Bug 1521542 - Disable Process Switching for Sandboxed Contexts r=ckerschb,nika

Differential Revision: https://phabricator.services.mozilla.com/D76704
2024-10-09 03:15:11 +00:00 · 2020-06-04 10:46:48 +00:00 · 2020-06-04 10:46:48 +00:00 · 91a18c1346
commit 91a18c1346
parent ceedac76da
2 changed files with 12 additions and 12 deletions
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -119,6 +119,7 @@
 #include "nsIInputStreamChannel.h"
 #include "nsFocusManager.h"
 #include "nsIOpenWindowInfo.h"
+#include "nsSandboxFlags.h"

 #if !defined(XP_WIN)
 #  include "mozilla/Omnijar.h"
@ -880,13 +881,21 @@ nsresult ContentChild::ProvideWindowCommon(
  bool useRemoteSubframes =
      aChromeFlags & nsIWebBrowserChrome::CHROME_FISSION_WINDOW;

+  uint32_t parentSandboxFlags = parent->SandboxFlags();
+  if (Document* doc = parent->GetDocument()) {
+    parentSandboxFlags = doc->GetSandboxFlags();
+  }
+
+  bool sandboxFlagsPropagate =
+      parentSandboxFlags & SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS;
+
  // Check if we should load in a different process. Under Fission, we never
  // want to do this, since the Fission process selection logic will handle
  // everything for us. Outside of Fission, we always want to load in a
  // different process if we have noopener set, but we also might if we can't
  // load in the current process.
-  bool loadInDifferentProcess =
-      aForceNoOpener && sNoopenerNewProcess && !useRemoteSubframes;
+  bool loadInDifferentProcess = aForceNoOpener && sNoopenerNewProcess &&
+                                !useRemoteSubframes && !sandboxFlagsPropagate;
  if (!loadInDifferentProcess && aURI) {
    // Only special-case cross-process loads if Fission is disabled. With
    // Fission enabled, the initial in-process load will automatically be
@ -904,7 +913,7 @@ nsresult ContentChild::ProvideWindowCommon(

  // If we're in a content process and we have noopener set, there's no reason
  // to load in our process, so let's load it elsewhere!
-  if (loadInDifferentProcess) {
+  if (loadInDifferentProcess && !sandboxFlagsPropagate) {
    float fullZoom;
    nsCOMPtr<nsIPrincipal> triggeringPrincipal;
    nsCOMPtr<nsIContentSecurityPolicy> csp;
--- a/testing/web-platform/meta/html/cross-origin-opener-policy/coop-sandbox.https.html.ini
+++ b/testing/web-platform/meta/html/cross-origin-opener-policy/coop-sandbox.https.html.ini
@ -1,9 +0,0 @@
-[coop-sandbox.https.html]
-  [<iframe sandbox="allow-popups allow-scripts"> Sandboxed Cross-Origin-Opener-Policy popup should result in a network error]
-    expected:
-      if webrender and fission: [PASS, FAIL]
-      if webrender and (os == "linux") and debug: [FAIL, PASS]
-      if webrender and (os == "linux") and not debug: [FAIL, PASS]
-      if webrender and (os == "win"): [FAIL, PASS]
-      FAIL
-