Bug 1641905 - ThirdPartyUtil::IsThirdPartyWindow for fission - webExtension, r=robwu,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D80035
This commit is contained in:
Andrea Marchesini 2020-06-23 11:52:57 +00:00
parent 6aa5b38d30
commit 7aebde2331
4 changed files with 62 additions and 14 deletions

View File

@ -556,6 +556,11 @@ nsresult BasePrincipal::CheckMayLoadHelper(nsIURI* aURI,
NS_IMETHODIMP
BasePrincipal::IsThirdPartyURI(nsIURI* aURI, bool* aRes) {
if (AddonPolicy() && AddonAllowsLoad(aURI)) {
*aRes = false;
return NS_OK;
}
*aRes = true;
// If we do not have a URI its always 3rd party.
nsCOMPtr<nsIURI> prinURI;

View File

@ -368,14 +368,21 @@ already_AddRefed<BasePrincipal> ExpandedPrincipal::FromProperties(
NS_IMETHODIMP
ExpandedPrincipal::IsThirdPartyURI(nsIURI* aURI, bool* aRes) {
nsresult rv;
// ExpandedPrincipal for extension content scripts consist of two principals,
// the document's principal and the extension's principal.
// To make sure that the third-party check behaves like the web page on which
// the content script is running, ignore the extension's principal.
for (const auto& principal : mPrincipals) {
rv = Cast(principal)->IsThirdPartyURI(aURI, aRes);
if (NS_WARN_IF(NS_FAILED(rv)) || !*aRes) {
return rv;
if (!Cast(principal)->AddonPolicy()) {
return Cast(principal)->IsThirdPartyURI(aURI, aRes);
}
}
if (mPrincipals.IsEmpty()) {
*aRes = true;
return NS_OK;
}
return Cast(mPrincipals[0])->IsThirdPartyURI(aURI, aRes);
}

View File

@ -288,16 +288,12 @@ ThirdPartyUtil::IsThirdPartyChannel(nsIChannel* aChannel, nsIURI* aURI,
if (!doForce) {
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
parentIsThird = loadInfo->GetIsInThirdPartyContext();
BasePrincipal* loadingPrincipal =
BasePrincipal::Cast(loadInfo->GetLoadingPrincipal());
if (!parentIsThird &&
loadInfo->GetExternalContentPolicyType() !=
nsIContentPolicy::TYPE_DOCUMENT &&
(!loadingPrincipal->AddonPolicy() ||
!loadingPrincipal->AddonAllowsLoad(channelURI))) {
if (!parentIsThird && loadInfo->GetExternalContentPolicyType() !=
nsIContentPolicy::TYPE_DOCUMENT) {
// Check if the channel itself is third-party to its own requestor.
// Unforunately, we have to go through the loading principal.
BasePrincipal* loadingPrincipal =
BasePrincipal::Cast(loadInfo->GetLoadingPrincipal());
rv = loadingPrincipal->IsThirdPartyURI(channelURI, &parentIsThird);
if (NS_FAILED(rv)) {
return rv;

View File

@ -46,6 +46,22 @@ function promiseLoadedCookies() {
response.write("<html><script>fetch('/checkCookies');</script></html>");
});
server.registerPathHandler("/nestedfetch", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.write(
"<html><iframe src='http://example.net/nestedfetch2'></iframe></html>"
);
});
server.registerPathHandler("/nestedfetch2", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.write(
"<html><iframe src='http://example.org/fetch'></iframe></html>"
);
});
server.registerPathHandler("/ready", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
@ -122,10 +138,34 @@ add_task(async function test_cookies_firstParty() {
extension,
});
// Let's check the cookies received during the last loading.
Assert.equal(await cookiesPromise, "none=a; lax=b; strict=c");
await contentPage.close();
// Let's run a fetch() from a nested iframe (extension -> example.net ->
// example.org -> fetch)
cookiesPromise = promiseLoadedCookies();
contentPage = await ExtensionTestUtils.loadContentPage(url + "?nestedfetch", {
extension,
});
// Let's check the cookies received during the last loading.
Assert.equal(await cookiesPromise, "none=a");
await contentPage.close();
// Let's run a fetch() from a nested iframe (extension -> example.org -> fetch)
cookiesPromise = promiseLoadedCookies();
contentPage = await ExtensionTestUtils.loadContentPage(
url + "?nestedfetch2",
{
extension,
}
);
// Let's check the cookies received during the last loading.
Assert.equal(await cookiesPromise, "none=a; lax=b; strict=c");
await contentPage.close();
await extension.unload();
});