Created
August 24, 2016 07:28
-
-
Save allstarschh/063a229329cbef7375ee60cd7d75ad2f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 5286a88e433ef7d29abb50f45013e008128a7d47 | |
Author: Yoshi Huang <allstars.chh@mozilla.com> | |
Date: Wed Aug 24 15:25:59 2016 +0800 | |
smaug's comment | |
diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp | |
index 9726583..fb223e0 100644 | |
--- a/caps/nsScriptSecurityManager.cpp | |
+++ b/caps/nsScriptSecurityManager.cpp | |
@@ -449,19 +449,27 @@ nsScriptSecurityManager::GetChannelURIPrincipal(nsIChannel* aChannel, | |
nsIContentPolicy::TYPE_SUBDOCUMENT == contentPolicyType) { | |
// If it's document or sub-document, inherit originAttributes from | |
// the document. | |
if (loadContext) { | |
DocShellOriginAttributes docShellAttrs; | |
loadContext->GetOriginAttributes(docShellAttrs); | |
attrs.InheritFromDocShellToDoc(docShellAttrs, uri); | |
+ // Cache the privacy.firstparty.isolate pref. | |
+ static bool sFirstPartyIsolation = false; | |
+ static bool sCachedFirstPartyPref = false; | |
+ if (!sCachedFirstPartyPref) { | |
+ sCachedFirstPartyPref = true; | |
+ Preferences::AddBoolVarCache(&sFirstPartyIsolation, "privacy.firstparty.isolate"); | |
+ } | |
+ | |
// When the pref is on, we also compute the firstParyDomain attribute | |
// if it's top-level document, | |
- if (Preferences::GetBool("privacy.firstparty.isolate", false) && | |
+ if (sFirstPartyIsolation && | |
nsIContentPolicy::TYPE_DOCUMENT == contentPolicyType) { | |
nsCOMPtr<nsIEffectiveTLDService> tldService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); | |
NS_ENSURE_TRUE(tldService, NS_ERROR_FAILURE); | |
nsAutoCString baseDomain; | |
tldService->GetBaseDomain(uri, 0, baseDomain); | |
attrs.mFirstPartyDomain = NS_ConvertUTF8toUTF16(baseDomain); | |
} | |
diff --git a/dom/base/nsFrameLoader.cpp b/dom/base/nsFrameLoader.cpp | |
index 7c4d8cd..7506401 100644 | |
--- a/dom/base/nsFrameLoader.cpp | |
+++ b/dom/base/nsFrameLoader.cpp | |
@@ -2096,18 +2096,37 @@ nsFrameLoader::MaybeCreateDocShell() | |
if (docShell->ItemType() == mDocShell->ItemType()) { | |
attrs = nsDocShell::Cast(docShell)->GetOriginAttributes(); | |
} | |
// Inherit origin attributes from parent document. For example, | |
// firstPartyDomain is computed from top-level document, it doesn't exist in | |
// the top-level docshell. | |
if (parentType == nsIDocShellTreeItem::typeContent) { | |
+ MOZ_ASSERT(attrs.mFirstPartyDomain.IsEmpty(), | |
+ "Top-level DocShellAttributes shouldn't have FirstPartyDomain attribute."); | |
PrincipalOriginAttributes poa = BasePrincipal::Cast(doc->NodePrincipal())->OriginAttributesRef(); | |
attrs.InheritFromDocToChildDocShell(poa); | |
+ | |
+#ifdef DEBUG | |
+ // Cache the privacy.firstparty.isolate pref. | |
+ static bool sFirstPartyIsolation = false; | |
+ static bool sCachedFirstPartyPref = false; | |
+ if (!sCachedFirstPartyPref) { | |
+ sCachedFirstPartyPref = true; | |
+ Preferences::AddBoolVarCache(&sFirstPartyIsolation, "privacy.firstparty.isolate"); | |
+ } | |
+ | |
+ // When the pref is on, top-level document and child-docshell should have | |
+ // firstParyDomain attribute. | |
+ if (sFirstPartyIsolation) { | |
+ MOZ_ASSERT(!poa.mFirstPartyDomain.IsEmpty(), "Top-level document should have FirstPartyDomain attribute."); | |
+ MOZ_ASSERT(!attrs.mFirstPartyDomain.IsEmpty(), "Child DocShell should have FirstPartyDomain attribute."); | |
+ } | |
+#endif /* DEBUG */ | |
} | |
if (OwnerIsAppFrame()) { | |
// You can't be both an app and a browser frame. | |
MOZ_ASSERT(!OwnerIsMozBrowserFrame()); | |
nsCOMPtr<mozIApplication> ownApp = GetOwnApp(); | |
MOZ_ASSERT(ownApp); | |
diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp | |
index 3623b8c..dec4021 100644 | |
--- a/netwerk/ipc/NeckoParent.cpp | |
+++ b/netwerk/ipc/NeckoParent.cpp | |
@@ -134,16 +134,17 @@ NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized, | |
continue; | |
} | |
aAttrs = DocShellOriginAttributes(); | |
aAttrs.mAppId = appId; | |
aAttrs.mInIsolatedMozBrowser = inBrowserElement; | |
aAttrs.mSignedPkg = aSerialized.mOriginAttributes.mSignedPkg; | |
aAttrs.mUserContextId = aSerialized.mOriginAttributes.mUserContextId; | |
aAttrs.mPrivateBrowsingId = aSerialized.mOriginAttributes.mPrivateBrowsingId; | |
+ aAttrs.mFirstPartyDomain = aSerialized.mOriginAttributes.mFirstPartyDomain; | |
return nullptr; | |
} | |
if (contextArray.Length() != 0) { | |
return "App does not have permission"; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment