In order to handle the content script case correctly we must expose the
contentScriptAddonPolicy to JavaScript. With that we can always see what
extension is trying to perform an action and use its name rather than internal
ID in the dialog.
Differential Revision: https://phabricator.services.mozilla.com/D161282
In order to handle the content script case correctly we must expose the
contentScriptAddonPolicy to JavaScript. With that we can always see what
extension is trying to perform an action and use its name rather than internal
ID in the dialog.
Differential Revision: https://phabricator.services.mozilla.com/D161282
After the previous changes, the majority of methods on nsIPrincipal are now
threadsafe. This patch documents which methods are still bound to the main
thread, and adds thread assertions to them to avoid potential misuse.
Differential Revision: https://phabricator.services.mozilla.com/D163041
This changes out almost all places `AddonPolicy()` is used within nsIPrincipal
implementations, replacing it with the threadsafe `AddonPolicyCore()` method
and `WebExtensionPolicyCore` type.
Differential Revision: https://phabricator.services.mozilla.com/D163040
This is required for deserializing nsIPrincipal instances from PrincipalInfo to
be threadsafe, as setting domain with `SetDomain()` is only safe on the main
thread, due to it enumerating and updating JS wrappers.
Differential Revision: https://phabricator.services.mozilla.com/D163036
The script security manager is not a threadsafe service, but the method just
calls SecurityCompareURIs (which was made threadsafe in part 3). Switch to
calling that directly.
Differential Revision: https://phabricator.services.mozilla.com/D163034
This patch only makes the very basics of nsIPrincipal manipulation threadsafe,
such as reference counting, and some trivial methods. The more complex methods
will be made threadsafe in following parts.
Differential Revision: https://phabricator.services.mozilla.com/D163032
In order to handle the content script case correctly we must expose the
contentScriptAddonPolicy to JavaScript. With that we can always see what
extension is trying to perform an action and use its name rather than internal
ID in the dialog.
Differential Revision: https://phabricator.services.mozilla.com/D161282
In order to handle the content script case correctly we must expose the
contentScriptAddonPolicy to JavaScript. With that we can always see what
extension is trying to perform an action and use its name rather than internal
ID in the dialog.
Differential Revision: https://phabricator.services.mozilla.com/D161282
This will be used in SitePermsAddonInstallRequestPrototype to discriminate permission
requests coming from localhost, where we want to fallback to regular permission prompt.
Depends on D151477
Differential Revision: https://phabricator.services.mozilla.com/D157658
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
We need a helper function for checking principal if it's in the foreign
allow list.
In this patch we will add a BasePrincipal::IsURIInList() because this is
needed for RejectForeignAllowList::Check().
Differential Revision: https://phabricator.services.mozilla.com/D123804
For every cookie permission check CookieJarSettings::CookiePermission has to create a new principal.
This is slow. It uses a cloned principal so it can strip the origin attributes which should not be
used for the permission check.
With this patch we no longer need to clone the principal. We pass in the original principal and perform
the OA stripping on an OA copy in BasePrincipal::EqualsForPermission.
Before, EqualsForPermission was guaranteed to get a content principal, because ClonePrincipalForPermission
enforced it. BasePrincipal::EqualsForPermission was refactored to account for non content principals.
Differential Revision: https://phabricator.services.mozilla.com/D120834
This provides a getter which can be used to interact with the precursor
attribute of the null principal.
Depends on D119691
Differential Revision: https://phabricator.services.mozilla.com/D119692
This is a step towards separating the mutable state on principals from const
state which can be made threadsafe. The remaining mutable fields will either
need to be moved off of nsIPrincipal or made threadsafe to destroy (e.g. using
nsMainThreadPtrHandle) and stored behind a mutex.
Serialization is handled for most types using a separate Deserializer class,
like how it was handled with `nsIURI` mutators. SystemPrincipal wasn't changed
as the `Read` method is a no-op for that class.
Differential Revision: https://phabricator.services.mozilla.com/D115092
We want to partition the CORS preflight cache by the network state
partitioning. So, we have done two things in the patch. First, we make
the CORS preflight cache to be aware of the OriginAttributes. Second, we
use the originAttributes of the network state partitioning in the CORS
preflight cache. As the result, the CORS preflight cache will be
partitioned by the originAttributes.partitionKey as well as other
originAttributes fields if present.
Differential Revision: https://phabricator.services.mozilla.com/D93683
