Bug 1894958: Let's name this page more accurately r=timhuang

The purpose of this page is to improve the fingerprinting protections in Firefox. Differential Revision: https://phabricator.services.mozilla.com/D209599
2024-06-04 20:02:26 +00:00 · 2024-06-04 20:02:26 +00:00 · e26694557f
commit e26694557f
parent 8e1d0b5319
7 changed files with 25 additions and 20 deletions
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@ -108,7 +108,7 @@ static const RedirEntry kRedirMap[] = {
    {"credits", "https://www.mozilla.org/credits/",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
-    {"fingerprinting",
+    {"fingerprintingprotection",
     "chrome://global/content/usercharacteristics/usercharacteristics.html",
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::ALLOW_SCRIPT |
--- a/docshell/build/components.conf
+++ b/docshell/build/components.conf
@ -16,7 +16,7 @@ about_pages = [
    'crashgpu',
    'crashextensions',
    'credits',
-    'fingerprinting',
+    'fingerprintingprotection',
    'httpsonlyerror',
    'license',
    'logging',
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@ -1363,20 +1363,20 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
             "about: page must contain a CSP denying object-src");
  // preferences and downloads allow legacy inline scripts through hash src.
-  MOZ_ASSERT(!foundScriptSrc ||
+  MOZ_ASSERT(
-                 StringBeginsWith(aboutSpec, "about:preferences"_ns) ||
+      !foundScriptSrc || StringBeginsWith(aboutSpec, "about:preferences"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:settings"_ns) ||
+          StringBeginsWith(aboutSpec, "about:settings"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:downloads"_ns) ||
+          StringBeginsWith(aboutSpec, "about:downloads"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:fingerprinting"_ns) ||
+          StringBeginsWith(aboutSpec, "about:fingerprintingprotection"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:asrouter"_ns) ||
+          StringBeginsWith(aboutSpec, "about:asrouter"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:newtab"_ns) ||
+          StringBeginsWith(aboutSpec, "about:newtab"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:logins"_ns) ||
+          StringBeginsWith(aboutSpec, "about:logins"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:compat"_ns) ||
+          StringBeginsWith(aboutSpec, "about:compat"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:welcome"_ns) ||
+          StringBeginsWith(aboutSpec, "about:welcome"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:profiling"_ns) ||
+          StringBeginsWith(aboutSpec, "about:profiling"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:studies"_ns) ||
+          StringBeginsWith(aboutSpec, "about:studies"_ns) ||
-                 StringBeginsWith(aboutSpec, "about:home"_ns),
+          StringBeginsWith(aboutSpec, "about:home"_ns),
-             "about: page must not contain a CSP including script-src");
+      "about: page must not contain a CSP including script-src");
  MOZ_ASSERT(!foundWorkerSrc,
             "about: page must not contain a CSP including worker-src");
--- a/toolkit/components/resistfingerprinting/RFPHelper.sys.mjs
+++ b/toolkit/components/resistfingerprinting/RFPHelper.sys.mjs
@ -118,7 +118,7 @@ class _RFPHelper {
          UserCharacteristicsDataDone: { wantUntrusted: true },
        },
      },
-      matches: ["about:fingerprinting"],
+      matches: ["about:fingerprintingprotection"],
      remoteTypes: ["privilegedabout"],
    });
  }
@ -324,6 +324,11 @@ class _RFPHelper {
  }
  _registerLetterboxingActor() {
    /*
     * It turns out that this triggers a warning that we're registering a Desktop-only actor
     * in toolkit (which will also run on mobile.)  It just happens this actor only handles
     * letterboxing, which isn't used on mobile, but we should resolve this.
     */
    ChromeUtils.registerWindowActor("RFPHelper", {
      parent: {
        esModuleURI: "resource:///actors/RFPHelperParent.sys.mjs",
--- a/toolkit/components/resistfingerprinting/UserCharacteristicsPageService.sys.mjs
+++ b/toolkit/components/resistfingerprinting/UserCharacteristicsPageService.sys.mjs
@ -169,7 +169,7 @@ export class UserCharacteristicsPageService {
        };
        let userCharacteristicsPageURI = Services.io.newURI(
-          "about:fingerprinting"
+          "about:fingerprintingprotection"
        );
        browser.loadURI(userCharacteristicsPageURI, loadURIOptions);
--- a/toolkit/components/resistfingerprinting/content/usercharacteristics.html
+++ b/toolkit/components/resistfingerprinting/content/usercharacteristics.html
@ -10,7 +10,7 @@
      http-equiv="Content-Security-Policy"
      content="default-src data: resource:; style-src-elem chrome:; object-src 'none'; script-src chrome:"
    />
-    <title>about:fingerprinting</title>
+    <title>about:fingerprintingprotection</title>
    <link
      href="chrome://global/content/usercharacteristics/usercharacteristics.css"
--- a/toolkit/components/resistfingerprinting/tests/browser/browser_usercharacteristics.js
+++ b/toolkit/components/resistfingerprinting/tests/browser/browser_usercharacteristics.js
@ -16,7 +16,7 @@ function promiseObserverNotification() {
      GleanPings.userCharacteristics.testBeforeNextSubmit(_ => {
        submitted = true;
-        // Did we assign a value we got out of about:fingerprinting?
+        // Did we assign a value we got out of about:fingerprintingprotection?
        Assert.notEqual("", Glean.characteristics.canvasdata1.testGetValue());
      });
      GleanPings.userCharacteristics.submit();