From 842a4e8e30f51dac03fceee087181a22109eab20 Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Tue, 3 Mar 2020 17:03:20 +0000 Subject: [PATCH] Bug 1504968: Remove pref security.strict_security_checks.enabled and enforce strict top-level principal checking on Android. r=snorp,baku Differential Revision: https://phabricator.services.mozilla.com/D65095 --- docshell/base/nsDocShell.cpp | 26 +++++++------------------- docshell/base/nsDocShell.h | 1 - modules/libpref/init/all.js | 8 -------- 3 files changed, 7 insertions(+), 28 deletions(-) diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 81494c9c714a..aaac277b9bea 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -348,7 +348,6 @@ nsDocShell::nsDocShell(BrowsingContext* aBrowsingContext, mAllowContentRetargeting(true), mAllowContentRetargetingOnChildren(true), mUseErrorPages(false), - mUseStrictSecurityChecks(false), mObserveErrorPages(true), mCSSErrorReportingEnabled(false), mAllowAuth(mItemType == typeContent), @@ -671,12 +670,8 @@ nsDocShell::LoadURI(nsDocShellLoadState* aLoadState, bool aSetNavigating) { "Should not have these flags set"); if (!aLoadState->TriggeringPrincipal()) { -#ifndef ANDROID MOZ_ASSERT(false, "LoadURI must have a triggering principal"); -#endif - if (mUseStrictSecurityChecks) { - return NS_ERROR_FAILURE; - } + return NS_ERROR_FAILURE; } bool oldIsNavigating = mIsNavigating; @@ -4182,8 +4177,8 @@ nsDocShell::Reload(uint32_t aReloadFlags) { loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI)); } - MOZ_ASSERT(triggeringPrincipal, "Need a valid triggeringPrincipal"); - if (mUseStrictSecurityChecks && !triggeringPrincipal) { + if (!triggeringPrincipal) { + MOZ_ASSERT(false, "Reload needs a valid triggeringPrincipal"); return NS_ERROR_FAILURE; } @@ -4422,9 +4417,6 @@ nsDocShell::Create() { NS_ENSURE_TRUE(Preferences::GetRootBranch(), NS_ERROR_FAILURE); mCreated = true; - mUseStrictSecurityChecks = Preferences::GetBool( - "security.strict_security_checks.enabled", mUseStrictSecurityChecks); - // Should we use XUL error pages instead of alerts if possible? mUseErrorPages = StaticPrefs::browser_xul_error_pages_enabled(); @@ -8753,7 +8745,8 @@ nsresult nsDocShell::InternalLoad(nsDocShellLoadState* aLoadState, MOZ_ASSERT(aLoadState->TriggeringPrincipal(), "need a valid TriggeringPrincipal"); - if (mUseStrictSecurityChecks && !aLoadState->TriggeringPrincipal()) { + if (!aLoadState->TriggeringPrincipal()) { + MOZ_ASSERT(false, "InternalLoad needs a valid triggeringPrincipal"); return NS_ERROR_FAILURE; } if (mBrowsingContext->PendingInitialization()) { @@ -9833,13 +9826,8 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState, } } - // Getting the right triggeringPrincipal needs to be updated and is only - // ready for use once bug 1182569 landed. Until then, we cannot rely on - // the triggeringPrincipal for TYPE_DOCUMENT loads. - MOZ_ASSERT(aLoadState->TriggeringPrincipal(), - "Need a valid triggeringPrincipal"); - - if (mUseStrictSecurityChecks && !aLoadState->TriggeringPrincipal()) { + if (!aLoadState->TriggeringPrincipal()) { + MOZ_ASSERT(false, "DoURILoad needs a valid triggeringPrincipal"); return NS_ERROR_FAILURE; } diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h index a78f4e9b6061..cc8804520137 100644 --- a/docshell/base/nsDocShell.h +++ b/docshell/base/nsDocShell.h @@ -1290,7 +1290,6 @@ class nsDocShell final : public nsDocLoader, bool mAllowContentRetargeting : 1; bool mAllowContentRetargetingOnChildren : 1; bool mUseErrorPages : 1; - bool mUseStrictSecurityChecks : 1; bool mObserveErrorPages : 1; bool mCSSErrorReportingEnabled : 1; bool mAllowAuth : 1; diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 4866c052a46a..f01d0410fb63 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2310,14 +2310,6 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false); // Default: false pref("security.cert_pinning.hpkp.enabled", false); -// If set to true strict checks will happen on the triggering principal for loads. -// Android is disabled at the moment pending Bug 1504968 -#if !defined(RELEASE_OR_BETA) && !defined(ANDROID) - pref("security.strict_security_checks.enabled", true); -#else - pref("security.strict_security_checks.enabled", false); -#endif - // Remote settings preferences pref("services.settings.poll_interval", 86400); // 24H pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");