Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-23 10:54:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1469993 - Grant storage access to a 3rd party, tracking resource if a opened document has user-interaction - part 2 - storing first user interaction in nsILoadInfo, r=ehsan

Browse Source
This commit is contained in:
Andrea Marchesini 2018-07-10 10:09:59 +02:00
parent e6921e1adc
commit ba1f8971c7
8 changed files with 81 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dom/base/nsContentUtils.cpp
View File

@ -8883,12 +8883,24 @@ nsContentUtils::StorageDisabledByAntiTracking(nsPIDOMWindowInner* aWindow,
return false;
}
// If this is not a tracking resource, nothing is disabled.
if (!httpChannel->GetIsTrackingResource()) {
return false;
}
// TODO storage access check
return true;
nsCOMPtr<nsIURI> uri;
nsresult rv = httpChannel->GetURI(getter_AddRefs(uri));
if (NS_WARN_IF(NS_FAILED(rv))) {
return false;
}
nsCOMPtr<nsILoadInfo> loadInfo;
rv = aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
if (NS_WARN_IF(NS_FAILED(rv))) {
return false;
}
return !loadInfo->IsFirstPartyStorageAccessGrantedFor(uri);
}
// static, private

6
dom/base/nsGlobalWindowInner.cpp
View File

@ -8045,6 +8045,12 @@ nsGlobalWindowInner::AddFirstPartyStorageAccessGrantedFor(const nsAString& aOrig
}
}
const nsTArray<nsString>&
nsGlobalWindowInner::GetFirstPartyStorageAccessGrantedOrigins() const
{
return mStorageGrantedOrigins;
}
bool
nsGlobalWindowInner::IsFirstPartyStorageAccessGrantedFor(nsIURI* aURI) const
{

3
dom/base/nsGlobalWindowInner.h
View File

@ -720,6 +720,9 @@ public:
void
AddFirstPartyStorageAccessGrantedFor(const nsAString& aOrigin);
const nsTArray<nsString>&
GetFirstPartyStorageAccessGrantedOrigins() const;
bool
IsFirstPartyStorageAccessGrantedFor(nsIURI* aURI) const;

2
ipc/glue/BackgroundUtils.cpp
View File

@ -403,6 +403,7 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
aLoadInfo->GetSecurityFlags(),
aLoadInfo->InternalContentPolicyType(),
static_cast<uint32_t>(aLoadInfo->GetTainting()),
aLoadInfo->GetFirstPartyStorageAccessGrantedOrigins(),
aLoadInfo->GetUpgradeInsecureRequests(),
aLoadInfo->GetBrowserUpgradeInsecureRequests(),
aLoadInfo->GetBrowserWouldUpgradeInsecureRequests(),
@ -551,6 +552,7 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
loadInfoArgs.securityFlags(),
loadInfoArgs.contentPolicyType(),
static_cast<LoadTainting>(loadInfoArgs.tainting()),
loadInfoArgs.firstPartyStorageAccessGrantedOrigins(),
loadInfoArgs.upgradeInsecureRequests(),
loadInfoArgs.browserUpgradeInsecureRequests(),
loadInfoArgs.browserWouldUpgradeInsecureRequests(),

40
netwerk/base/LoadInfo.cpp
View File

@ -150,6 +150,13 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
nsCOMPtr<nsPIDOMWindowOuter> parent = contextOuter->GetScriptableParent();
mParentOuterWindowID = parent ? parent->WindowID() : mOuterWindowID;
mTopOuterWindowID = FindTopOuterWindowID(contextOuter);
nsGlobalWindowInner* innerWindow =
nsGlobalWindowInner::Cast(contextOuter->GetCurrentInnerWindow());
if (innerWindow) {
mFirstPartyStorageAccessGrantedOrigins =
innerWindow->GetFirstPartyStorageAccessGrantedOrigins();
}
}
mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
@ -334,6 +341,13 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
mParentOuterWindowID = parent ? parent->WindowID() : 0;
mTopOuterWindowID = FindTopOuterWindowID(aOuterWindow);
nsGlobalWindowInner* innerWindow =
nsGlobalWindowInner::Cast(aOuterWindow->GetCurrentInnerWindow());
if (innerWindow) {
mFirstPartyStorageAccessGrantedOrigins =
innerWindow->GetFirstPartyStorageAccessGrantedOrigins();
}
// get the docshell from the outerwindow, and then get the originattributes
nsCOMPtr<nsIDocShell> docShell = aOuterWindow->GetDocShell();
MOZ_ASSERT(docShell);
@ -413,6 +427,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
LoadTainting aTainting,
const nsTArray<nsString>& aFirstPartyStorageAccessGrantedOrigins,
bool aUpgradeInsecureRequests,
bool aBrowserUpgradeInsecureRequests,
bool aBrowserWouldUpgradeInsecureRequests,
@ -452,6 +467,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
, mSecurityFlags(aSecurityFlags)
, mInternalContentPolicyType(aContentPolicyType)
, mTainting(aTainting)
, mFirstPartyStorageAccessGrantedOrigins(aFirstPartyStorageAccessGrantedOrigins)
, mUpgradeInsecureRequests(aUpgradeInsecureRequests)
, mBrowserUpgradeInsecureRequests(aBrowserUpgradeInsecureRequests)
, mBrowserWouldUpgradeInsecureRequests(aBrowserWouldUpgradeInsecureRequests)
@ -1392,5 +1408,29 @@ LoadInfo::GetPerformanceStorage()
return mPerformanceStorage;
}
const nsTArray<nsString>&
LoadInfo::GetFirstPartyStorageAccessGrantedOrigins()
{
return mFirstPartyStorageAccessGrantedOrigins;
}
bool
LoadInfo::IsFirstPartyStorageAccessGrantedFor(nsIURI* aURI)
{
MOZ_ASSERT(aURI);
if (mFirstPartyStorageAccessGrantedOrigins.IsEmpty()) {
return false;
}
nsAutoString origin;
nsresult rv = nsContentUtils::GetUTFOrigin(aURI, origin);
if (NS_WARN_IF(NS_FAILED(rv))) {
return false;
}
return mFirstPartyStorageAccessGrantedOrigins.Contains(origin);
}
} // namespace net
} // namespace mozilla

2
netwerk/base/LoadInfo.h
View File

@ -105,6 +105,7 @@ private:
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
LoadTainting aTainting,
const nsTArray<nsString>& aFirstPartyStorageAccessGrantedOrigins,
bool aUpgradeInsecureRequests,
bool aBrowserUpgradeInsecureRequests,
bool aBrowserWouldUpgradeInsecureRequests,
@ -173,6 +174,7 @@ private:
nsSecurityFlags mSecurityFlags;
nsContentPolicyType mInternalContentPolicyType;
LoadTainting mTainting;
nsTArray<nsString> mFirstPartyStorageAccessGrantedOrigins;
bool mUpgradeInsecureRequests;
bool mBrowserUpgradeInsecureRequests;
bool mBrowserWouldUpgradeInsecureRequests;

16
netwerk/base/nsILoadInfo.idl
View File

@ -34,7 +34,8 @@ class ServiceWorkerDescriptor;
[ref] native nsIRedirectHistoryEntryArray(const nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>>);
native OriginAttributes(mozilla::OriginAttributes);
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
[ref] native StringArrayRef(const nsTArray<nsCString>);
[ref] native CStringArrayRef(const nsTArray<nsCString>);
[ref] native StringArrayRef(const nsTArray<nsString>);
[ref] native Uint64ArrayRef(const nsTArray<uint64_t>);
[ref] native PrincipalArrayRef(const nsTArray<nsCOMPtr<nsIPrincipal>>);
[ref] native const_ClientInfoRef(const mozilla::dom::ClientInfo);
@ -783,7 +784,7 @@ interface nsILoadInfo : nsISupports
* Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode.
*/
[noscript, notxpcom, nostdcall]
void setCorsPreflightInfo(in StringArrayRef unsafeHeaders,
void setCorsPreflightInfo(in CStringArrayRef unsafeHeaders,
in boolean forcePreflight);
/**
@ -792,7 +793,7 @@ interface nsILoadInfo : nsISupports
* loadInfo object - use with caution!
*/
[noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)]
StringArrayRef corsUnsafeHeaders();
CStringArrayRef corsUnsafeHeaders();
/**
* Returns value set through setCorsPreflightInfo.
@ -1019,4 +1020,13 @@ interface nsILoadInfo : nsISupports
*/
[noscript, nostdcall, notxpcom]
void SynthesizeServiceWorkerTainting(in LoadTainting aTainting);
/**
* This is the origin that has access storage granted also if 3rd party and
* in the tracking protection list.
*/
[noscript, notxpcom, nostdcall]
StringArrayRef getFirstPartyStorageAccessGrantedOrigins();
[noscript, notxpcom, nostdcall]
bool isFirstPartyStorageAccessGrantedFor(in nsIURI aURI);
};

1
netwerk/ipc/NeckoChannelParams.ipdlh
View File

@ -46,6 +46,7 @@ struct LoadInfoArgs
uint32_t securityFlags;
uint32_t contentPolicyType;
uint32_t tainting;
nsString[] firstPartyStorageAccessGrantedOrigins;
bool upgradeInsecureRequests;
bool browserUpgradeInsecureRequests;
bool browserWouldUpgradeInsecureRequests;