nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1839464 - Check storage access in content accessible about pages. r=bvandersloot,anti-tracking-reviewers

Browse source 
Differential Revision: https://phabricator.services.mozilla.com/D181807
This commit is contained in:
Tim Huang 2023-06-26 08:49:32 +00:00
parent 429b3f5f17
commit 91aa41a399
1 changed files with 5 additions and 2 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

7
toolkit/components/antitracking/StorageAccess.cpp
View file

@ -15,6 +15,7 @@
#include "mozilla/StaticPrefs_network.h"
#include "mozilla/StaticPrefs_privacy.h"
#include "mozilla/StorageAccess.h"
#include "nsAboutProtocolUtils.h"
#include "nsContentUtils.h"
#include "nsGlobalWindowInner.h"
#include "nsICookiePermission.h"
@ -133,8 +134,10 @@ static StorageAccess InternalStorageAllowedCheck(
// We need to check the aURI or the document URI here instead of only checking
// the URI from the principal. Because the principal might not have a URI if
// it is a system principal.
if ((aURI && aURI->SchemeIs("about")) ||
(documentURI && documentURI->SchemeIs("about")) ||
if ((aURI && aURI->SchemeIs("about") &&
!NS_IsContentAccessibleAboutURI(aURI)) ||
(documentURI && documentURI->SchemeIs("about") &&
!NS_IsContentAccessibleAboutURI(documentURI)) ||
aPrincipal->SchemeIs("about")) {
return access;
}