Bug 1699658 - Special handling for siteIdentity security state of pdf viewer pages. r=Gijs,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D140055
2022-03-09 11:08:15 +00:00
parent 91a37be59b
commit d41b26cf2e
1 changed files with 27 additions and 12 deletions
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -151,20 +151,9 @@ var gIdentityHandler = {
    );
  },

-  get _isPDFViewer() {
-    return gBrowser.contentPrincipal?.originNoSuffix == "resource://pdf.js";
-  },
-
  get _isPotentiallyTrustworthy() {
-    // For PDF viewer pages (pdf.js) we can't rely on the isSecureContext
-    // field. The backend will return isSecureContext = true, because the
-    // content principal has a resource:// URI. Since we don't check
-    // isSecureContext for PDF viewer pages anymore, otherwise secure
-    // contexts, such as a localhost, will me marked as insecure when showing
-    // PDFs.
    return (
      !this._isBrokenConnection &&
-      !this._isPDFViewer &&
      (this._isSecureContext ||
        gBrowser.selectedBrowser.documentURI?.scheme == "chrome")
    );
@@ -629,6 +618,32 @@ var gIdentityHandler = {
    return result;
  },

+  _getIsSecureContext() {
+    if (gBrowser.contentPrincipal?.originNoSuffix != "resource://pdf.js") {
+      return gBrowser.securityUI.isSecureContext;
+    }
+
+    // For PDF viewer pages (pdf.js) we can't rely on the isSecureContext field.
+    // The backend will return isSecureContext = true, because the content
+    // principal has a resource:// URI. Instead use the URI of the selected
+    // browser to perform the isPotentiallyTrustWorthy check.
+
+    let principal;
+    try {
+      principal = Services.scriptSecurityManager.createContentPrincipal(
+        gBrowser.selectedBrowser.documentURI,
+        {}
+      );
+      return principal.isOriginPotentiallyTrustworthy;
+    } catch (error) {
+      Cu.reportError(
+        "Error while computing isPotentiallyTrustWorthy for pdf viewer page: " +
+          error
+      );
+      return false;
+    }
+  },
+
  /**
   * Update the identity user interface for the page currently being displayed.
   *
@@ -649,7 +664,7 @@ var gIdentityHandler = {
    // the documentation of the individual properties for details.
    this.setURI(uri);
    this._secInfo = gBrowser.securityUI.secInfo;
-    this._isSecureContext = gBrowser.securityUI.isSecureContext;
+    this._isSecureContext = this._getIsSecureContext();

    // Then, update the user interface with the available data.
    this.refreshIdentityBlock();