Bug 1665056 - do not change security.fileuri_strict_origin_policy at runtime r=asuth,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D232209
2024-12-18 13:58:10 +00:00
parent 48e6a52d16
commit feaece220f
5 changed files with 13 additions and 17 deletions
--- a/caps/ContentPrincipal.cpp
+++ b/caps/ContentPrincipal.cpp
@@ -103,7 +103,7 @@ nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
             "The inner URI for about:blank must be moz-safe-about:blank");
  // Handle non-strict file:// uris.
-  if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
+  if (!StaticPrefs::security_fileuri_strict_origin_policy_AtStartup() &&
      NS_URIIsLocalFile(origin)) {
    // If strict file origin policy is not in effect, all local files are
    // considered to be same-origin, so return a known dummy origin here.
@@ -367,7 +367,7 @@ static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
  if (NS_URIIsLocalFile(aURI)) {
    // If strict file origin policy is not in effect, all local files are
    // considered to be same-origin, so return a known dummy domain here.
-    if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
+    if (!StaticPrefs::security_fileuri_strict_origin_policy_AtStartup()) {
      *aHandled = true;
      aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
      return NS_OK;
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -84,7 +84,6 @@ using namespace mozilla;
 using namespace mozilla::dom;
 StaticRefPtr<nsIIOService> nsScriptSecurityManager::sIOService;
 std::atomic<bool> nsScriptSecurityManager::sStrictFileOriginPolicy = true;
 namespace {
@@ -218,8 +217,9 @@ inline void SetPendingException(JSContext* cx, const char16_t* aMsg) {
 /* static */
 bool nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
                                                  nsIURI* aTargetURI) {
-  return NS_SecurityCompareURIs(aSourceURI, aTargetURI,
+  return NS_SecurityCompareURIs(
-                                sStrictFileOriginPolicy);
+      aSourceURI, aTargetURI,
      StaticPrefs::security_fileuri_strict_origin_policy_AtStartup());
 }
 // SecurityHashURI is consistent with SecurityCompareURIs because
@@ -1541,12 +1541,9 @@ nsScriptSecurityManager::CanGetService(JSContext* cx, const nsCID& aCID) {
 }
 const char sJSEnabledPrefName[] = "javascript.enabled";
 const char sFileOriginPolicyPrefName[] =
    "security.fileuri.strict_origin_policy";
-static const char* kObservedPrefs[] = {sJSEnabledPrefName,
+static const char* kObservedPrefs[] = {sJSEnabledPrefName, "capability.policy.",
-                                       sFileOriginPolicyPrefName,
+                                       nullptr};
                                       "capability.policy.", nullptr};
 /////////////////////////////////////////////
 // Constructor, Destructor, Initialization //
@@ -1681,8 +1678,6 @@ inline void nsScriptSecurityManager::ScriptSecurityPrefChanged(
  MOZ_ASSERT(mPrefInitialized);
  mIsJavaScriptEnabled =
      Preferences::GetBool(sJSEnabledPrefName, mIsJavaScriptEnabled);
  sStrictFileOriginPolicy =
      Preferences::GetBool(sFileOriginPolicyPrefName, false);
  mFileURIAllowlist.reset();
 }
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -10,6 +10,8 @@
 #include "nsIScriptSecurityManager.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/StaticPrefs_security.h"
 #include "nsIPrincipal.h"
 #include "nsCOMPtr.h"
 #include "nsServiceManagerUtils.h"
@@ -78,8 +80,6 @@ class nsScriptSecurityManager final : public nsIScriptSecurityManager {
                              bool aFromPrivateWindow,
                              uint64_t aInnerWindowID = 0);
  static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
  void DeactivateDomainPolicy();
 private:
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -15593,9 +15593,9 @@
 # Whether strict file origin policy is in effect. "False" is traditional.
 - name: security.fileuri.strict_origin_policy
-  type: RelaxedAtomicBool
+  type: bool
  value: true
-  mirror: always
+  mirror: once
 # The level to which we sandbox the content process. firefox.js sets the
 # default to different values on a per-OS basis, and has documentation
--- a/netwerk/base/mozurl/MozURL.cpp
+++ b/netwerk/base/mozurl/MozURL.cpp
@@ -7,6 +7,7 @@
 extern "C" {
 bool Gecko_StrictFileOriginPolicy() {
-  return mozilla::StaticPrefs::security_fileuri_strict_origin_policy();
+  return mozilla::StaticPrefs::
      security_fileuri_strict_origin_policy_AtStartup();
 }
 }