Bug 1606797 - pass the triggering principal when opening external URIs, r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D77027

docshell/base/nsDocShell.cpp

@@ -11826,6 +11826,11 @@ nsresult nsDocShell::OnLinkClickSync(
     return NS_OK;
   }
 
+  // if the triggeringPrincipal is not passed explicitly, then we
+  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
+  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
+      aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
+
   {
     // defer to an external protocol handler if necessary...
     nsCOMPtr<nsIExternalProtocolService> extProtService =
@@ -11841,17 +11846,13 @@ nsresult nsDocShell::OnLinkClickSync(
         nsresult rv =
             extProtService->IsExposedProtocol(scheme.get(), &isExposed);
         if (NS_SUCCEEDED(rv) && !isExposed) {
-          return extProtService->LoadURI(aURI, mBrowsingContext);
+          return extProtService->LoadURI(aURI, triggeringPrincipal,
+                                         mBrowsingContext);
         }
       }
     }
   }
 
-  // if the triggeringPrincipal is not passed explicitly, then we
-  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
-  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
-      aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
-
   nsCOMPtr<nsIContentSecurityPolicy> csp = aCsp;
   if (!csp) {
     // Currently, if no csp is passed explicitly we fall back to querying the

dom/ipc/ContentParent.cpp

@@ -3937,7 +3937,8 @@ mozilla::ipc::IPCResult ContentParent::RecvAccumulateMixedContentHSTS(
 }
 
 mozilla::ipc::IPCResult ContentParent::RecvLoadURIExternal(
-    nsIURI* uri, const MaybeDiscarded<BrowsingContext>& aContext) {
+    nsIURI* uri, nsIPrincipal* aTriggeringPrincipal,
+    const MaybeDiscarded<BrowsingContext>& aContext) {
   if (aContext.IsDiscarded()) {
     return IPC_OK();
   }
@@ -3953,7 +3954,7 @@ mozilla::ipc::IPCResult ContentParent::RecvLoadURIExternal(
   }
 
   BrowsingContext* bc = aContext.get();
-  extProtService->LoadURI(uri, bc);
+  extProtService->LoadURI(uri, aTriggeringPrincipal, bc);
   return IPC_OK();
 }
 

dom/ipc/ContentParent.h

@@ -1012,7 +1012,8 @@ class ContentParent final
       const nsString& aType, const NotificationEventData& aData);
 
   mozilla::ipc::IPCResult RecvLoadURIExternal(
-      nsIURI* uri, const MaybeDiscarded<BrowsingContext>& aContext);
+      nsIURI* uri, nsIPrincipal* triggeringPrincipal,
+      const MaybeDiscarded<BrowsingContext>& aContext);
   mozilla::ipc::IPCResult RecvExtProtocolChannelConnectParent(
       const uint32_t& registrarId);
 

dom/ipc/PContent.ipdl

@@ -971,7 +971,7 @@ parent:
     async StartVisitedQueries(nsIURI[] uri);
     async SetURITitle(nsIURI uri, nsString title);
 
-    async LoadURIExternal(nsIURI uri, MaybeDiscardedBrowsingContext browsingContext);
+    async LoadURIExternal(nsIURI uri, nsIPrincipal triggeringPrincipal, MaybeDiscardedBrowsingContext browsingContext);
     async ExtProtocolChannelConnectParent(uint32_t registrarId);
 
     // PrefService message

toolkit/mozapps/handling/ContentDispatchChooser.jsm

@@ -18,7 +18,7 @@ nsContentDispatchChooser.prototype = {
 
   // nsIContentDispatchChooser
 
-  ask: function ask(aHandler, aBrowsingContext, aURI, aReason) {
+  ask: function ask(aHandler, aURI, aPrincipal, aBrowsingContext, aReason) {
     let window = aBrowsingContext?.top?.embedderElement?.ownerGlobal || null;
 
     var bundle = Services.strings.createBundle(STRINGBUNDLE_URL);

uriloader/exthandler/nsExternalHelperAppService.cpp

@@ -925,12 +925,13 @@ static const char kExternalProtocolDefaultPref[] =
 
 NS_IMETHODIMP
 nsExternalHelperAppService::LoadURI(nsIURI* aURI,
+                                    nsIPrincipal* aTriggeringPrincipal,
                                     BrowsingContext* aBrowsingContext) {
   NS_ENSURE_ARG_POINTER(aURI);
 
   if (XRE_IsContentProcess()) {
     mozilla::dom::ContentChild::GetSingleton()->SendLoadURIExternal(
-        aURI, aBrowsingContext);
+        aURI, aTriggeringPrincipal, aBrowsingContext);
     return NS_OK;
   }
 
@@ -993,7 +994,7 @@ nsExternalHelperAppService::LoadURI(nsIURI* aURI,
       do_CreateInstance("@mozilla.org/content-dispatch-chooser;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  return chooser->Ask(handler, aBrowsingContext, uri,
+  return chooser->Ask(handler, uri, aTriggeringPrincipal, aBrowsingContext,
                       nsIContentDispatchChooser::REASON_CANNOT_HANDLE);
 }
 

uriloader/exthandler/nsExternalHelperAppService.h

@@ -34,6 +34,7 @@
 class nsExternalAppHandler;
 class nsIMIMEInfo;
 class nsITransfer;
+class nsIPrincipal;
 class MaybeCloseWindowHelper;
 
 /**
@@ -73,7 +74,7 @@ class nsExternalHelperAppService : public nsIExternalHelperAppService,
                                bool* aResult) override;
   NS_IMETHOD GetProtocolHandlerInfo(const nsACString& aScheme,
                                     nsIHandlerInfo** aHandlerInfo) override;
-  NS_IMETHOD LoadURI(nsIURI* aURI,
+  NS_IMETHOD LoadURI(nsIURI* aURI, nsIPrincipal* aTriggeringPrincipal,
                      mozilla::dom::BrowsingContext* aBrowsingContext) override;
   NS_IMETHOD SetProtocolHandlerDefaults(nsIHandlerInfo* aHandlerInfo,
                                         bool aOSHandlerExists) override;

uriloader/exthandler/nsExternalProtocolHandler.cpp

@@ -163,7 +163,9 @@ nsresult nsExtProtocolChannel::OpenURL() {
     if (NS_FAILED(rv)) {
       goto finish;
     }
-    rv = extProtService->LoadURI(mUrl, ctx);
+
+    RefPtr<nsIPrincipal> principal = mLoadInfo->TriggeringPrincipal();
+    rv = extProtService->LoadURI(mUrl, principal, ctx);
 
     if (NS_SUCCEEDED(rv) && mListener) {
       mStatus = NS_ERROR_NO_CONTENT;

uriloader/exthandler/nsIContentDispatchChooser.idl

@@ -5,9 +5,8 @@
 #include "nsISupports.idl"
 
 interface nsIHandlerInfo;
-interface nsIHelperAppLauncher;
+interface nsIPrincipal;
 interface nsIURI;
-interface nsIInterfaceRequestor;
 webidl BrowsingContext;
 
 /**
@@ -28,16 +27,19 @@ interface nsIContentDispatchChooser : nsISupports {
   * @param aHander
   *        The interface describing the details of how this content should or
   *        can be handled.
-  * @param aBrowsingContext
-  *        The browsing context that's the parent for this chooser.
   * @param aURI
   *        The URI of the resource that we are asking about.
+  * @param aTriggeringPrincipal
+  *        The principal making the request.
+  * @param aBrowsingContext
+  *        The browsing context where the load should happen.
   * @param aReason
   *        The reason why we are asking (see above).
   */
   void ask(in nsIHandlerInfo aHandler,
-           in BrowsingContext aBrowsingContext,
            in nsIURI aURI,
+           in nsIPrincipal aTriggeringPrincipal,
+           in BrowsingContext aBrowsingContext,
            in unsigned long aReason);
 };
 

uriloader/exthandler/nsIExternalProtocolService.idl

@@ -8,6 +8,7 @@
 
 interface nsIURI;
 interface nsIFile;
+interface nsIPrincipal;
 interface nsIInterfaceRequestor;
 interface nsIHandlerInfo;
 
@@ -97,6 +98,9 @@ interface nsIExternalProtocolService : nsISupports
    * @param aURI
    *        The URI to load
    *
+   * @param aTriggeringPrincipal
+   *        The principal triggering this load.
+   *
    * @param aBrowsingContext
    *        The context to parent the dialog against, and, if a web handler
    *        is chosen, it is loaded in this window as well.  This parameter
@@ -110,6 +114,7 @@ interface nsIExternalProtocolService : nsISupports
    *        (bug 394479).
    */
   void loadURI(in nsIURI aURI,
+               [optional] in nsIPrincipal aTriggeringPrincipal,
                [optional] in BrowsingContext aBrowsingContext);
 
   /**