Bug 1365166 - rename security.data_uri.inherit_security_context to security.data_uri.unique_opaque_origin. r=smaug, ckerschb

Originally the pref is called security.data_uri.inherit_security_context, so the pref is default on. And when we finish this feature, we turn it off. To avoid causing confusion in the future, perhaps we should rename it and make the pref default off.
2024-11-24 21:31:04 +00:00 · 2017-05-17 11:03:33 +08:00 · 2017-05-17 11:03:33 +08:00 · ccb4b5db4c
commit ccb4b5db4c
parent 104dab7abe
5 changed files with 17 additions and 14 deletions
--- a/dom/ipc/ContentPrefs.cpp
+++ b/dom/ipc/ContentPrefs.cpp
@ -206,7 +206,7 @@ const char* mozilla::dom::ContentPrefs::gInitPrefs[] = {
  "privacy.firstparty.isolate",
  "privacy.firstparty.isolate.restrict_opener_access",
  "privacy.resistFingerprinting",
-  "security.data_uri.inherit_security_context",
+  "security.data_uri.unique_opaque_origin",
  "security.fileuri.strict_origin_policy",
  "security.sandbox.content.level",
  "security.sandbox.content.tempDirSuffix",
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -5665,14 +5665,17 @@ pref("security.mixed_content.send_hsts_priming", true);
 pref("security.mixed_content.use_hsts", true);
 #endif
 // Approximately 1 week default cache for HSTS priming failures, in seconds
-pref ("security.mixed_content.hsts_priming_cache_timeout", 604800);
+pref("security.mixed_content.hsts_priming_cache_timeout", 604800);
 // Force the channel to timeout in 3 seconds if we have not received
 // expects a time in milliseconds
-pref ("security.mixed_content.hsts_priming_request_timeout", 3000);
+pref("security.mixed_content.hsts_priming_request_timeout", 3000);

-// If true, data: URIs inherit the principal (security context) of the parent.
-// If false, data: URIs use a NullPrincipal as the security context.
-pref ("security.data_uri.inherit_security_context", true);
+// TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
+// If true, data: URIs will be treated as unique opaque origins, hence will use
+// a NullPrincipal as the security context.
+// Otherwise it will inherit the origin from parent node, this is the legacy
+// behavior of Firefox.
+pref("security.data_uri.unique_opaque_origin", false);

 // Disable Storage api in release builds.
 #if defined(NIGHTLY_BUILD) && !defined(MOZ_WIDGET_ANDROID)
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -171,7 +171,7 @@ static const char kProfileDoChange[] = "profile-do-change";
 uint32_t   nsIOService::gDefaultSegmentSize = 4096;
 uint32_t   nsIOService::gDefaultSegmentCount = 24;

-bool nsIOService::sDataURIInheritSecurityContext = true;
+bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false;

 ////////////////////////////////////////////////////////////////////////////////

@ -253,8 +253,8 @@ nsIOService::Init()
    else
        NS_WARNING("failed to get observer service");

-    Preferences::AddBoolVarCache(&sDataURIInheritSecurityContext,
-                                 "security.data_uri.inherit_security_context", true);
+    Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin,
+                                 "security.data_uri.unique_opaque_origin", false);
    Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);

    gIOService = this;
@ -1932,9 +1932,9 @@ nsIOService::SpeculativeAnonymousConnect2(nsIURI *aURI,
 }

 /*static*/ bool
-nsIOService::IsInheritSecurityContextForDataURIEnabled()
+nsIOService::IsDataURIUniqueOpaqueOrigin()
 {
-  return sDataURIInheritSecurityContext;
+  return sIsDataURIUniqueOpaqueOrigin;
 }

 } // namespace net
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@ -95,7 +95,7 @@ public:

    bool IsLinkUp();

-    static bool IsInheritSecurityContextForDataURIEnabled();
+    static bool IsDataURIUniqueOpaqueOrigin();

    // Used to count the total number of HTTP requests made
    void IncrementRequestNumber() { mTotalRequests++; }
@ -185,7 +185,7 @@ private:

    bool                                 mNetworkNotifyChanged;

-    static bool                          sDataURIInheritSecurityContext;
+    static bool                          sIsDataURIUniqueOpaqueOrigin;

    uint32_t mTotalRequests;
    uint32_t mCacheWon;
--- a/netwerk/protocol/data/nsDataHandler.cpp
+++ b/netwerk/protocol/data/nsDataHandler.cpp
@ -58,7 +58,7 @@ nsDataHandler::GetProtocolFlags(uint32_t *result) {

    // Until Bug 1324406 and all it's dependencies are fixed
    // data: URIs inherit the security context.
-    if (nsIOService::IsInheritSecurityContextForDataURIEnabled()) {
+    if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) {
        *result |= URI_INHERITS_SECURITY_CONTEXT;
    }
    return NS_OK;