From 9b61ead1b51c22a921c2aee5373ff63917bc4e9d Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Mon, 28 Nov 2022 18:04:04 +0000 Subject: [PATCH] Bug 1778510: Require subclasses of nsIGlobalObject implement ShouldRFP r=asuth For the less common subclasses we will hardcode a choice to always obey RFP if the pref is enabled. Differential Revision: https://phabricator.services.mozilla.com/D157562 --- dom/base/nsGlobalWindowInner.cpp | 4 +++- dom/base/nsGlobalWindowOuter.cpp | 4 +++- dom/base/nsIGlobalObject.h | 2 +- dom/bindings/SimpleGlobalObject.h | 7 +++++++ dom/script/ShadowRealmGlobalScope.h | 7 +++++++ js/xpconnect/src/BackstagePass.h | 7 +++++++ js/xpconnect/src/SandboxPrivate.h | 7 +++++++ 7 files changed, 35 insertions(+), 3 deletions(-) diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index c8a8296292ad..9ebbf429c407 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -1629,7 +1629,9 @@ bool nsGlobalWindowInner::ShouldResistFingerprinting() const { if (mDoc) { return mDoc->ShouldResistFingerprinting(); } - return nsIScriptGlobalObject::ShouldResistFingerprinting(); + return nsContentUtils::ShouldResistFingerprinting( + "If we do not have a document then we do not have any context" + "to make an informed RFP choice, so we fall back to the global pref"); } OriginTrials nsGlobalWindowInner::Trials() const { diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index 6cfca28a0c1c..c506385e6743 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -1670,7 +1670,9 @@ bool nsGlobalWindowOuter::ShouldResistFingerprinting() const { if (mDoc) { return mDoc->ShouldResistFingerprinting(); } - return nsIScriptGlobalObject::ShouldResistFingerprinting(); + return nsContentUtils::ShouldResistFingerprinting( + "If we do not have a document then we do not have any context" + "to make an informed RFP choice, so we fall back to the global pref"); } uint32_t nsGlobalWindowOuter::GetPrincipalHashValue() const { diff --git a/dom/base/nsIGlobalObject.h b/dom/base/nsIGlobalObject.h index e79bd6d31b7d..639f81df7f43 100644 --- a/dom/base/nsIGlobalObject.h +++ b/dom/base/nsIGlobalObject.h @@ -242,7 +242,7 @@ class nsIGlobalObject : public nsISupports, * Check whether we should avoid leaking distinguishing information to JS/CSS. * https://w3c.github.io/fingerprinting-guidance/ */ - virtual bool ShouldResistFingerprinting() const; + virtual bool ShouldResistFingerprinting() const = 0; /** * Threadsafe way to get nsIPrincipal::GetHashValue for the associated diff --git a/dom/bindings/SimpleGlobalObject.h b/dom/bindings/SimpleGlobalObject.h index 45abd651ebf2..ef9ebd2d6875 100644 --- a/dom/bindings/SimpleGlobalObject.h +++ b/dom/bindings/SimpleGlobalObject.h @@ -13,6 +13,7 @@ #ifndef mozilla_dom_SimpleGlobalObject_h__ #define mozilla_dom_SimpleGlobalObject_h__ +#include "nsContentUtils.h" #include "nsIGlobalObject.h" #include "nsWrapperCache.h" #include "js/TypeDecls.h" @@ -72,6 +73,12 @@ class SimpleGlobalObject : public nsIGlobalObject, public nsWrapperCache { MOZ_CRASH("SimpleGlobalObject doesn't use DOM bindings!"); } + bool ShouldResistFingerprinting() const override { + return nsContentUtils::ShouldResistFingerprinting( + "Presently we don't have enough context to make an informed decision" + "on JS Sandboxes. See 1782853"); + } + private: SimpleGlobalObject(JSObject* global, GlobalType type) : mType(type) { SetWrapper(global); diff --git a/dom/script/ShadowRealmGlobalScope.h b/dom/script/ShadowRealmGlobalScope.h index 80729c72c451..927c69db5fce 100644 --- a/dom/script/ShadowRealmGlobalScope.h +++ b/dom/script/ShadowRealmGlobalScope.h @@ -12,6 +12,7 @@ #include "mozilla/Maybe.h" #include "mozilla/OriginTrials.h" #include "mozilla/dom/BindingDeclarations.h" +#include "nsContentUtils.h" #include "nsIGlobalObject.h" #include "nsWrapperCache.h" @@ -54,6 +55,12 @@ class ShadowRealmGlobalScope : public nsIGlobalObject, public nsWrapperCache { JS::loader::ModuleLoaderBase* GetModuleLoader(JSContext* aCx) override; + bool ShouldResistFingerprinting() const override { + return nsContentUtils::ShouldResistFingerprinting( + "Presently we don't have enough context to make an informed decision" + "on JS Sandboxes. See 1782853"); + } + private: virtual ~ShadowRealmGlobalScope() = default; diff --git a/js/xpconnect/src/BackstagePass.h b/js/xpconnect/src/BackstagePass.h index 586a842260da..018e15b23ac2 100644 --- a/js/xpconnect/src/BackstagePass.h +++ b/js/xpconnect/src/BackstagePass.h @@ -8,6 +8,7 @@ #define BackstagePass_h__ #include "js/loader/ModuleLoaderBase.h" +#include "mozilla/BasePrincipal.h" #include "mozilla/StorageAccess.h" #include "nsISupports.h" #include "nsWeakReference.h" @@ -67,6 +68,12 @@ class BackstagePass final : public nsIGlobalObject, mModuleLoader = aModuleLoader; } + bool ShouldResistFingerprinting() const override { + // BackstagePass is always the System Principal + MOZ_RELEASE_ASSERT(mPrincipal->IsSystemPrincipal()); + return false; + } + private: virtual ~BackstagePass() = default; diff --git a/js/xpconnect/src/SandboxPrivate.h b/js/xpconnect/src/SandboxPrivate.h index 40a54532238d..3ae04ae8dbf3 100644 --- a/js/xpconnect/src/SandboxPrivate.h +++ b/js/xpconnect/src/SandboxPrivate.h @@ -11,6 +11,7 @@ #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StorageAccess.h" #include "mozilla/net/CookieJarSettings.h" +#include "nsContentUtils.h" #include "nsIGlobalObject.h" #include "nsIScriptObjectPrincipal.h" #include "nsIPrincipal.h" @@ -96,6 +97,12 @@ class SandboxPrivate : public nsIGlobalObject, return 0; } + bool ShouldResistFingerprinting() const override { + return nsContentUtils::ShouldResistFingerprinting( + "Presently we don't have enough context to make an informed decision" + "on JS Sandboxes. See 1782853"); + } + private: explicit SandboxPrivate(nsIPrincipal* principal) : mPrincipal(principal) {}