corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D48825
This commit is contained in:
Thomas Nguyen
2019-10-22 14:36:00 +00:00
parent 2520fde83f
commit 238e3ba40b
17 changed files with 436 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
dom/html/HTMLIFrameElement.cpp
View File

@@ -57,7 +57,6 @@ HTMLIFrameElement::HTMLIFrameElement(
: nsGenericHTMLFrameElement(std::move(aNodeInfo), aFromParser) {
// We always need a featurePolicy, even if not exposed.
mFeaturePolicy = new mozilla::dom::FeaturePolicy(this);
nsCOMPtr<nsIPrincipal> origin = GetFeaturePolicyDefaultOrigin();
MOZ_ASSERT(origin);
mFeaturePolicy->SetDefaultOrigin(origin);
@@ -230,6 +229,42 @@ mozilla::dom::FeaturePolicy* HTMLIFrameElement::FeaturePolicy() const {
return mFeaturePolicy;
}
void HTMLIFrameElement::MaybeStoreCrossOriginFeaturePolicy() {
if (!mFrameLoader) {
return;
}
// If the browsingContext is not ready (because docshell is dead), don't try
// to create one.
if (!mFrameLoader->IsRemoteFrame() && !mFrameLoader->GetExistingDocShell()) {
return;
}
RefPtr<BrowsingContext> browsingContext = mFrameLoader->GetBrowsingContext();
if (!browsingContext || !browsingContext->IsContentSubframe()) {
return;
}
// If we are in subframe cross origin, store the featurePolicy to
// browsingContext
nsPIDOMWindowOuter* topWindow = browsingContext->Top()->GetDOMWindow();
if (NS_WARN_IF(!topWindow)) {
return;
}
Document* topLevelDocument = topWindow->GetExtantDoc();
if (NS_WARN_IF(!topLevelDocument)) {
return;
}
if (!NS_SUCCEEDED(nsContentUtils::CheckSameOrigin(topLevelDocument, this))) {
return;
}
browsingContext->SetFeaturePolicy(mFeaturePolicy);
}
already_AddRefed<nsIPrincipal>
HTMLIFrameElement::GetFeaturePolicyDefaultOrigin() const {
nsCOMPtr<nsIPrincipal> principal;
@@ -282,6 +317,8 @@ void HTMLIFrameElement::RefreshFeaturePolicy(bool aParseAllowAttribute) {
if (AllowFullscreen()) {
mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("fullscreen"));
}
MaybeStoreCrossOriginFeaturePolicy();
}
} // namespace dom