nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/toolkit/components
History
Tom Ritter bc2e6a72ad Bug 1830070: Correctly apply RFP Checks to about: documents and deal with pop-ups r=smaug,necko-reviewers,emilio 
This patch has three parts to it:

1) Use NS_IsContentAccessibleAboutURI to ensure that only safe
   about: documents get exempted.

   With this change, we will no longer allow about:blank or
   about:srcdoc to be exempted base on URI.  If they are to be
   exempted, it will need to be base on other information.

2) In Document::RecomputeResistFingerprinting we previously
   deferred to a Parent Document if we had one, and either the
   principals matched or we were a null principal.

   We will do the same thing, except we will also defer to our
   opener as well as the parent document.  Now about:blank
   documents can be exempted.

   However, this deferral only works if the opener is
   same-process. For cross-process openers, we make the decision
   ourselves.

We can make the wrong decision though. CookieJarSettings is
inherited through iframes but it is _not_ inherited through popups.
(Yet. There's some discussion there, but it's not implemented.)

Conceptually; however, we do want CJS to inherit, and we do want
RFP to inherit as well.  Because a popup can collude with its
opener to bypass RFP and Storage restrictions, we should propagate
the CJS information.

This does lead to an unusual situation: if you have exempted
b.com, and a.com (which is not exempted) creates a popup for b.com
then that popup will not be exempted.  But an open tab for b.com
would be.  And it might be hard to tell those two apart, or why
they behave differently.

The third part of the patch:

3) In LoadInfo we want to populate information down from the
   opener to the popup.  This is needed because otherwise a
   cross-origin popup will not defer to its opener (because in
   Fission they're in different processes) and will decide if
   it should be exempted itself. It's the CookieJarSettings
   object that prevents the cross-origin document from thinking
   it should be exempted - CJS tells it 'No, you're a child
   (either a subdocument or a popup) and if I say you don't get
   an exemption, you don't.'


Finally, there is one more caveat: we can only defer to a parent
document or opener if it still exists.  A popup may outlive its
opener. If that happens, and something induces a call to
RecomputeResistFingerprinting, then (e.g.) an about:blank popup
may lose an RFP exemption that it had received from its parent.
This isn't expected to happen in practice -
RecomputeResistFingerprinting is only called on document creation
and pref changes I believe.

It is not possible for a popup to _gain_ an exemption though,
because even if the parent document is gone, the CJS lives on and
restricts it.

Differential Revision: https://phabricator.services.mozilla.com/D178866
2023-06-19 20:03:27 +00:00
..
aboutcheckerboard Bug 1826063 - Automatic fixes for enabling Prettier on production xhtml and html files. r=mossop,webdriver-reviewers,webcompat-reviewers,geckoview-reviewers,extension-reviewers,settings-reviewers,application-update-reviewers,credential-management-reviewers,fxview-reviewers,sgalich,nalexander,devtools-reviewers,sclements,denschub,robwu,owlish 2023-05-20 12:26:56 +00:00
aboutconfig Bug 1834051 - Decommission --in-content-deemphasized-text and use --text-color-deemphasized instead. r=Itiel 2023-05-23 15:32:33 +00:00
aboutmemory Bug 1834176 - Convert consumers of NetUtil.jsm to import the ES module directly. r=arai,webdriver-reviewers,perftest-reviewers,valentin,extension-reviewers,devtools-reviewers,sync-reviewers,cookie-reviewers,robwu,afinder,whimboo 2023-06-07 08:42:36 +00:00
aboutprocesses Bug 1826063 - Automatic fixes for enabling Prettier on production xhtml and html files. r=mossop,webdriver-reviewers,webcompat-reviewers,geckoview-reviewers,extension-reviewers,settings-reviewers,application-update-reviewers,credential-management-reviewers,fxview-reviewers,sgalich,nalexander,devtools-reviewers,sclements,denschub,robwu,owlish 2023-05-20 12:26:56 +00:00
aboutthirdparty Bug 1830679 - Convert element.setAttribute(data-l10n-{id,args}) uses in the codebase to document.l10n.setAttributes(element, id, args) r=eemeli,Gijs,willdurand,extension-reviewers,settings-reviewers,search-reviewers,devtools-reviewers,fxview-reviewers,mconley,Standard8,jdescottes,kcochrane,tabbrowser-reviewers 2023-06-14 17:16:39 +00:00
aboutwindowsmessages Bug 1826063 - Automatic fixes for enabling Prettier on production xhtml and html files. r=mossop,webdriver-reviewers,webcompat-reviewers,geckoview-reviewers,extension-reviewers,settings-reviewers,application-update-reviewers,credential-management-reviewers,fxview-reviewers,sgalich,nalexander,devtools-reviewers,sclements,denschub,robwu,owlish 2023-05-20 12:26:56 +00:00
alerts Bug 1828073 - Post: Add tests for invalid UTF-16 as arguments to nsIAlertNotifications. r=nalexander 2023-06-02 17:40:55 +00:00
antitracking Bug 1794508 - Add tests r=asuth,anti-tracking-reviewers,pbz 2023-06-16 11:17:40 +00:00
apppicker Bug 1826063 - Automatic fixes for enabling Prettier on production xhtml and html files. r=mossop,webdriver-reviewers,webcompat-reviewers,geckoview-reviewers,extension-reviewers,settings-reviewers,application-update-reviewers,credential-management-reviewers,fxview-reviewers,sgalich,nalexander,devtools-reviewers,sclements,denschub,robwu,owlish 2023-05-20 12:26:56 +00:00
asyncshutdown Bug 1832820 - Don't require unique names for blockers added through nsAsyncShutdownService. r=mak 2023-05-24 11:17:38 +00:00
autocomplete Bug 1837812 - removing searchResult from FormAutoCompleteResult constructor r=issammani,search-reviewers,Standard8 2023-06-12 21:19:01 +00:00
backgroundhangmonitor Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
backgroundtasks Bug 1677718 - Completely remove AppCache API implementation r=necko-reviewers,emilio,jesup 2023-06-02 07:55:23 +00:00
bitsdownload
browser
build
captivedetect Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
cascade_bloom_filter
certviewer Bug 1830679 - Convert element.setAttribute(data-l10n-{id,args}) uses in the codebase to document.l10n.setAttributes(element, id, args) r=eemeli,Gijs,willdurand,extension-reviewers,settings-reviewers,search-reviewers,devtools-reviewers,fxview-reviewers,mconley,Standard8,jdescottes,kcochrane,tabbrowser-reviewers 2023-06-14 17:16:39 +00:00
cleardata Backed out changeset 5be10443a2ea (bug 1807618) for mochitest failures on test_autocomplete_password_generation.html. 2023-06-16 00:48:28 +03:00
clearsitedata
commandlines
contentprefs Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
contextualidentity Bug 1834176 - Convert consumers of NetUtil.jsm to import the ES module directly. r=arai,webdriver-reviewers,perftest-reviewers,valentin,extension-reviewers,devtools-reviewers,sync-reviewers,cookie-reviewers,robwu,afinder,whimboo 2023-06-07 08:42:36 +00:00
cookiebanners Bug 1834204 - Update more consumers to import ES modules directly. r=kpatenio,geckoview-reviewers,whimboo,m_kato 2023-05-26 11:36:33 +00:00
corroborator
crashes Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
crashmonitor Bug 1838155 - Clean up some console.error calls that had been migrated from Cu.reportError. r=jdescottes,perftest-reviewers,geckoview-reviewers,credential-management-reviewers,search-reviewers,sgalich,owlish,jteow,sparky 2023-06-15 08:33:57 +00:00
credentialmanagement Bug 1836363 - Add support for nsIIdentityCredentialPromptService.showAccountListPrompt in GeckoView r=geckoview-reviewers,amejiamarmol 2023-06-19 16:18:49 +00:00
ctypes Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
downloads Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
enterprisepolicies Bug 1835752 Use SysConfD dir instead of hardcoded /etc for the policies; r=mkaply 2023-05-30 12:30:08 +00:00
extensions Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
featuregates Bug 1821955 part 6: Remove the CtW pref. r=eeejay,settings-reviewers,taskgraph-reviewers,bhearsum,Gijs 2023-05-19 02:56:49 +00:00
finalizationwitness
find
forgetaboutsite Bug 1834204 - Update more consumers to import ES modules directly. r=kpatenio,geckoview-reviewers,whimboo,m_kato 2023-05-26 11:36:33 +00:00
formautofill Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
gfx Bug 1837264 - update the value for the pref 'media.wmf.media-engine.enable' usage. r=media-playback-reviewers,aryx,padenot 2023-06-09 17:49:38 +00:00
glean Bug 1837142 - Update to Glean v53.0.0 r=TravisLong,supply-chain-reviewers 2023-06-14 10:48:26 +00:00
httpsonlyerror Bug 1826063 - Automatic fixes for enabling Prettier on production xhtml and html files. r=mossop,webdriver-reviewers,webcompat-reviewers,geckoview-reviewers,extension-reviewers,settings-reviewers,application-update-reviewers,credential-management-reviewers,fxview-reviewers,sgalich,nalexander,devtools-reviewers,sclements,denschub,robwu,owlish 2023-05-20 12:26:56 +00:00
jsoncpp
kvstore Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
maintenanceservice
mediasniffer Bug 1834176 - Convert consumers of NetUtil.jsm to import the ES module directly. r=arai,webdriver-reviewers,perftest-reviewers,valentin,extension-reviewers,devtools-reviewers,sync-reviewers,cookie-reviewers,robwu,afinder,whimboo 2023-06-07 08:42:36 +00:00
messaging-system Bug 1838507 - Default the about:welcome migration behaviour to the legacy XUL dialog. r=Mardak 2023-06-15 16:33:43 +00:00
mozintl Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
mozprotocol Bug 1834176 - Convert consumers of NetUtil.jsm to import the ES module directly. r=arai,webdriver-reviewers,perftest-reviewers,valentin,extension-reviewers,devtools-reviewers,sync-reviewers,cookie-reviewers,robwu,afinder,whimboo 2023-06-07 08:42:36 +00:00
narrate Bug 1838155 - Clean up some console.error calls that had been migrated from Cu.reportError. r=jdescottes,perftest-reviewers,geckoview-reviewers,credential-management-reviewers,search-reviewers,sgalich,owlish,jteow,sparky 2023-06-15 08:33:57 +00:00
nimbus Bug 1838507 - Default the about:welcome migration behaviour to the legacy XUL dialog. r=Mardak 2023-06-15 16:33:43 +00:00
normandy Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
parentalcontrols
passwordmgr Backed out changeset 5be10443a2ea (bug 1807618) for mochitest failures on test_autocomplete_password_generation.html. 2023-06-16 00:48:28 +03:00
pdfjs Bug 1839155 - Remove the PREF_PREFIX handling in various PDF Viewer files. r=pdfjs-reviewers,calixte 2023-06-19 11:41:35 +00:00
pictureinpicture Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
places Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
printing Bug 1838155 - Clean up some console.error calls that had been migrated from Cu.reportError. r=jdescottes,perftest-reviewers,geckoview-reviewers,credential-management-reviewers,search-reviewers,sgalich,owlish,jteow,sparky 2023-06-15 08:33:57 +00:00
printingui
processsingleton
processtools Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
promiseworker Bug 1824591 - Convert toolkit/components/promiseworker to ES modules. r=kpatenio 2023-05-28 07:58:37 +00:00
prompts Bug 1832490 - make LoginManagerAuthPrompter promts async r=credential-management-reviewers,necko-reviewers,jesup,dimi 2023-05-22 13:49:59 +00:00
protobuf
reader Bug 1824591 - Convert toolkit/components/promiseworker to ES modules. r=kpatenio 2023-05-28 07:58:37 +00:00
reflect
remote
remotebrowserutils Bug 1543990 - Simplify nsISpeculativeConnect API, r=necko-reviewers,geckoview-reviewers,search-reviewers,valentin,m_kato 2023-06-01 09:46:12 +00:00
reputationservice Bug 1837675, r=mak 2023-06-19 10:13:59 +00:00
resistfingerprinting Bug 1830070: Correctly apply RFP Checks to about: documents and deal with pop-ups r=smaug,necko-reviewers,emilio 2023-06-19 20:03:27 +00:00
satchel Bug 1837812 - replacing _checkIndexBounds() with getAt() in FormAutoCompleteResult r=issammani 2023-06-12 21:19:01 +00:00
search Bug 1838744 - Unify Search Service channel handling between the production code and tests. r=mkaply 2023-06-19 13:07:10 +00:00
sessionstore Backed out 3 changesets (bug 1556358) for causing Bb build bustages in ElementInternals.cpp. CLOSED TREE 2023-06-16 19:46:02 +03:00
shell
startup Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
statusfilter
taskscheduler Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
telemetry Bug 1834831 - update imports of browser/modules JSMs r=webdriver-reviewers,perftest-reviewers,zeid,extension-reviewers,settings-reviewers,pip-reviewers,credential-management-reviewers,devtools-reviewers,fxview-reviewers,sessionstore-reviewers,tabbrowser-reviewers,whimboo,mhowell,sgalich,robwu,sparky,Standard8,mconley,dao,sclements 2023-06-19 18:44:48 +00:00
terminator Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
thumbnails Bug 1747467 - Remove FileUtils.getFile from toolkit/ r=Gijs,extension-reviewers,application-update-reviewers,nalexander,robwu 2023-06-16 00:14:33 +00:00
timermanager Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
tooltiptext Bug 898315 - Update all callers of FileUtils.getDir to remove usage of the shouldCreate parameter. r=Gijs,extension-reviewers,application-update-reviewers,nalexander,robwu 2023-06-15 08:10:45 +00:00
translation Backed out 4 changesets (bug 1836974) mochitest failures in dom/workers/test/browser_privilegedmozilla_remoteworker.js CLOSED TREE 2023-06-15 23:24:41 +03:00
translations Bug 1835361 - Pass keypress events to the translations openPopup to fix focus issue; r=nordzilla 2023-06-16 16:40:22 +00:00
typeaheadfind
uniffi-bindgen-gecko-js Bug 1836415 - Upgrade uniffi-bindgen-gecko-js to clap 4. r=bdk 2023-06-07 22:44:15 +00:00
uniffi-example-custom-types
uniffi-fixture-callbacks
uniffi-fixture-external-types
uniffi-js
url-classifier Bug 1834176 - Convert consumers of NetUtil.jsm to import the ES module directly. r=arai,webdriver-reviewers,perftest-reviewers,valentin,extension-reviewers,devtools-reviewers,sync-reviewers,cookie-reviewers,robwu,afinder,whimboo 2023-06-07 08:42:36 +00:00
urlformatter Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
utils Bug 1837744 - Remove PreferenceFilters.sys.mjs module and use Services.prefs directly in FilterExpressions.sys.mjs. r=Standard8 2023-06-13 08:00:00 +00:00
viaduct
viewsource Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
windowcreator Bug 1826062 - Automatic fixes for upgrading Prettier to 2.8.8. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,calu 2023-05-20 12:26:53 +00:00
windowwatcher Bug 1837153 - Make RFPTarget parameter of bare ShouldResistFingerprinting non-optional. r=tjr,necko-reviewers,jesup 2023-06-14 13:34:59 +00:00
workerloader Bug 1826062 - Automatic fixes for Prettier 2.0.5 upgrade. r=mossop,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,denschub,devtools-reviewers,sparky,owlish 2023-05-20 12:26:49 +00:00
xulstore
components.conf Bug 1834222 - Convert DefaultCLH to an ES module. r=kpatenio 2023-05-24 07:39:45 +00:00
DefaultCLH.sys.mjs Bug 1834222 - Convert DefaultCLH to an ES module. r=kpatenio 2023-05-24 07:39:45 +00:00
moz.build Bug 1836191 - remove ChromeUtils.requestPerformanceMetrics that was only used by about:performance, r=smaug. 2023-06-08 21:53:18 +00:00
update-jsoncpp.sh