corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out changeset 6fefdfdfe325 (bug 1665056) for causing mass failures CLOSED TREE

Browse Source
This commit is contained in:
Alexandru Marc
2024-12-18 17:26:05 +02:00
parent 30f938764f
commit 503f03519f
5 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
caps/ContentPrincipal.cpp
View File

@@ -103,7 +103,7 @@ nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
"The inner URI for about:blank must be moz-safe-about:blank"); "The inner URI for about:blank must be moz-safe-about:blank");
// Handle non-strict file:// uris. // Handle non-strict file:// uris.
if (!StaticPrefs::security_fileuri_strict_origin_policy_AtStartup() && if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
NS_URIIsLocalFile(origin)) { NS_URIIsLocalFile(origin)) {
// If strict file origin policy is not in effect, all local files are // If strict file origin policy is not in effect, all local files are
// considered to be same-origin, so return a known dummy origin here. // considered to be same-origin, so return a known dummy origin here.
@@ -367,7 +367,7 @@ static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
if (NS_URIIsLocalFile(aURI)) { if (NS_URIIsLocalFile(aURI)) {
// If strict file origin policy is not in effect, all local files are // If strict file origin policy is not in effect, all local files are
// considered to be same-origin, so return a known dummy domain here. // considered to be same-origin, so return a known dummy domain here.
if (!StaticPrefs::security_fileuri_strict_origin_policy_AtStartup()) { if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
*aHandled = true; *aHandled = true;
aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN"); aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
return NS_OK; return NS_OK;

15
caps/nsScriptSecurityManager.cpp
View File

@@ -84,6 +84,7 @@ using namespace mozilla;
using namespace mozilla::dom; using namespace mozilla::dom;
StaticRefPtr<nsIIOService> nsScriptSecurityManager::sIOService; StaticRefPtr<nsIIOService> nsScriptSecurityManager::sIOService;
std::atomic<bool> nsScriptSecurityManager::sStrictFileOriginPolicy = true;
namespace { namespace {
@@ -217,9 +218,8 @@ inline void SetPendingException(JSContext* cx, const char16_t* aMsg) {
/* static */ /* static */
bool nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, bool nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
nsIURI* aTargetURI) { nsIURI* aTargetURI) {
return NS_SecurityCompareURIs( return NS_SecurityCompareURIs(aSourceURI, aTargetURI,
aSourceURI, aTargetURI, sStrictFileOriginPolicy);
StaticPrefs::security_fileuri_strict_origin_policy_AtStartup());
} }
// SecurityHashURI is consistent with SecurityCompareURIs because // SecurityHashURI is consistent with SecurityCompareURIs because
@@ -1541,9 +1541,12 @@ nsScriptSecurityManager::CanGetService(JSContext* cx, const nsCID& aCID) {
} }
const char sJSEnabledPrefName[] = "javascript.enabled"; const char sJSEnabledPrefName[] = "javascript.enabled";
const char sFileOriginPolicyPrefName[] =
"security.fileuri.strict_origin_policy";
static const char* kObservedPrefs[] = {sJSEnabledPrefName, "capability.policy.", static const char* kObservedPrefs[] = {sJSEnabledPrefName,
nullptr}; sFileOriginPolicyPrefName,
"capability.policy.", nullptr};
///////////////////////////////////////////// /////////////////////////////////////////////
// Constructor, Destructor, Initialization // // Constructor, Destructor, Initialization //
@@ -1678,6 +1681,8 @@ inline void nsScriptSecurityManager::ScriptSecurityPrefChanged(
MOZ_ASSERT(mPrefInitialized); MOZ_ASSERT(mPrefInitialized);
mIsJavaScriptEnabled = mIsJavaScriptEnabled =
Preferences::GetBool(sJSEnabledPrefName, mIsJavaScriptEnabled); Preferences::GetBool(sJSEnabledPrefName, mIsJavaScriptEnabled);
sStrictFileOriginPolicy =
Preferences::GetBool(sFileOriginPolicyPrefName, false);
mFileURIAllowlist.reset(); mFileURIAllowlist.reset();
} }

4
caps/nsScriptSecurityManager.h
View File

@@ -10,8 +10,6 @@
#include "nsIScriptSecurityManager.h" #include "nsIScriptSecurityManager.h"
#include "mozilla/Maybe.h" #include "mozilla/Maybe.h"
#include "mozilla/StaticPrefs_security.h"
#include "nsIPrincipal.h" #include "nsIPrincipal.h"
#include "nsCOMPtr.h" #include "nsCOMPtr.h"
#include "nsServiceManagerUtils.h" #include "nsServiceManagerUtils.h"
@@ -80,6 +78,8 @@ class nsScriptSecurityManager final : public nsIScriptSecurityManager {
bool aFromPrivateWindow, bool aFromPrivateWindow,
uint64_t aInnerWindowID = 0); uint64_t aInnerWindowID = 0);
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
void DeactivateDomainPolicy(); void DeactivateDomainPolicy();
private: private:

4
modules/libpref/init/StaticPrefList.yaml
View File

@@ -15593,9 +15593,9 @@
# Whether strict file origin policy is in effect. "False" is traditional. # Whether strict file origin policy is in effect. "False" is traditional.
- name: security.fileuri.strict_origin_policy - name: security.fileuri.strict_origin_policy
type: bool type: RelaxedAtomicBool
value: true value: true
mirror: once mirror: always
# The level to which we sandbox the content process. firefox.js sets the # The level to which we sandbox the content process. firefox.js sets the
# default to different values on a per-OS basis, and has documentation # default to different values on a per-OS basis, and has documentation

3
netwerk/base/mozurl/MozURL.cpp
View File

@@ -7,7 +7,6 @@
extern "C" { extern "C" {
bool Gecko_StrictFileOriginPolicy() { bool Gecko_StrictFileOriginPolicy() {
return mozilla::StaticPrefs:: return mozilla::StaticPrefs::security_fileuri_strict_origin_policy();
security_fileuri_strict_origin_policy_AtStartup();
} }
} }