
let result = new Promise(resolve => {
|
||||
|
@ -739,8 +739,9 @@ bool BlobURLProtocolHandler::GetDataEntry(
|
||||
return false;
|
||||
}
|
||||
|
||||
// Same agent-cluster only.
|
||||
if (aAgentClusterId.isSome() && info->mAgentClusterId.isSome() &&
|
||||
// BlobURLs are openable on the same agent-cluster-id only.
|
||||
if (StaticPrefs::privacy_partition_bloburl_per_agent_cluster() &&
|
||||
aAgentClusterId.isSome() && info->mAgentClusterId.isSome() &&
|
||||
!aAgentClusterId.value().Equals(info->mAgentClusterId.value())) {
|
||||
return false;
|
||||
}
|
||||
|
@ -19,10 +19,14 @@ onmessage = function(e) {
|
||||
}
|
||||
};
|
||||
|
||||
var ifr = document.createElement("iframe");
|
||||
document.body.appendChild(ifr);
|
||||
SpecialPowers.pushPrefEnv({
|
||||
"set": [["privacy.partition.bloburl_per_agent_cluster", false]]
|
||||
}).then(() => {
|
||||
var ifr = document.createElement("iframe");
|
||||
document.body.appendChild(ifr);
|
||||
|
||||
ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>";
|
||||
ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>";
|
||||
});
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
|
@ -8766,6 +8766,11 @@
|
||||
value: @IS_NIGHTLY_BUILD@
|
||||
mirror: always
|
||||
|
||||
- name: privacy.partition.bloburl_per_agent_cluster
|
||||
type: RelaxedAtomicBool
|
||||
value: @IS_NIGHTLY_BUILD@
|
||||
mirror: always
|
||||
|
||||
# By default, the network state isolation is not active when there is a proxy
|
||||
# setting. This pref forces the network isolation even in these scenarios.
|
||||
- name: privacy.partition.network_state.connection_with_proxy
|
||||
|
@ -0,0 +1 @@
|
||||
prefs: [privacy.partition.bloburl_per_agent_cluster:false]
|
@ -0,0 +1 @@
|
||||
prefs: [privacy.partition.bloburl_per_agent_cluster:false]
|
Loading…
Reference in New Issue
Block a user