Bug 1778510: Require subclasses of nsIGlobalObject implement ShouldRFP r=asuth

For the less common subclasses we will hardcode a choice to always obey RFP if the pref is enabled. Differential Revision: https://phabricator.services.mozilla.com/D157562
2022-11-28 18:04:04 +00:00
parent 79bbab3382
commit 9b61ead1b5
7 changed files with 35 additions and 3 deletions
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -1629,7 +1629,9 @@ bool nsGlobalWindowInner::ShouldResistFingerprinting() const {
  if (mDoc) {
    return mDoc->ShouldResistFingerprinting();
  }
-  return nsIScriptGlobalObject::ShouldResistFingerprinting();
+  return nsContentUtils::ShouldResistFingerprinting(
+      "If we do not have a document then we do not have any context"
+      "to make an informed RFP choice, so we fall back to the global pref");
 }

 OriginTrials nsGlobalWindowInner::Trials() const {
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1670,7 +1670,9 @@ bool nsGlobalWindowOuter::ShouldResistFingerprinting() const {
  if (mDoc) {
    return mDoc->ShouldResistFingerprinting();
  }
-  return nsIScriptGlobalObject::ShouldResistFingerprinting();
+  return nsContentUtils::ShouldResistFingerprinting(
+      "If we do not have a document then we do not have any context"
+      "to make an informed RFP choice, so we fall back to the global pref");
 }

 uint32_t nsGlobalWindowOuter::GetPrincipalHashValue() const {
--- a/dom/base/nsIGlobalObject.h
+++ b/dom/base/nsIGlobalObject.h
@@ -242,7 +242,7 @@ class nsIGlobalObject : public nsISupports,
   * Check whether we should avoid leaking distinguishing information to JS/CSS.
   * https://w3c.github.io/fingerprinting-guidance/
   */
-  virtual bool ShouldResistFingerprinting() const;
+  virtual bool ShouldResistFingerprinting() const = 0;

  /**
   * Threadsafe way to get nsIPrincipal::GetHashValue for the associated
--- a/dom/bindings/SimpleGlobalObject.h
+++ b/dom/bindings/SimpleGlobalObject.h
@@ -13,6 +13,7 @@
 #ifndef mozilla_dom_SimpleGlobalObject_h__
 #define mozilla_dom_SimpleGlobalObject_h__

+#include "nsContentUtils.h"
 #include "nsIGlobalObject.h"
 #include "nsWrapperCache.h"
 #include "js/TypeDecls.h"
@@ -72,6 +73,12 @@ class SimpleGlobalObject : public nsIGlobalObject, public nsWrapperCache {
    MOZ_CRASH("SimpleGlobalObject doesn't use DOM bindings!");
  }

+  bool ShouldResistFingerprinting() const override {
+    return nsContentUtils::ShouldResistFingerprinting(
+        "Presently we don't have enough context to make an informed decision"
+        "on JS Sandboxes. See 1782853");
+  }
+
 private:
  SimpleGlobalObject(JSObject* global, GlobalType type) : mType(type) {
    SetWrapper(global);
--- a/dom/script/ShadowRealmGlobalScope.h
+++ b/dom/script/ShadowRealmGlobalScope.h
@@ -12,6 +12,7 @@
 #include "mozilla/Maybe.h"
 #include "mozilla/OriginTrials.h"
 #include "mozilla/dom/BindingDeclarations.h"
+#include "nsContentUtils.h"
 #include "nsIGlobalObject.h"
 #include "nsWrapperCache.h"

@@ -54,6 +55,12 @@ class ShadowRealmGlobalScope : public nsIGlobalObject, public nsWrapperCache {

  JS::loader::ModuleLoaderBase* GetModuleLoader(JSContext* aCx) override;

+  bool ShouldResistFingerprinting() const override {
+    return nsContentUtils::ShouldResistFingerprinting(
+        "Presently we don't have enough context to make an informed decision"
+        "on JS Sandboxes. See 1782853");
+  }
+
 private:
  virtual ~ShadowRealmGlobalScope() = default;

--- a/js/xpconnect/src/BackstagePass.h
+++ b/js/xpconnect/src/BackstagePass.h
@@ -8,6 +8,7 @@
 #define BackstagePass_h__

 #include "js/loader/ModuleLoaderBase.h"
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/StorageAccess.h"
 #include "nsISupports.h"
 #include "nsWeakReference.h"
@@ -67,6 +68,12 @@ class BackstagePass final : public nsIGlobalObject,
    mModuleLoader = aModuleLoader;
  }

+  bool ShouldResistFingerprinting() const override {
+    // BackstagePass is always the System Principal
+    MOZ_RELEASE_ASSERT(mPrincipal->IsSystemPrincipal());
+    return false;
+  }
+
 private:
  virtual ~BackstagePass() = default;

--- a/js/xpconnect/src/SandboxPrivate.h
+++ b/js/xpconnect/src/SandboxPrivate.h
@@ -11,6 +11,7 @@
 #include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/StorageAccess.h"
 #include "mozilla/net/CookieJarSettings.h"
+#include "nsContentUtils.h"
 #include "nsIGlobalObject.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIPrincipal.h"
@@ -96,6 +97,12 @@ class SandboxPrivate : public nsIGlobalObject,
    return 0;
  }

+  bool ShouldResistFingerprinting() const override {
+    return nsContentUtils::ShouldResistFingerprinting(
+        "Presently we don't have enough context to make an informed decision"
+        "on JS Sandboxes. See 1782853");
+  }
+
 private:
  explicit SandboxPrivate(nsIPrincipal* principal) : mPrincipal(principal) {}