- tbb-commits - lists.torproject.org

[torbutton/master] Bug 28885: notify users that update is downloading
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 15c369f661fd360c9715b4dd7da147f7aa8f2443 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Jan 16 14:48:35 2019 -0500 Bug 28885: notify users that update is downloading Add "Downloading update" property string. --- src/chrome/locale/en-US/torbutton.properties | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/chrome/locale/en-US/torbutton.properties b/src/chrome/locale/en-US/torbutton.properties index f11fb5bf..ea7a7d63 100644 --- a/src/chrome/locale/en-US/torbutton.properties +++ b/src/chrome/locale/en-US/torbutton.properties @@ -50,6 +50,11 @@ profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. profileMigrationFailed=Migration of your existing %S profile failed.\nNew settings will be used. +# "Downloading update" string for the hamburger menu (see #28885). +# This string is kept here for ease of translation. +# LOCALIZATION NOTE: %S is the application name. +updateDownloadingPanelUILabel=Downloading %S update + # .Onion Page Info prompt. Strings are kept here for ease of translation. pageInfo_OnionEncryptionWithBitsAndProtocol=Connection Encrypted (Onion Service, %1$S, %2$S bit keys, %3$S) pageInfo_OnionEncryption=Connection Encrypted (Onion Service)

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1469916, r=ckerschb, jkt
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 23c6e68b1208d20ea342d3d4693f1ea7c1050661 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Fri Jun 22 15:41:39 2018 +0100 Bug 1469916, r=ckerschb,jkt --HG-- extra : rebase_source : 180442deeef92f0e9202d76c5e4e46b630072d99 extra : source : be11a32900298eb6fd4d18ad21b9a699995254c3 --- browser/base/content/nsContextMenu.js | 22 +++-- browser/base/content/pageinfo/pageInfo.js | 3 +- browser/base/content/utilityOverlay.js | 3 +- browser/components/shell/nsMacShellService.cpp | 4 +- devtools/shared/gcli/commands/screenshot.js | 3 +- devtools/shim/devtools-startup.js | 22 ++++- dom/base/nsContentAreaDragDrop.cpp | 8 +- dom/base/nsContentAreaDragDrop.h | 1 + dom/tests/browser/browser.ini | 4 + dom/tests/browser/browser_persist_cookies.js | 94 ++++++++++++++++++++++ dom/tests/browser/mimeme.sjs | 26 ++++++ .../browser/set-samesite-cookies-and-redirect.sjs | 33 ++++++++ .../PWebBrowserPersistDocument.ipdl | 2 + .../WebBrowserPersistDocumentChild.cpp | 5 ++ .../WebBrowserPersistLocalDocument.cpp | 8 ++ .../WebBrowserPersistRemoteDocument.cpp | 13 +++ .../WebBrowserPersistRemoteDocument.h | 3 + dom/webbrowserpersist/nsIWebBrowserPersist.idl | 15 ++-- .../nsIWebBrowserPersistDocument.idl | 2 + dom/webbrowserpersist/nsWebBrowserPersist.cpp | 45 ++++++----- dom/webbrowserpersist/nsWebBrowserPersist.h | 3 +- toolkit/components/browser/nsWebBrowser.cpp | 12 ++- toolkit/components/downloads/test/unit/head.js | 3 +- .../viewsource/content/viewSourceUtils.js | 6 +- toolkit/content/contentAreaUtils.js | 28 +++++-- .../content/tests/browser/browser_saveImageURL.js | 3 +- .../mozapps/extensions/LightweightThemeManager.jsm | 3 +- 27 files changed, 314 insertions(+), 60 deletions(-) diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js index 368d0475ac34..5cebd9c38c56 100644 --- a/browser/base/content/nsContextMenu.js +++ b/browser/base/content/nsContextMenu.js @@ -986,12 +986,22 @@ nsContextMenu.prototype = { target: this.target, }); + // Cache this because we fetch the data async + let {documentURIObject} = gContextMenuContentData; + let onMessage = (message) => { mm.removeMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); + // FIXME can we switch this to a blob URL? let dataURL = message.data.dataURL; - saveImageURL(dataURL, name, "SaveImageTitle", true, false, - document.documentURIObject, null, null, null, - isPrivate); + saveImageURL(dataURL, name, "SaveImageTitle", + true, // bypass cache + false, // don't skip prompt for where to save + documentURIObject, // referrer + null, // document + null, // content type + null, // content disposition + isPrivate, + this.principal); }; mm.addMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); }, @@ -1228,13 +1238,15 @@ nsContextMenu.prototype = { this._canvasToBlobURL(this.target).then(function(blobURL) { saveImageURL(blobURL, "canvas.png", "SaveImageTitle", true, false, referrerURI, null, null, null, - isPrivate); + isPrivate, + document.nodePrincipal /* system, because blob: */); }, Cu.reportError); } else if (this.onImage) { urlSecurityCheck(this.mediaURL, this.principal); saveImageURL(this.mediaURL, null, "SaveImageTitle", false, false, referrerURI, null, gContextMenuContentData.contentType, - gContextMenuContentData.contentDisposition, isPrivate); + gContextMenuContentData.contentDisposition, isPrivate, + this.principal); } else if (this.onVideo || this.onAudio) { urlSecurityCheck(this.mediaURL, this.principal); var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle"; diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js index 86f548c74494..405b9443342d 100644 --- a/browser/base/content/pageinfo/pageInfo.js +++ b/browser/base/content/pageinfo/pageInfo.js @@ -704,7 +704,8 @@ function saveMedia() { var saveAnImage = function(aURIString, aChosenData, aBaseURI) { uniqueFile(aChosenData.file); internalSave(aURIString, null, null, null, null, false, "SaveImageTitle", - aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate); + aChosenData, aBaseURI, null, false, null, + gDocInfo.isContentWindowPrivate, gDocInfo.principal); }; for (var i = 0; i < rowArray.length; i++) { diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js index b73a01a0b0f3..a1ab9ddd1c9b 100644 --- a/browser/base/content/utilityOverlay.js +++ b/browser/base/content/utilityOverlay.js @@ -258,7 +258,8 @@ function openLinkIn(url, where, params) { // ContentClick.jsm passes isContentWindowPrivate for saveURL instead of passing a CPOW initiatingDoc if ("isContentWindowPrivate" in params) { - saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, null, params.isContentWindowPrivate); + saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, + null, params.isContentWindowPrivate, aPrincipal); } else { if (!aInitiatingDoc) { Cu.reportError("openUILink/openLinkIn was called with " + diff --git a/browser/components/shell/nsMacShellService.cpp b/browser/components/shell/nsMacShellService.cpp index 0a2672d8f84b..9b46fb8eca87 100644 --- a/browser/components/shell/nsMacShellService.cpp +++ b/browser/components/shell/nsMacShellService.cpp @@ -155,8 +155,8 @@ nsMacShellService::SetDesktopBackground(nsIDOMElement* aElement, loadContext = do_QueryInterface(docShell); } - return wbp->SaveURI(imageURI, nullptr, - docURI, content->OwnerDoc()->GetReferrerPolicy(), + return wbp->SaveURI(imageURI, aElement->NodePrincipal(), nullptr, + docURI, aElement->OwnerDoc()->GetReferrerPolicy(), nullptr, nullptr, mBackgroundFile, loadContext); } diff --git a/devtools/shared/gcli/commands/screenshot.js b/devtools/shared/gcli/commands/screenshot.js index fc1383225aa1..a64f6527c4c0 100644 --- a/devtools/shared/gcli/commands/screenshot.js +++ b/devtools/shared/gcli/commands/screenshot.js @@ -558,7 +558,6 @@ var saveToFile = Task.async(function* (context, reply) { // the downloads toolbar button when the save is done. const nsIWBP = Ci.nsIWebBrowserPersist; const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES | - nsIWBP.PERSIST_FLAGS_FORCE_ALLOW_COOKIES | nsIWBP.PERSIST_FLAGS_BYPASS_CACHE | nsIWBP.PERSIST_FLAGS_AUTODETECT_APPLY_CONVERSION; let isPrivate = @@ -577,7 +576,9 @@ var saveToFile = Task.async(function* (context, reply) { isPrivate); let listener = new DownloadListener(window, tr); persist.progressListener = listener; + const principal = Services.scriptSecurityManager.getSystemPrincipal(); persist.savePrivacyAwareURI(sourceURI, + principal, null, document.documentURIObject, Ci.nsIHttpChannel.REFERRER_POLICY_UNSET, diff --git a/devtools/shim/devtools-startup.js b/devtools/shim/devtools-startup.js index 9089812048db..3a0211b547a6 100644 --- a/devtools/shim/devtools-startup.js +++ b/devtools/shim/devtools-startup.js @@ -43,6 +43,8 @@ ChromeUtils.defineModuleGetter(this, "CustomizableUI", "resource:///modules/CustomizableUI.jsm"); ChromeUtils.defineModuleGetter(this, "CustomizableWidgets", "resource:///modules/CustomizableWidgets.jsm"); +ChromeUtils.defineModuleGetter(this, "PrivateBrowsingUtils", + "resource://gre/modules/PrivateBrowsingUtils.jsm"); XPCOMUtils.defineLazyGetter(this, "StartupBundle", function () { const url = "chrome://devtools-shim/locale/startup.properties"; @@ -901,16 +903,32 @@ const JsonView = { // Save original contents chrome.saveBrowser(browser); } else { + if (!message.data.startsWith("blob:null") || !browser.contentPrincipal.isNullPrincipal) { + Cu.reportError("Got invalid request to save JSON data"); + return; + } // The following code emulates saveBrowser, but: // - Uses the given blob URL containing the custom contents to save. // - Obtains the file name from the URL of the document, not the blob. + // - avoids passing the document and explicitly passes system principal. + // We have a blob created by a null principal to save, and the null + // principal is from the child. Null principals don't survive crossing + // over IPC, so there's no other principal that'll work. let persistable = browser.frameLoader; persistable.startPersistence(0, { onDocumentReady(doc) { let uri = chrome.makeURI(doc.documentURI, doc.characterSet); let filename = chrome.getDefaultFileName(undefined, uri, doc, null); - chrome.internalSave(message.data, doc, filename, null, doc.contentType, - false, null, null, null, doc, false, null, undefined); + chrome.internalSave(message.data, null, filename, null, doc.contentType, + false /* bypass cache */, + null, /* filepicker title key */ + null, /* file chosen */ + null, /* referrer */ + null, /* initiating document */ + false, /* don't skip prompt for a location */ + null, /* cache key */ + PrivateBrowsingUtils.isBrowserPrivate(browser), /* private browsing ? */ + Services.scriptSecurityManager.getSystemPrincipal()); }, onError(status) { throw new Error("JSON Viewer's onSave failed in startPersistence"); diff --git a/dom/base/nsContentAreaDragDrop.cpp b/dom/base/nsContentAreaDragDrop.cpp index 2b315267464d..55ed2d5aa480 100644 --- a/dom/base/nsContentAreaDragDrop.cpp +++ b/dom/base/nsContentAreaDragDrop.cpp @@ -146,6 +146,7 @@ NS_IMPL_ISUPPORTS(nsContentAreaDragDropDataProvider, nsIFlavorDataProvider) // into the file system nsresult nsContentAreaDragDropDataProvider::SaveURIToFile(nsIURI* inSourceURI, + nsIPrincipal* inTriggeringPrincipal, nsIFile* inDestFile, bool isPrivate) { @@ -167,7 +168,8 @@ nsContentAreaDragDropDataProvider::SaveURIToFile(nsIURI* inSourceURI, persist->SetPersistFlags(nsIWebBrowserPersist::PERSIST_FLAGS_AUTODETECT_APPLY_CONVERSION); // referrer policy can be anything since the referrer is nullptr - return persist->SavePrivacyAwareURI(inSourceURI, nullptr, nullptr, + return persist->SavePrivacyAwareURI(inSourceURI, + inTriggeringPrincipal, nullptr, nullptr, mozilla::net::RP_Unset, nullptr, nullptr, inDestFile, isPrivate); @@ -347,7 +349,9 @@ nsContentAreaDragDropDataProvider::GetFlavorData(nsITransferable *aTransferable, bool isPrivate; aTransferable->GetIsPrivateData(&isPrivate); - rv = SaveURIToFile(sourceURI, file, isPrivate); + nsCOMPtr<nsIPrincipal> principal; + aTransferable->GetRequestingPrincipal(getter_AddRefs(principal)); + rv = SaveURIToFile(sourceURI, principal, file, isPrivate); // send back an nsIFile if (NS_SUCCEEDED(rv)) { CallQueryInterface(file, aData); diff --git a/dom/base/nsContentAreaDragDrop.h b/dom/base/nsContentAreaDragDrop.h index 978e74905414..eb3416dbfbf7 100644 --- a/dom/base/nsContentAreaDragDrop.h +++ b/dom/base/nsContentAreaDragDrop.h @@ -77,6 +77,7 @@ public: NS_DECL_NSIFLAVORDATAPROVIDER nsresult SaveURIToFile(nsIURI* inSourceURI, + nsIPrincipal* inTriggeringPrincipal, nsIFile* inDestFile, bool isPrivate); }; diff --git a/dom/tests/browser/browser.ini b/dom/tests/browser/browser.ini index e1d853f1af5b..11cf9ebf2346 100644 --- a/dom/tests/browser/browser.ini +++ b/dom/tests/browser/browser.ini @@ -55,6 +55,10 @@ skip-if = !e10s || (os == "win" && processor == "x86") # Large-Allocation requir [browser_localStorage_e10s.js] skip-if = !e10s # This is a test of e10s functionality. [browser_localStorage_privatestorageevent.js] +[browser_persist_cookies.js] +support-files = + set-samesite-cookies-and-redirect.sjs + mimeme.sjs [browser_test_focus_after_modal_state.js] support-files = focus_after_prompt.html diff --git a/dom/tests/browser/browser_persist_cookies.js b/dom/tests/browser/browser_persist_cookies.js new file mode 100644 index 000000000000..78f3966f3bbc --- /dev/null +++ b/dom/tests/browser/browser_persist_cookies.js @@ -0,0 +1,94 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "https://example.org"); +const TEST_PATH2 = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "https://example.com"); + +var MockFilePicker = SpecialPowers.MockFilePicker; +MockFilePicker.init(window); + +registerCleanupFunction(async function() { + info("Running the cleanup code"); + MockFilePicker.cleanup(); + Services.obs.removeObserver(checkRequest, "http-on-modify-request"); + if (gTestDir && gTestDir.exists()) { + // On Windows, sometimes nsIFile.remove() throws, probably because we're + // still writing to the directory we're trying to remove, despite + // waiting for the download to complete. Just retry a bit later... + let succeeded = false; + while (!succeeded) { + try { + gTestDir.remove(true); + succeeded = true; + } catch (ex) { + await new Promise(requestAnimationFrame); + } + } + } +}); + +let gTestDir = null; + + +function checkRequest(subject) { + let httpChannel = subject.QueryInterface(Ci.nsIHttpChannel); + let spec = httpChannel.URI.spec; + // Ignore initial requests for page that sets cookies and its favicon, which may not have + // cookies. + if (httpChannel.URI.host == "example.org" && !spec.endsWith("favicon.ico") && !spec.includes("redirect.sjs")) { + let cookie = httpChannel.getRequestHeader("cookie"); + is(cookie.trim(), "normalCookie=true", "Should have correct cookie in request for " + spec); + } +} + +function createTemporarySaveDirectory() { + var saveDir = Services.dirsvc.get("TmpD", Ci.nsIFile); + saveDir.append("testsavedir"); + if (!saveDir.exists()) { + info("create testsavedir!"); + saveDir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o755); + } + info("return from createTempSaveDir: " + saveDir.path); + return saveDir; +} + +add_task(async function() { + await BrowserTestUtils.withNewTab("about:blank", async function(browser) { + Services.obs.addObserver(checkRequest, "http-on-modify-request"); + BrowserTestUtils.loadURI(browser, TEST_PATH + "set-samesite-cookies-and-redirect.sjs"); + // Test that the original document load doesn't send same-site cookies. + await BrowserTestUtils.browserLoaded(browser, true, TEST_PATH2 + "set-samesite-cookies-and-redirect.sjs"); + // Now check the saved page. + // Create the folder the link will be saved into. + gTestDir = createTemporarySaveDirectory(); + let destFile = gTestDir.clone(); + + MockFilePicker.displayDirectory = gTestDir; + let fileName; + MockFilePicker.showCallback = function(fp) { + info("showCallback"); + fileName = fp.defaultString; + info("fileName: " + fileName); + destFile.append(fileName); + info("path: " + destFile.path); + MockFilePicker.setFiles([destFile]); + MockFilePicker.filterIndex = 0; // kSaveAsType_Complete + info("done showCallback"); + }; + saveBrowser(browser); + await new Promise(async (resolve) => { + let dls = await Downloads.getList(Downloads.PUBLIC); + dls.addView({ + onDownloadChanged(download) { + if (download.succeeded) { + dls.removeView(this); + dls.removeFinished(); + resolve(); + } + } + }); + }); + }); +}); diff --git a/dom/tests/browser/mimeme.sjs b/dom/tests/browser/mimeme.sjs new file mode 100644 index 000000000000..9b92548f041d --- /dev/null +++ b/dom/tests/browser/mimeme.sjs @@ -0,0 +1,26 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function handleRequest(request, response) { + let mimeType = request.queryString.match(/type=([a-z]*)/)[1]; + switch (mimeType) { + case "css": + response.setHeader("Content-Type", "text/css"); + response.write("#hi {color: red}"); + break; + case "js": + response.setHeader("Content-Type", "application/javascript"); + response.write("var foo;"); + break; + case "png": + response.setHeader("Content-Type", "image/png"); + response.write(""); + break; + case "html": + response.setHeader("Content-Type", "text/html"); + response.write("<body>I am a subframe</body>"); + break; + } +} diff --git a/dom/tests/browser/set-samesite-cookies-and-redirect.sjs b/dom/tests/browser/set-samesite-cookies-and-redirect.sjs new file mode 100644 index 000000000000..74a494db9dbc --- /dev/null +++ b/dom/tests/browser/set-samesite-cookies-and-redirect.sjs @@ -0,0 +1,33 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function handleRequest(request, response) { + // Set cookies and redirect for .org: + if (request.host.endsWith(".org")) { + response.setHeader("Set-Cookie", "normalCookie=true; path=/;", true); + response.setHeader("Set-Cookie", "laxHeader=true; path=/; SameSite=Lax", true); + response.setHeader("Set-Cookie", "strictHeader=true; path=/; SameSite=Strict", true); + response.write(` + <head> + <meta http-equiv='set-cookie' content='laxMeta=true; path=/; SameSite=Lax'> + <meta http-equiv='set-cookie' content='strictMeta=true; path=/; SameSite=Strict'> + </head> + <body> + <script> + document.cookie = 'laxScript=true; path=/; SameSite=Lax'; + document.cookie = 'strictScript=true; path=/; SameSite=Strict'; + location.href = location.href.replace(/\.org/, ".com"); + </script> + </body>`); + } else { + let baseURI = "https://example.org/" + request.path.replace(/[a-z-]*\.sjs/, "mimeme.sjs?type="); + response.write(` + <link rel="stylesheet" type="text/css" href="${baseURI}css"> + <iframe src="${baseURI}html"></iframe> + <script src="${baseURI}js"></script> + <img src="${baseURI}png"> + `); + } +} diff --git a/dom/webbrowserpersist/PWebBrowserPersistDocument.ipdl b/dom/webbrowserpersist/PWebBrowserPersistDocument.ipdl index ad6332763e68..7c2fc64c53d2 100644 --- a/dom/webbrowserpersist/PWebBrowserPersistDocument.ipdl +++ b/dom/webbrowserpersist/PWebBrowserPersistDocument.ipdl @@ -10,6 +10,7 @@ include protocol PFileDescriptorSet; include protocol PChildToParentStream; //FIXME: bug #792908 include protocol PParentToChildStream; //FIXME: bug #792908 +include PBackgroundSharedTypes; include IPCStream; namespace mozilla { @@ -29,6 +30,7 @@ struct WebBrowserPersistDocumentAttrs { nsString contentDisposition; uint32_t cacheKey; uint32_t persistFlags; + PrincipalInfo principal; }; // IPDL doesn't have tuples, so this gives the pair of strings from diff --git a/dom/webbrowserpersist/WebBrowserPersistDocumentChild.cpp b/dom/webbrowserpersist/WebBrowserPersistDocumentChild.cpp index 4a8e31b6f4eb..7b893d145f7a 100644 --- a/dom/webbrowserpersist/WebBrowserPersistDocumentChild.cpp +++ b/dom/webbrowserpersist/WebBrowserPersistDocumentChild.cpp @@ -41,6 +41,7 @@ WebBrowserPersistDocumentChild::Start(nsIWebBrowserPersistDocument* aDocument) return; } + nsCOMPtr<nsIPrincipal> principal; WebBrowserPersistDocumentAttrs attrs; nsCOMPtr<nsIInputStream> postDataStream; #define ENSURE(e) do { \ @@ -60,6 +61,10 @@ WebBrowserPersistDocumentChild::Start(nsIWebBrowserPersistDocument* aDocument) ENSURE(aDocument->GetContentDisposition(attrs.contentDisposition())); ENSURE(aDocument->GetCacheKey(&(attrs.cacheKey()))); ENSURE(aDocument->GetPersistFlags(&(attrs.persistFlags()))); + + ENSURE(aDocument->GetPrincipal(getter_AddRefs(principal))); + ENSURE(ipc::PrincipalToPrincipalInfo(principal, &(attrs.principal()))); + ENSURE(aDocument->GetPostData(getter_AddRefs(postDataStream))); #undef ENSURE diff --git a/dom/webbrowserpersist/WebBrowserPersistLocalDocument.cpp b/dom/webbrowserpersist/WebBrowserPersistLocalDocument.cpp index d6527e47d7ca..6d706c39f1c2 100644 --- a/dom/webbrowserpersist/WebBrowserPersistLocalDocument.cpp +++ b/dom/webbrowserpersist/WebBrowserPersistLocalDocument.cpp @@ -199,6 +199,14 @@ WebBrowserPersistLocalDocument::GetPostData(nsIInputStream** aStream) return history->GetPostData(aStream); } +NS_IMETHODIMP +WebBrowserPersistLocalDocument::GetPrincipal(nsIPrincipal** aPrincipal) +{ + nsCOMPtr<nsIPrincipal> nodePrincipal = mDocument->NodePrincipal(); + nodePrincipal.forget(aPrincipal); + return NS_OK; +} + already_AddRefed<nsISHEntry> WebBrowserPersistLocalDocument::GetHistory() { diff --git a/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.cpp b/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.cpp index c7dcca8619da..cfe831cfb57d 100644 --- a/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.cpp +++ b/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.cpp @@ -9,6 +9,9 @@ #include "WebBrowserPersistResourcesParent.h" #include "WebBrowserPersistSerializeParent.h" #include "mozilla/Unused.h" +#include "mozilla/ipc/BackgroundUtils.h" + +#include "nsIPrincipal.h" namespace mozilla { @@ -23,6 +26,8 @@ WebBrowserPersistRemoteDocument , mAttrs(aAttrs) , mPostData(aPostData) { + nsresult rv; + mPrincipal = ipc::PrincipalInfoToPrincipal(mAttrs.principal(), &rv); } WebBrowserPersistRemoteDocument::~WebBrowserPersistRemoteDocument() @@ -133,6 +138,14 @@ WebBrowserPersistRemoteDocument::GetPostData(nsIInputStream** aStream) } NS_IMETHODIMP +WebBrowserPersistRemoteDocument::GetPrincipal(nsIPrincipal** aPrincipal) +{ + nsCOMPtr<nsIPrincipal> nodePrincipal = mPrincipal; + nodePrincipal.forget(aPrincipal); + return NS_OK; +} + +NS_IMETHODIMP WebBrowserPersistRemoteDocument::ReadResources(nsIWebBrowserPersistResourceVisitor* aVisitor) { if (!mActor) { diff --git a/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.h b/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.h index 08d435903843..2808ac4b53c0 100644 --- a/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.h +++ b/dom/webbrowserpersist/WebBrowserPersistRemoteDocument.h @@ -13,6 +13,8 @@ #include "nsIWebBrowserPersistDocument.h" #include "nsIInputStream.h" +class nsIPrincipal; + // This class is the XPCOM half of the glue between the // nsIWebBrowserPersistDocument interface and a remote document; it is // created by WebBrowserPersistDocumentParent when (and if) it @@ -40,6 +42,7 @@ private: WebBrowserPersistDocumentParent* mActor; Attrs mAttrs; nsCOMPtr<nsIInputStream> mPostData; + nsCOMPtr<nsIPrincipal> mPrincipal; friend class WebBrowserPersistDocumentParent; WebBrowserPersistRemoteDocument(WebBrowserPersistDocumentParent* aActor, diff --git a/dom/webbrowserpersist/nsIWebBrowserPersist.idl b/dom/webbrowserpersist/nsIWebBrowserPersist.idl index 8de84f5e2904..9573a024eebf 100644 --- a/dom/webbrowserpersist/nsIWebBrowserPersist.idl +++ b/dom/webbrowserpersist/nsIWebBrowserPersist.idl @@ -13,6 +13,7 @@ interface nsIWebProgressListener; interface nsIFile; interface nsIChannel; interface nsILoadContext; +interface nsIPrincipal; /** * Interface for persisting DOM documents and URIs to local or remote storage. @@ -67,12 +68,6 @@ interface nsIWebBrowserPersist : nsICancelable const unsigned long PERSIST_FLAGS_APPEND_TO_FILE = 32768; /** - * Force relevant cookies to be sent with this load even if normally they - * wouldn't be. - */ - const unsigned long PERSIST_FLAGS_FORCE_ALLOW_COOKIES = 65536; - - /** * Flags governing how data is fetched and saved from the network. * It is best to set this value explicitly unless you are prepared * to accept the default values. @@ -117,6 +112,8 @@ interface nsIWebBrowserPersist : nsICancelable * @param aURI URI to save to file. Some implementations of this interface * may also support <CODE>nullptr</CODE> to imply the currently * loaded URI. + * @param aTriggeringPrincipal + * The triggering principal for the URI we're saving. * @param aCacheKey An object representing the URI in the cache or * <CODE>nullptr</CODE>. This can be a necko cache key, * an nsIWebPageDescriptor, or the currentDescriptor of an @@ -146,7 +143,8 @@ interface nsIWebBrowserPersist : nsICancelable * * @throws NS_ERROR_INVALID_ARG One or more arguments was invalid. */ - void saveURI(in nsIURI aURI, in nsISupports aCacheKey, + void saveURI(in nsIURI aURI, in nsIPrincipal aTriggeringPrincipal, + in nsISupports aCacheKey, in nsIURI aReferrer, in unsigned long aReferrerPolicy, in nsIInputStream aPostData, in string aExtraHeaders, in nsISupports aFile, @@ -158,7 +156,8 @@ interface nsIWebBrowserPersist : nsICancelable * of intermediate data, etc.) * @see saveURI for all other parameter descriptions */ - void savePrivacyAwareURI(in nsIURI aURI, in nsISupports aCacheKey, + void savePrivacyAwareURI(in nsIURI aURI, + in nsIPrincipal aTriggeringPrincipal, in nsISupports aCacheKey, in nsIURI aReferrer, in unsigned long aReferrerPolicy, in nsIInputStream aPostData, in string aExtraHeaders, in nsISupports aFile, diff --git a/dom/webbrowserpersist/nsIWebBrowserPersistDocument.idl b/dom/webbrowserpersist/nsIWebBrowserPersistDocument.idl index ba5bea8b2906..f7aa146766d0 100644 --- a/dom/webbrowserpersist/nsIWebBrowserPersistDocument.idl +++ b/dom/webbrowserpersist/nsIWebBrowserPersistDocument.idl @@ -9,6 +9,7 @@ interface nsIDOMDocument; interface nsIInputStream; interface nsIOutputStream; +interface nsIPrincipal; interface nsITabParent; interface nsIWebBrowserPersistResourceVisitor; interface nsIWebBrowserPersistWriteCompletion; @@ -61,6 +62,7 @@ interface nsIWebBrowserPersistDocument : nsISupports readonly attribute AString referrer; readonly attribute AString contentDisposition; readonly attribute nsIInputStream postData; + readonly attribute nsIPrincipal principal; /** * The cache key. Unlike in nsISHEntry, where it's wrapped in an diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index fd6d9d0d9315..12e6c41c37d8 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -84,6 +84,7 @@ struct nsWebBrowserPersist::DocData nsCOMPtr<nsIURI> mBaseURI; nsCOMPtr<nsIWebBrowserPersistDocument> mDocument; nsCOMPtr<nsIURI> mFile; + nsCOMPtr<nsIPrincipal> mPrincipal; nsCString mCharset; }; @@ -414,18 +415,20 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener( } NS_IMETHODIMP nsWebBrowserPersist::SaveURI( - nsIURI *aURI, nsISupports *aCacheKey, + nsIURI *aURI, nsIPrincipal *aPrincipal, nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, nsIInputStream *aPostData, const char *aExtraHeaders, nsISupports *aFile, nsILoadContext* aPrivacyContext) { - return SavePrivacyAwareURI(aURI, aCacheKey, aReferrer, aReferrerPolicy, - aPostData, aExtraHeaders, aFile, - aPrivacyContext && aPrivacyContext->UsePrivateBrowsing()); + bool isPrivate = + aPrivacyContext && aPrivacyContext->UsePrivateBrowsing(); + return SavePrivacyAwareURI(aURI, aPrincipal, aCacheKey, + aReferrer, aReferrerPolicy, + aPostData, aExtraHeaders, aFile, isPrivate); } NS_IMETHODIMP nsWebBrowserPersist::SavePrivacyAwareURI( - nsIURI *aURI, nsISupports *aCacheKey, + nsIURI *aURI, nsIPrincipal *aPrincipal, nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, nsIInputStream *aPostData, const char *aExtraHeaders, nsISupports *aFile, bool aIsPrivate) @@ -440,8 +443,10 @@ NS_IMETHODIMP nsWebBrowserPersist::SavePrivacyAwareURI( // SaveURI doesn't like broken uris. mPersistFlags |= PERSIST_FLAGS_FAIL_ON_BROKEN_LINKS; - rv = SaveURIInternal(aURI, aCacheKey, aReferrer, aReferrerPolicy, - aPostData, aExtraHeaders, fileAsURI, false, aIsPrivate); + rv = SaveURIInternal(aURI, aPrincipal, aCacheKey, + aReferrer, aReferrerPolicy, + aPostData, aExtraHeaders, fileAsURI, + false, aIsPrivate); return NS_FAILED(rv) ? rv : NS_OK; } @@ -600,6 +605,13 @@ nsWebBrowserPersist::SerializeNextFile() } if (urisToPersist > 0) { + nsCOMPtr<nsIPrincipal> docPrincipal; + //XXXgijs I *think* this is already always true, but let's be sure. + MOZ_ASSERT(mDocList.Length() > 0, + "Should have the document for any walked URIs to persist!"); + nsresult rv = mDocList.ElementAt(0)->mDocument-> + GetPrincipal(getter_AddRefs(docPrincipal)); + NS_ENSURE_SUCCESS_VOID(rv); // Persist each file in the uri map. The document(s) // will be saved after the last one of these is saved. for (auto iter = mURIMap.Iter(); !iter.Done(); iter.Next()) { @@ -609,8 +621,6 @@ nsWebBrowserPersist::SerializeNextFile() continue; } - nsresult rv; - // Create a URI from the key. nsCOMPtr<nsIURI> uri; rv = NS_NewURI(getter_AddRefs(uri), iter.Key(), @@ -632,7 +642,7 @@ nsWebBrowserPersist::SerializeNextFile() // The Referrer Policy doesn't matter here since the referrer is // nullptr. - rv = SaveURIInternal(uri, nullptr, nullptr, + rv = SaveURIInternal(uri, docPrincipal, nullptr, nullptr, mozilla::net::RP_Unset, nullptr, nullptr, fileAsURI, true, mIsPrivate); // If SaveURIInternal fails, then it will have called EndDownload, @@ -1329,7 +1339,8 @@ nsWebBrowserPersist::AppendPathToURI(nsIURI *aURI, const nsAString & aPath, nsCO } nsresult nsWebBrowserPersist::SaveURIInternal( - nsIURI *aURI, nsISupports *aCacheKey, nsIURI *aReferrer, + nsIURI *aURI, nsIPrincipal* aTriggeringPrincipal, + nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, nsIInputStream *aPostData, const char *aExtraHeaders, nsIURI *aFile, bool aCalcFileExt, bool aIsPrivate) @@ -1385,7 +1396,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( nsCOMPtr<nsIChannel> inputChannel; rv = NS_NewChannel(getter_AddRefs(inputChannel), aURI, - nsContentUtils::GetSystemPrincipal(), + aTriggeringPrincipal, nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER, nullptr, // aPerformanceStorage @@ -1415,16 +1426,6 @@ nsresult nsWebBrowserPersist::SaveURIInternal( } } - if (mPersistFlags & PERSIST_FLAGS_FORCE_ALLOW_COOKIES) - { - nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = - do_QueryInterface(inputChannel); - if (httpChannelInternal) { - rv = httpChannelInternal->SetThirdPartyFlags(nsIHttpChannelInternal::THIRD_PARTY_FORCE_ALLOW); - MOZ_ASSERT(NS_SUCCEEDED(rv)); - } - } - // Set the referrer, post data and headers if any nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(inputChannel)); if (httpChannel) diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h index 17b570d783e7..b9a2e3da73b6 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.h +++ b/dom/webbrowserpersist/nsWebBrowserPersist.h @@ -57,7 +57,8 @@ public: private: virtual ~nsWebBrowserPersist(); nsresult SaveURIInternal( - nsIURI *aURI, nsISupports *aCacheKey, nsIURI *aReferrer, + nsIURI *aURI, nsIPrincipal* aTriggeringPrincipal, + nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, nsIInputStream *aPostData, const char *aExtraHeaders, nsIURI *aFile, bool aCalcFileExt, bool aIsPrivate); diff --git a/toolkit/components/browser/nsWebBrowser.cpp b/toolkit/components/browser/nsWebBrowser.cpp index 40ac82210502..cdc3804fee73 100644 --- a/toolkit/components/browser/nsWebBrowser.cpp +++ b/toolkit/components/browser/nsWebBrowser.cpp @@ -998,6 +998,7 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener) NS_IMETHODIMP nsWebBrowser::SaveURI(nsIURI* aURI, + nsIPrincipal* aPrincipal, nsISupports* aCacheKey, nsIURI* aReferrer, uint32_t aReferrerPolicy, @@ -1007,12 +1008,14 @@ nsWebBrowser::SaveURI(nsIURI* aURI, nsILoadContext* aPrivacyContext) { return SavePrivacyAwareURI( - aURI, aCacheKey, aReferrer, aReferrerPolicy, aPostData, aExtraHeaders, - aFile, aPrivacyContext && aPrivacyContext->UsePrivateBrowsing()); + aURI, aPrincipal, aCacheKey, aReferrer, aReferrerPolicy, aPostData, + aExtraHeaders, aFile, + aPrivacyContext && aPrivacyContext->UsePrivateBrowsing()); } NS_IMETHODIMP nsWebBrowser::SavePrivacyAwareURI(nsIURI* aURI, + nsIPrincipal* aPrincipal, nsISupports* aCacheKey, nsIURI* aReferrer, uint32_t aReferrerPolicy, @@ -1050,8 +1053,9 @@ nsWebBrowser::SavePrivacyAwareURI(nsIURI* aURI, mPersist->SetPersistFlags(mPersistFlags); mPersist->GetCurrentState(&mPersistCurrentState); - rv = mPersist->SavePrivacyAwareURI(uri, aCacheKey, aReferrer, aReferrerPolicy, - aPostData, aExtraHeaders, aFile, aIsPrivate); + rv = mPersist->SavePrivacyAwareURI(uri, aPrincipal, aCacheKey, + aReferrer, aReferrerPolicy, aPostData, + aExtraHeaders, aFile, aIsPrivate); if (NS_FAILED(rv)) { mPersist = nullptr; } diff --git a/toolkit/components/downloads/test/unit/head.js b/toolkit/components/downloads/test/unit/head.js index 63bf2ff884a7..6c5c1b095ada 100644 --- a/toolkit/components/downloads/test/unit/head.js +++ b/toolkit/components/downloads/test/unit/head.js @@ -299,7 +299,8 @@ function promiseStartLegacyDownload(aSourceUrl, aOptions) { // Start the actual download process. persist.savePrivacyAwareURI( - sourceURI, null, referrer, Ci.nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL, + sourceURI, Services.scriptSecurityManager.getSystemPrincipal(), + null, referrer, Ci.nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL, null, null, targetFile, isPrivate); }).catch(do_report_unexpected_exception); diff --git a/toolkit/components/viewsource/content/viewSourceUtils.js b/toolkit/components/viewsource/content/viewSourceUtils.js index 610667cde3cd..d91f3481f802 100644 --- a/toolkit/components/viewsource/content/viewSourceUtils.js +++ b/toolkit/components/viewsource/content/viewSourceUtils.js @@ -228,7 +228,11 @@ var gViewSourceUtils = { webBrowserPersist.persistFlags = this.mnsIWebBrowserPersist.PERSIST_FLAGS_REPLACE_EXISTING_FILES; webBrowserPersist.progressListener = this.viewSourceProgressListener; let referrerPolicy = Ci.nsIHttpChannel.REFERRER_POLICY_NO_REFERRER; - webBrowserPersist.savePrivacyAwareURI(uri, null, null, referrerPolicy, null, null, file, data.isPrivate); + let ssm = Services.scriptSecurityManager; + let principal = ssm.createCodebasePrincipal(data.uri, + browser.contentPrincipal.originAttributes); + webBrowserPersist.savePrivacyAwareURI(uri, principal, null, null, + referrerPolicy, null, null, file, data.isPrivate); let helperService = Cc["@mozilla.org/uriloader/external-helper-app-service;1"] .getService(Ci.nsPIExternalAppLauncher); diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js index 48cf448798a5..fa5a7a56c935 100644 --- a/toolkit/content/contentAreaUtils.js +++ b/toolkit/content/contentAreaUtils.js @@ -62,14 +62,15 @@ function forbidCPOW(arg, func, argname) { // - A linked document using Alt-click Save Link As... // function saveURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, - aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate) { + aSkipPrompt, aReferrer, aSourceDocument, + aIsContentWindowPrivate, aPrincipal) { forbidCPOW(aURL, "saveURL", "aURL"); forbidCPOW(aReferrer, "saveURL", "aReferrer"); // Allow aSourceDocument to be a CPOW. internalSave(aURL, null, aFileName, null, null, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, aSourceDocument, - aSkipPrompt, null, aIsContentWindowPrivate); + aSkipPrompt, null, aIsContentWindowPrivate, aPrincipal); } // Just like saveURL, but will get some info off the image before @@ -112,7 +113,7 @@ const nsISupportsCString = Ci.nsISupportsCString; */ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, aSkipPrompt, aReferrer, aDoc, aContentType, aContentDisp, - aIsContentWindowPrivate) { + aIsContentWindowPrivate, aPrincipal) { forbidCPOW(aURL, "saveImageURL", "aURL"); forbidCPOW(aReferrer, "saveImageURL", "aReferrer"); @@ -156,7 +157,7 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, internalSave(aURL, null, aFileName, aContentDisp, aContentType, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, - null, aSkipPrompt, null, aIsContentWindowPrivate); + aDoc, aSkipPrompt, null, aIsContentWindowPrivate, aPrincipal); } // This is like saveDocument, but takes any browser/frame-like element @@ -350,11 +351,15 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text); * This parameter is provided when the aInitiatingDocument is not a * real document object. Stores whether aInitiatingDocument.defaultView * was private or not. + * @param aPrincipal [optional] + * This parameter is provided when neither aDocument nor + * aInitiatingDocument is provided. Used to determine what level of + * privilege to load the URI with. */ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, aContentType, aShouldBypassCache, aFilePickerTitleKey, aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt, - aCacheKey, aIsContentWindowPrivate) { + aCacheKey, aIsContentWindowPrivate, aPrincipal) { forbidCPOW(aURL, "internalSave", "aURL"); forbidCPOW(aReferrer, "internalSave", "aReferrer"); forbidCPOW(aCacheKey, "internalSave", "aCacheKey"); @@ -430,8 +435,17 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, : aInitiatingDocument.isPrivate; } + // We have to cover the cases here where we were either passed an explicit + // principal, or a 'real' document (with a nodePrincipal property), or an + // nsIWebBrowserPersistDocument which has a principal property. + let sourcePrincipal = + aPrincipal || + (aDocument && (aDocument.nodePrincipal || aDocument.principal)) || + (aInitiatingDocument && aInitiatingDocument.nodePrincipal); + var persistArgs = { sourceURI, + sourcePrincipal, sourceReferrer: aReferrer, sourceDocument: useSaveDocument ? aDocument : null, targetContentType: (saveAsType == kSaveAsType_Text) ? "text/plain" : null, @@ -482,8 +496,7 @@ function internalPersist(persistArgs) { // Calculate persist flags. const nsIWBP = Ci.nsIWebBrowserPersist; - const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES | - nsIWBP.PERSIST_FLAGS_FORCE_ALLOW_COOKIES; + const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES; if (persistArgs.bypassCache) persist.persistFlags = flags | nsIWBP.PERSIST_FLAGS_BYPASS_CACHE; else @@ -530,6 +543,7 @@ function internalPersist(persistArgs) { persistArgs.targetContentType, encodingFlags, kWrapColumn); } else { persist.savePrivacyAwareURI(persistArgs.sourceURI, + persistArgs.sourcePrincipal, persistArgs.sourceCacheKey, persistArgs.sourceReferrer, Ci.nsIHttpChannel.REFERRER_POLICY_UNSET, diff --git a/toolkit/content/tests/browser/browser_saveImageURL.js b/toolkit/content/tests/browser/browser_saveImageURL.js index 970aaea43ca9..609db2cb2adc 100644 --- a/toolkit/content/tests/browser/browser_saveImageURL.js +++ b/toolkit/content/tests/browser/browser_saveImageURL.js @@ -36,7 +36,8 @@ add_task(async function preferred_API() { return image.href; }); - saveImageURL(url, "image.jpg", null, true, false, null, null, null, null, false); + saveImageURL(url, "image.jpg", null, true, false, null, null, null, null, + false, gBrowser.contentPrincipal); // eslint-disable-next-line mozilla/no-cpows-in-tests let channel = gBrowser.contentDocumentAsCPOW.docShell.currentDocumentChannel; if (channel) { diff --git a/toolkit/mozapps/extensions/LightweightThemeManager.jsm b/toolkit/mozapps/extensions/LightweightThemeManager.jsm index 720f27b48244..d5efecca0de7 100644 --- a/toolkit/mozapps/extensions/LightweightThemeManager.jsm +++ b/toolkit/mozapps/extensions/LightweightThemeManager.jsm @@ -869,7 +869,8 @@ function _persistImage(sourceURL, localFileName, successCallback) { persist.progressListener = new _persistProgressListener(successCallback); - persist.saveURI(sourceURI, null, + let sourcePrincipal = Services.scriptSecurityManager.createCodebasePrincipal(sourceURI, {}); + persist.saveURI(sourceURI, sourcePrincipal, null, null, Ci.nsIHttpChannel.REFERRER_POLICY_UNSET, null, null, targetURI, null); }

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Revert "Bug 22343: Make 'Save Page As' obey first-party isolation"
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 9c9809f628c810e53f428ec565aa8d515908a2b7 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Jan 21 11:28:54 2019 +0000 Revert "Bug 22343: Make 'Save Page As' obey first-party isolation" This reverts commit 3fe87eec8bc9555ed4d1a59e1a26bc6c6df93f38. --- browser/base/content/browser.js | 2 +- browser/base/content/nsContextMenu.js | 39 ++++++++------------------ browser/base/content/pageinfo/pageInfo.js | 5 ++-- browser/base/content/utilityOverlay.js | 6 ++-- dom/webbrowserpersist/nsIWebBrowserPersist.idl | 9 +----- dom/webbrowserpersist/nsWebBrowserPersist.cpp | 18 ++---------- dom/webbrowserpersist/nsWebBrowserPersist.h | 2 -- mobile/android/chrome/content/browser.js | 6 ++-- netwerk/base/LoadContextInfo.cpp | 18 ++---------- toolkit/components/browser/nsWebBrowser.cpp | 12 -------- toolkit/content/contentAreaUtils.js | 32 ++++++--------------- 11 files changed, 34 insertions(+), 115 deletions(-) diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 5eed34e08086..0fc6a72daf66 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -6175,7 +6175,7 @@ function handleLinkClick(event, href, linkNode) { if (where == "save") { saveURL(href, linkNode ? gatherTextUnder(linkNode) : "", null, true, - true, doc.documentURIObject, doc, undefined, doc.nodePrincipal); + true, doc.documentURIObject, doc); event.preventDefault(); return true; } diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js index 37ebde22ea07..368d0475ac34 100644 --- a/browser/base/content/nsContextMenu.js +++ b/browser/base/content/nsContextMenu.js @@ -989,11 +989,9 @@ nsContextMenu.prototype = { let onMessage = (message) => { mm.removeMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); let dataURL = message.data.dataURL; - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(dataURL), this.principal.originAttributes); saveImageURL(dataURL, name, "SaveImageTitle", true, false, document.documentURIObject, null, null, null, - isPrivate, principal); + isPrivate); }; mm.addMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); }, @@ -1065,7 +1063,7 @@ nsContextMenu.prototype = { // Helper function to wait for appropriate MIME-type headers and // then prompt the user with a file picker saveHelper(linkURL, linkText, dialogTitle, bypassCache, doc, docURI, - windowID, linkDownload, isContentWindowPrivate, contentPrincipal) { + windowID, linkDownload, isContentWindowPrivate) { // canonical def in nsURILoader.h const NS_ERROR_SAVE_LINK_AS_TIMEOUT = 0x805d0020; @@ -1118,7 +1116,7 @@ nsContextMenu.prototype = { // do it the old fashioned way, which will pick the best filename // it can without waiting. saveURL(linkURL, linkText, dialogTitle, bypassCache, false, docURI, - doc, isContentWindowPrivate, contentPrincipal); + doc, isContentWindowPrivate); } if (this.extListener) this.extListener.onStopRequest(aRequest, aContext, aStatusCode); @@ -1158,13 +1156,10 @@ nsContextMenu.prototype = { } }; - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(linkURL), this.principal.originAttributes); - // setting up a new channel for 'right click - save link as ...' var channel = NetUtil.newChannel({ uri: makeURI(linkURL), - loadingPrincipal: principal, + loadingPrincipal: this.principal, contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD, securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS, }); @@ -1206,17 +1201,14 @@ nsContextMenu.prototype = { // Save URL of clicked-on link. saveLink() { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.linkURL), this.principal.originAttributes); - urlSecurityCheck(this.linkURL, principal); + urlSecurityCheck(this.linkURL, this.principal); let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined; this.saveHelper(this.linkURL, this.linkTextStr, null, true, this.ownerDoc, gContextMenuContentData.documentURIObject, this.frameOuterWindowID, this.linkDownload, - isContentWindowPrivate, - principal); + isContentWindowPrivate); }, // Backwards-compatibility wrapper @@ -1231,32 +1223,23 @@ nsContextMenu.prototype = { let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined; let referrerURI = gContextMenuContentData.documentURIObject; let isPrivate = PrivateBrowsingUtils.isBrowserPrivate(this.browser); - let thisPrincipal = this.principal; if (this.onCanvas) { // Bypass cache, since it's a data: URL. this._canvasToBlobURL(this.target).then(function(blobURL) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(blobURL), thisPrincipal.originAttributes); saveImageURL(blobURL, "canvas.png", "SaveImageTitle", true, false, referrerURI, null, null, null, - isPrivate, principal); + isPrivate); }, Cu.reportError); } else if (this.onImage) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.mediaURL), thisPrincipal.originAttributes); - urlSecurityCheck(this.mediaURL, principal); + urlSecurityCheck(this.mediaURL, this.principal); saveImageURL(this.mediaURL, null, "SaveImageTitle", false, false, referrerURI, null, gContextMenuContentData.contentType, - gContextMenuContentData.contentDisposition, isPrivate, - principal); + gContextMenuContentData.contentDisposition, isPrivate); } else if (this.onVideo || this.onAudio) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.mediaURL), thisPrincipal.originAttributes); - urlSecurityCheck(this.mediaURL, principal); + urlSecurityCheck(this.mediaURL, this.principal); var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle"; this.saveHelper(this.mediaURL, null, dialogTitle, false, doc, referrerURI, - this.frameOuterWindowID, "", isContentWindowPrivate, - principal); + this.frameOuterWindowID, "", isContentWindowPrivate); } }, diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js index efe24f7487d9..86f548c74494 100644 --- a/browser/base/content/pageinfo/pageInfo.js +++ b/browser/base/content/pageinfo/pageInfo.js @@ -696,7 +696,7 @@ function saveMedia() { titleKey = "SaveAudioTitle"; saveURL(url, null, titleKey, false, false, makeURI(item.baseURI), - null, gDocInfo.isContentWindowPrivate, gDocInfo.principal); + null, gDocInfo.isContentWindowPrivate); } } else { selectSaveFolder(function(aDirectory) { @@ -704,8 +704,7 @@ function saveMedia() { var saveAnImage = function(aURIString, aChosenData, aBaseURI) { uniqueFile(aChosenData.file); internalSave(aURIString, null, null, null, null, false, "SaveImageTitle", - aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate, - gDocInfo.principal); + aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate); }; for (var i = 0; i < rowArray.length; i++) { diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js index 4cd7d91e4e9a..b73a01a0b0f3 100644 --- a/browser/base/content/utilityOverlay.js +++ b/browser/base/content/utilityOverlay.js @@ -258,16 +258,14 @@ function openLinkIn(url, where, params) { // ContentClick.jsm passes isContentWindowPrivate for saveURL instead of passing a CPOW initiatingDoc if ("isContentWindowPrivate" in params) { - saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, - null, params.isContentWindowPrivate, - aPrincipal || aTriggeringPrincipal); + saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, null, params.isContentWindowPrivate); } else { if (!aInitiatingDoc) { Cu.reportError("openUILink/openLinkIn was called with " + "where == 'save' but without initiatingDoc. See bug 814264."); return; } - saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc, params.isContentWindowPrivate, aPrincipal || aTriggeringPrincipal); + saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc); } return; } diff --git a/dom/webbrowserpersist/nsIWebBrowserPersist.idl b/dom/webbrowserpersist/nsIWebBrowserPersist.idl index 62ac1c1cd7bd..8de84f5e2904 100644 --- a/dom/webbrowserpersist/nsIWebBrowserPersist.idl +++ b/dom/webbrowserpersist/nsIWebBrowserPersist.idl @@ -13,12 +13,11 @@ interface nsIWebProgressListener; interface nsIFile; interface nsIChannel; interface nsILoadContext; -interface nsIPrincipal; /** * Interface for persisting DOM documents and URIs to local or remote storage. */ -[scriptable, uuid(ccdbc750-be09-4f11-bb01-4e0a4db76c41)] +[scriptable, uuid(8cd752a4-60b1-42c3-a819-65c7a1138a28)] interface nsIWebBrowserPersist : nsICancelable { /** No special persistence behaviour. */ @@ -113,12 +112,6 @@ interface nsIWebBrowserPersist : nsICancelable attribute nsIWebProgressListener progressListener; /** - * This attribute can be used to set the loading principal - * of the document or URI to be persisted. - */ - attribute nsIPrincipal loadingPrincipal; - - /** * Save the specified URI to file. * * @param aURI URI to save to file. Some implementations of this interface diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index 4f49b63475f3..fd6d9d0d9315 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -277,7 +277,6 @@ const char *kWebBrowserPersistStringBundle = nsWebBrowserPersist::nsWebBrowserPersist() : mCurrentDataPathIsRelative(false), mCurrentThingsToPersist(0), - mLoadingPrincipal(nsContentUtils::GetSystemPrincipal()), mFirstAndOnlyUse(true), mSavingDocument(false), mCancel(false), @@ -414,19 +413,6 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener( return NS_OK; } -NS_IMETHODIMP nsWebBrowserPersist::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal) -{ - *loadingPrincipal = mLoadingPrincipal; - return NS_OK; -} - -NS_IMETHODIMP nsWebBrowserPersist::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal) -{ - mLoadingPrincipal = loadingPrincipal ? loadingPrincipal : - nsContentUtils::GetSystemPrincipal(); - return NS_OK; -} - NS_IMETHODIMP nsWebBrowserPersist::SaveURI( nsIURI *aURI, nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, @@ -1399,7 +1385,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( nsCOMPtr<nsIChannel> inputChannel; rv = NS_NewChannel(getter_AddRefs(inputChannel), aURI, - mLoadingPrincipal, + nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER, nullptr, // aPerformanceStorage @@ -2770,7 +2756,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel) rv = NS_NewChannel(aChannel, aURI, - mLoadingPrincipal, + nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER); NS_ENSURE_SUCCESS(rv, rv); diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h index f95300be12cb..17b570d783e7 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.h +++ b/dom/webbrowserpersist/nsWebBrowserPersist.h @@ -147,8 +147,6 @@ private: nsCOMPtr<nsIMIMEService> mMIMEService; nsCOMPtr<nsIURI> mURI; nsCOMPtr<nsIWebProgressListener> mProgressListener; - nsCOMPtr<nsIPrincipal> mLoadingPrincipal; - /** * Progress listener for 64-bit values; this is the same object as * mProgressListener, but is a member to avoid having to qi it for each diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js index 3e074009fad9..c3430f5b5a4c 100644 --- a/mobile/android/chrome/content/browser.js +++ b/mobile/android/chrome/content/browser.js @@ -886,10 +886,10 @@ var BrowserApp = { if (!permissionGranted) { return; } - let doc = aTarget.ownerDocument; + ContentAreaUtils.saveImageURL(aTarget.currentRequestFinalURI.spec, null, "SaveImageTitle", - false, true, doc.documentURIObject, - null, null, null, doc.isPrivate, doc.nodePrincipal); + false, true, aTarget.ownerDocument.documentURIObject, + aTarget.ownerDocument); }); }); diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp index 1218345b63ed..79f870e8d20d 100644 --- a/netwerk/base/LoadContextInfo.cpp +++ b/netwerk/base/LoadContextInfo.cpp @@ -121,6 +121,8 @@ GetLoadContextInfo(nsIChannel * aChannel) { nsresult rv; + DebugOnly<bool> pb = NS_UsePrivateBrowsing(aChannel); + bool anon = false; nsLoadFlags loadFlags; rv = aChannel->GetLoadFlags(&loadFlags); @@ -130,21 +132,7 @@ GetLoadContextInfo(nsIChannel * aChannel) OriginAttributes oa; NS_GetOriginAttributes(aChannel, oa); - -#ifdef DEBUG - nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); - if (loadInfo) { - nsCOMPtr<nsIPrincipal> principal = loadInfo->LoadingPrincipal(); - if (principal) { - bool chrome; - principal->GetIsSystemPrincipal(&chrome); - if (!chrome) { - bool pb = NS_UsePrivateBrowsing(aChannel); - MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0)); - } - } - } -#endif + MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0)); return new LoadContextInfo(anon, oa); } diff --git a/toolkit/components/browser/nsWebBrowser.cpp b/toolkit/components/browser/nsWebBrowser.cpp index ff1e728243b4..40ac82210502 100644 --- a/toolkit/components/browser/nsWebBrowser.cpp +++ b/toolkit/components/browser/nsWebBrowser.cpp @@ -997,18 +997,6 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener) } NS_IMETHODIMP -nsWebBrowser::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP -nsWebBrowser::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP nsWebBrowser::SaveURI(nsIURI* aURI, nsISupports* aCacheKey, nsIURI* aReferrer, diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js index e213a0e4333e..48cf448798a5 100644 --- a/toolkit/content/contentAreaUtils.js +++ b/toolkit/content/contentAreaUtils.js @@ -62,14 +62,14 @@ function forbidCPOW(arg, func, argname) { // - A linked document using Alt-click Save Link As... // function saveURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, - aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate, - aContentPrincipal) { + aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate) { forbidCPOW(aURL, "saveURL", "aURL"); forbidCPOW(aReferrer, "saveURL", "aReferrer"); // Allow aSourceDocument to be a CPOW. + internalSave(aURL, null, aFileName, null, null, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, aSourceDocument, - aSkipPrompt, null, aIsContentWindowPrivate, aContentPrincipal); + aSkipPrompt, null, aIsContentWindowPrivate); } // Just like saveURL, but will get some info off the image before @@ -109,12 +109,10 @@ const nsISupportsCString = Ci.nsISupportsCString; * @param aIsContentWindowPrivate (bool) * Whether or not the containing window is in private browsing mode. * Does not need to be provided is aDoc is passed. - * @param aContentPrincipal [optional] - * The principal to be used for fetching and saving the target URL. */ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, aSkipPrompt, aReferrer, aDoc, aContentType, aContentDisp, - aIsContentWindowPrivate, aContentPrincipal) { + aIsContentWindowPrivate) { forbidCPOW(aURL, "saveImageURL", "aURL"); forbidCPOW(aReferrer, "saveImageURL", "aReferrer"); @@ -158,8 +156,7 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, internalSave(aURL, null, aFileName, aContentDisp, aContentType, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, - null, aSkipPrompt, null, aIsContentWindowPrivate, - aContentPrincipal); + null, aSkipPrompt, null, aIsContentWindowPrivate); } // This is like saveDocument, but takes any browser/frame-like element @@ -173,7 +170,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) { let stack = Components.stack.caller; persistable.startPersistence(aOuterWindowID, { onDocumentReady(document) { - saveDocument(document, aSkipPrompt, aBrowser.contentPrincipal); + saveDocument(document, aSkipPrompt); }, onError(status) { throw new Components.Exception("saveBrowser failed asynchronously in startPersistence", @@ -189,9 +186,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) { // case "save as" modes that serialize the document's DOM are // unavailable. This is a temporary measure for the "Save Frame As" // command (bug 1141337) and pre-e10s add-ons. -// -// aContentPrincipal is the principal for downloading and saving the document. -function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) { +function saveDocument(aDocument, aSkipPrompt) { if (!aDocument) throw "Must have a document when calling saveDocument"; @@ -246,7 +241,7 @@ function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) { internalSave(aDocument.documentURI, aDocument, null, contentDisposition, aDocument.contentType, false, null, null, aDocument.referrer ? makeURI(aDocument.referrer) : null, - aDocument, aSkipPrompt, cacheKey, undefined, aContentPrincipal); + aDocument, aSkipPrompt, cacheKey); } function DownloadListener(win, transfer) { @@ -355,13 +350,11 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text); * This parameter is provided when the aInitiatingDocument is not a * real document object. Stores whether aInitiatingDocument.defaultView * was private or not. - * @param aContentPrincipal [optional] - * The principal to be used for fetching and saving the target URL. */ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, aContentType, aShouldBypassCache, aFilePickerTitleKey, aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt, - aCacheKey, aIsContentWindowPrivate, aContentPrincipal) { + aCacheKey, aIsContentWindowPrivate) { forbidCPOW(aURL, "internalSave", "aURL"); forbidCPOW(aReferrer, "internalSave", "aReferrer"); forbidCPOW(aCacheKey, "internalSave", "aCacheKey"); @@ -430,7 +423,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, let nonCPOWDocument = aDocument && !Cu.isCrossProcessWrapper(aDocument); - let isPrivate = aIsContentWindowPrivate; if (isPrivate === undefined) { isPrivate = aInitiatingDocument instanceof Ci.nsIDOMDocument @@ -448,7 +440,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, sourcePostData: nonCPOWDocument ? getPostData(aDocument) : null, bypassCache: aShouldBypassCache, isPrivate, - loadingPrincipal: aContentPrincipal, }; // Start the actual save process @@ -485,15 +476,10 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, * If true, the document will always be refetched from the server * @param persistArgs.isPrivate * Indicates whether this is taking place in a private browsing context. - * @param persistArgs.loadingPrincipal - * The principal assigned to the document being saved. */ function internalPersist(persistArgs) { var persist = makeWebBrowserPersist(); - if (["http", "https", "ftp"].includes(persistArgs.sourceURI.scheme)) { - persist.loadingPrincipal = persistArgs.loadingPrincipal; - } // Calculate persist flags. const nsIWBP = Ci.nsIWebBrowserPersist; const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES |

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1473509 - store principal information with the URIs to avoid having to locate documents after the fact, r=mccr8
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 846b2530517793843a0006c41b15ff41b47a6f79 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Fri Jul 6 17:27:17 2018 +0100 Bug 1473509 - store principal information with the URIs to avoid having to locate documents after the fact, r=mccr8 The way we currently save resource URIs that we discovered by walking the document isn't guaranteed to be in-order with when we save the documents they came from. To deduce the correct principal to use to load these subresources, we need to store it with the resource in the map of URIs we work with. MozReview-Commit-ID: GNlNuS6TuVV --HG-- extra : rebase_source : 99982f91971423730aa8661cf66c2dd14e276780 --- dom/webbrowserpersist/nsWebBrowserPersist.cpp | 33 +++++++++++++-------------- dom/webbrowserpersist/nsWebBrowserPersist.h | 5 +++- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index 12e6c41c37d8..68cb08eac0c0 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -84,7 +84,6 @@ struct nsWebBrowserPersist::DocData nsCOMPtr<nsIURI> mBaseURI; nsCOMPtr<nsIWebBrowserPersistDocument> mDocument; nsCOMPtr<nsIURI> mFile; - nsCOMPtr<nsIPrincipal> mPrincipal; nsCString mCharset; }; @@ -101,6 +100,7 @@ struct nsWebBrowserPersist::URIData nsCOMPtr<nsIURI> mFile; nsCOMPtr<nsIURI> mDataPath; nsCOMPtr<nsIURI> mRelativeDocumentURI; + nsCOMPtr<nsIPrincipal> mTriggeringPrincipal; nsCString mRelativePathToData; nsCString mCharset; @@ -605,12 +605,6 @@ nsWebBrowserPersist::SerializeNextFile() } if (urisToPersist > 0) { - nsCOMPtr<nsIPrincipal> docPrincipal; - //XXXgijs I *think* this is already always true, but let's be sure. - MOZ_ASSERT(mDocList.Length() > 0, - "Should have the document for any walked URIs to persist!"); - nsresult rv = mDocList.ElementAt(0)->mDocument-> - GetPrincipal(getter_AddRefs(docPrincipal)); NS_ENSURE_SUCCESS_VOID(rv); // Persist each file in the uri map. The document(s) // will be saved after the last one of these is saved. @@ -642,7 +636,7 @@ nsWebBrowserPersist::SerializeNextFile() // The Referrer Policy doesn't matter here since the referrer is // nullptr. - rv = SaveURIInternal(uri, docPrincipal, nullptr, nullptr, + rv = SaveURIInternal(uri, data->mTriggeringPrincipal, nullptr, nullptr, mozilla::net::RP_Unset, nullptr, nullptr, fileAsURI, true, mIsPrivate); // If SaveURIInternal fails, then it will have called EndDownload, @@ -1749,7 +1743,7 @@ NS_IMETHODIMP nsWebBrowserPersist::OnWalk::VisitResource(nsIWebBrowserPersistDocument* aDoc, const nsACString& aURI) { - return mParent->StoreURI(nsAutoCString(aURI).get()); + return mParent->StoreURI(nsAutoCString(aURI).get(), aDoc); } NS_IMETHODIMP @@ -1760,14 +1754,14 @@ nsWebBrowserPersist::OnWalk::VisitDocument(nsIWebBrowserPersistDocument* aDoc, nsAutoCString uriSpec; nsresult rv = aSubDoc->GetDocumentURI(uriSpec); NS_ENSURE_SUCCESS(rv, rv); - rv = mParent->StoreURI(uriSpec.get(), false, &data); + rv = mParent->StoreURI(uriSpec.get(), aDoc, false, &data); NS_ENSURE_SUCCESS(rv, rv); if (!data) { // If the URI scheme isn't persistable, then don't persist. return NS_OK; } data->mIsSubFrame = true; - return mParent->SaveSubframeContent(aSubDoc, uriSpec, data); + return mParent->SaveSubframeContent(aSubDoc, aDoc, uriSpec, data); } @@ -2513,7 +2507,8 @@ nsWebBrowserPersist::CalcTotalProgress() nsresult nsWebBrowserPersist::StoreURI( - const char *aURI, bool aNeedsPersisting, URIData **aData) + const char *aURI, nsIWebBrowserPersistDocument *aDoc, + bool aNeedsPersisting, URIData **aData) { NS_ENSURE_ARG_POINTER(aURI); @@ -2524,12 +2519,13 @@ nsWebBrowserPersist::StoreURI( mCurrentBaseURI); NS_ENSURE_SUCCESS(rv, rv); - return StoreURI(uri, aNeedsPersisting, aData); + return StoreURI(uri, aDoc, aNeedsPersisting, aData); } nsresult nsWebBrowserPersist::StoreURI( - nsIURI *aURI, bool aNeedsPersisting, URIData **aData) + nsIURI *aURI, nsIWebBrowserPersistDocument *aDoc, + bool aNeedsPersisting, URIData **aData) { NS_ENSURE_ARG_POINTER(aURI); if (aData) @@ -2554,7 +2550,7 @@ nsWebBrowserPersist::StoreURI( } URIData *data = nullptr; - MakeAndStoreLocalFilenameInURIMap(aURI, aNeedsPersisting, &data); + MakeAndStoreLocalFilenameInURIMap(aURI, aDoc, aNeedsPersisting, &data); if (aData) { *aData = data; @@ -2661,6 +2657,7 @@ nsWebBrowserPersist::DocumentEncoderExists(const char *aContentType) nsresult nsWebBrowserPersist::SaveSubframeContent( nsIWebBrowserPersistDocument *aFrameContent, + nsIWebBrowserPersistDocument *aParentDocument, const nsCString& aURISpec, URIData *aData) { @@ -2738,7 +2735,7 @@ nsWebBrowserPersist::SaveSubframeContent( toWalk->mDataPath = frameDataURI; mWalkStack.AppendElement(mozilla::Move(toWalk)); } else { - rv = StoreURI(aURISpec.get()); + rv = StoreURI(aURISpec.get(), aParentDocument); } NS_ENSURE_SUCCESS(rv, rv); @@ -2772,7 +2769,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel) // we store the current location as the key (absolutized version of domnode's attribute's value) nsresult nsWebBrowserPersist::MakeAndStoreLocalFilenameInURIMap( - nsIURI *aURI, bool aNeedsPersisting, URIData **aData) + nsIURI *aURI, nsIWebBrowserPersistDocument *aDoc, bool aNeedsPersisting, URIData **aData) { NS_ENSURE_ARG_POINTER(aURI); @@ -2815,6 +2812,8 @@ nsWebBrowserPersist::MakeAndStoreLocalFilenameInURIMap( data->mRelativeDocumentURI = mTargetBaseURI; data->mCharset = mCurrentCharset; + aDoc->GetPrincipal(getter_AddRefs(data->mTriggeringPrincipal)); + if (aNeedsPersisting) mCurrentThingsToPersist++; diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h index b9a2e3da73b6..f2cc91ee336d 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.h +++ b/dom/webbrowserpersist/nsWebBrowserPersist.h @@ -94,7 +94,7 @@ private: static nsresult GetLocalFileFromURI(nsIURI *aURI, nsIFile **aLocalFile); static nsresult AppendPathToURI(nsIURI *aURI, const nsAString & aPath, nsCOMPtr<nsIURI>& aOutURI); nsresult MakeAndStoreLocalFilenameInURIMap( - nsIURI *aURI, bool aNeedsPersisting, URIData **aData); + nsIURI *aURI, nsIWebBrowserPersistDocument *aDoc, bool aNeedsPersisting, URIData **aData); nsresult MakeOutputStream( nsIURI *aFile, nsIOutputStream **aOutputStream); nsresult MakeOutputStreamFromFile( @@ -113,16 +113,19 @@ private: nsIURI *aURI, nsString &aFilename); nsresult StoreURI( const char *aURI, + nsIWebBrowserPersistDocument *aDoc, bool aNeedsPersisting = true, URIData **aData = nullptr); nsresult StoreURI( nsIURI *aURI, + nsIWebBrowserPersistDocument *aDoc, bool aNeedsPersisting = true, URIData **aData = nullptr); bool DocumentEncoderExists(const char *aContentType); nsresult SaveSubframeContent( nsIWebBrowserPersistDocument *aFrameContent, + nsIWebBrowserPersistDocument *aParentDocument, const nsCString& aURISpec, URIData *aData); nsresult SendErrorStatusChange(

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1487263 - set requesting principal for macOS drags, r=mstange
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 5cc364bf650ec604043b6394c6d2525789e61f3a Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Thu Aug 30 13:56:44 2018 +0000 Bug 1487263 - set requesting principal for macOS drags, r=mstange The requesting principal is now required for saving content through nsIWebBrowserPersist, and so drag sessions on macOS need to provide one, just like drag sessions on Windows already do (see bug 664717). Differential Revision: https://phabricator.services.mozilla.com/D4673 --HG-- extra : moz-landing-system : lando --- widget/cocoa/nsDragService.mm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/widget/cocoa/nsDragService.mm b/widget/cocoa/nsDragService.mm index 8ee0f3edabfc..47eacb5792a2 100644 --- a/widget/cocoa/nsDragService.mm +++ b/widget/cocoa/nsDragService.mm @@ -326,6 +326,9 @@ nsDragService::InvokeDragSessionImpl(nsIArray* aTransferableArray, return NS_ERROR_FAILURE; } + // Assign a principal: + currentTransferable->SetRequestingPrincipal(mSourceNode->NodePrincipal()); + // Transform the transferable to an NSDictionary NSDictionary* pasteboardOutputDict = nsClipboard::PasteboardDictFromTransferable(currentTransferable);

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1473507 - fix crash in nsILoadInfo::GetOriginAttributes when passing no principal to SavePrivacyAwareURI, r=mccr8
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 11aef302f781e229446fc73251e42efd70c19b38 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Thu Jul 5 23:50:45 2018 +0100 Bug 1473507 - fix crash in nsILoadInfo::GetOriginAttributes when passing no principal to SavePrivacyAwareURI, r=mccr8 Enforce that callers pass triggering principals through to any persist APIs, which all delegate to SaveURIInternal. Also add the missing principal information to the saveURL call in the page info dialog code, which was triggering crashes in this way. MozReview-Commit-ID: L9pNE7BxGws --HG-- extra : rebase_source : 957d765f965aa4f942532c693cae36addd8b781d --- browser/base/content/pageinfo/pageInfo.js | 2 +- dom/webbrowserpersist/nsWebBrowserPersist.cpp | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js index 405b9443342d..30344b989007 100644 --- a/browser/base/content/pageinfo/pageInfo.js +++ b/browser/base/content/pageinfo/pageInfo.js @@ -696,7 +696,7 @@ function saveMedia() { titleKey = "SaveAudioTitle"; saveURL(url, null, titleKey, false, false, makeURI(item.baseURI), - null, gDocInfo.isContentWindowPrivate); + null, gDocInfo.isContentWindowPrivate, gDocInfo.principal); } } else { selectSaveFolder(function(aDirectory) { diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index 68cb08eac0c0..97650a4b42a0 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -1341,6 +1341,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( { NS_ENSURE_ARG_POINTER(aURI); NS_ENSURE_ARG_POINTER(aFile); + NS_ENSURE_ARG_POINTER(aTriggeringPrincipal); nsresult rv = NS_OK;

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1504159 - add test to verify we can save a mixed content image from the context menu, r=jkt
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 77b26b69926f7bb93181320084ca8cb9958b3a95 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Fri Nov 9 10:59:52 2018 +0000 Bug 1504159 - add test to verify we can save a mixed content image from the context menu, r=jkt Depends on D11411 Differential Revision: https://phabricator.services.mozilla.com/D11412 --HG-- rename : browser/themes/windows/preferences/saveFile.png => dom/tests/browser/dummy.png extra : moz-landing-system : lando --- dom/tests/browser/browser.ini | 4 + .../browser/browser_persist_mixed_content_image.js | 102 +++++++++++++++++++++ dom/tests/browser/dummy.png | Bin 0 -> 703 bytes dom/tests/browser/test_mixed_content_image.html | 1 + 4 files changed, 107 insertions(+) diff --git a/dom/tests/browser/browser.ini b/dom/tests/browser/browser.ini index 11cf9ebf2346..24d4d5f4fc23 100644 --- a/dom/tests/browser/browser.ini +++ b/dom/tests/browser/browser.ini @@ -59,6 +59,10 @@ skip-if = !e10s # This is a test of e10s functionality. support-files = set-samesite-cookies-and-redirect.sjs mimeme.sjs +[browser_persist_mixed_content_image.js] +support-files = + test_mixed_content_image.html + dummy.png [browser_test_focus_after_modal_state.js] support-files = focus_after_prompt.html diff --git a/dom/tests/browser/browser_persist_mixed_content_image.js b/dom/tests/browser/browser_persist_mixed_content_image.js new file mode 100644 index 000000000000..f7af5f1790cb --- /dev/null +++ b/dom/tests/browser/browser_persist_mixed_content_image.js @@ -0,0 +1,102 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "https://example.org"); + +var MockFilePicker = SpecialPowers.MockFilePicker; +MockFilePicker.init(window); + +registerCleanupFunction(async function() { + info("Running the cleanup code"); + MockFilePicker.cleanup(); + if (gTestDir && gTestDir.exists()) { + // On Windows, sometimes nsIFile.remove() throws, probably because we're + // still writing to the directory we're trying to remove, despite + // waiting for the download to complete. Just retry a bit later... + let succeeded = false; + while (!succeeded) { + try { + gTestDir.remove(true); + succeeded = true; + } catch (ex) { + await new Promise(requestAnimationFrame); + } + } + } +}); + +let gTestDir = null; + +function createTemporarySaveDirectory() { + var saveDir = Services.dirsvc.get("TmpD", Ci.nsIFile); + saveDir.append("testsavedir"); + if (!saveDir.exists()) { + info("create testsavedir!"); + saveDir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o755); + } + info("return from createTempSaveDir: " + saveDir.path); + return saveDir; +} + + +add_task(async function test_image_download() { + await BrowserTestUtils.withNewTab(TEST_PATH + "test_mixed_content_image.html", async (browser) => { + // Add the image, and wait for it to load. + await ContentTask.spawn(browser, null, function() { + let loc = content.document.location.href; + let httpRoot = loc.replace("https", "http"); + let imgloc = new content.URL("dummy.png", httpRoot); + let img = content.document.createElement("img"); + img.src = imgloc; + return new Promise(resolve => { + img.onload = resolve; + content.document.body.appendChild(img); + }); + }); + gTestDir = createTemporarySaveDirectory(); + + let destFile = gTestDir.clone(); + + MockFilePicker.displayDirectory = gTestDir; + let fileName; + MockFilePicker.showCallback = function(fp) { + info("showCallback"); + fileName = fp.defaultString; + info("fileName: " + fileName); + destFile.append(fileName); + info("path: " + destFile.path); + MockFilePicker.setFiles([destFile]); + MockFilePicker.filterIndex = 0; // just save the file + info("done showCallback"); + }; + let downloadFinishedPromise = new Promise(async (resolve) => { + let dls = await Downloads.getList(Downloads.PUBLIC); + dls.addView({ + onDownloadChanged(download) { + info("Download changed!"); + if (download.succeeded || download.error) { + info("Download succeeded or errored"); + dls.removeView(this); + dls.removeFinished(); + resolve(download); + } + } + }); + }); + // open the context menu. + let popup = document.getElementById("contentAreaContextMenu"); + let popupShown = BrowserTestUtils.waitForEvent(popup, "popupshown"); + BrowserTestUtils.synthesizeMouseAtCenter("img", {type: "contextmenu", button: 2}, browser); + await popupShown; + let popupHidden = BrowserTestUtils.waitForEvent(popup, "popuphidden"); + popup.querySelector("#context-saveimage").click(); + popup.hidePopup(); + await popupHidden; + info("Context menu hidden, waiting for download to finish"); + let imageDownload = await downloadFinishedPromise; + ok(imageDownload.succeeded, "Image should have downloaded successfully"); + }); + +}); diff --git a/dom/tests/browser/dummy.png b/dom/tests/browser/dummy.png new file mode 100644 index 000000000000..a1089af09b9c Binary files /dev/null and b/dom/tests/browser/dummy.png differ diff --git a/dom/tests/browser/test_mixed_content_image.html b/dom/tests/browser/test_mixed_content_image.html new file mode 100644 index 000000000000..c8b7661f4221 --- /dev/null +++ b/dom/tests/browser/test_mixed_content_image.html @@ -0,0 +1 @@ +<body></body>

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1504159 - use TYPE_SAVEAS_DOWNLOAD for data saved through nsIWebBrowserPersist, r=jkt
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 23d8a9b2966155118ab88ff001771082694fcc40 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Fri Nov 9 10:53:40 2018 +0000 Bug 1504159 - use TYPE_SAVEAS_DOWNLOAD for data saved through nsIWebBrowserPersist, r=jkt Differential Revision: https://phabricator.services.mozilla.com/D11411 --HG-- extra : moz-landing-system : lando --- dom/webbrowserpersist/nsWebBrowserPersist.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index 97650a4b42a0..9466a1969855 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -1393,7 +1393,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( aURI, aTriggeringPrincipal, nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, - nsIContentPolicy::TYPE_OTHER, + nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, nullptr, // aPerformanceStorage nullptr, // aLoadGroup static_cast<nsIInterfaceRequestor*>(this),

1 0

[torbutton/master] Bug 21805: Add click-to-play button for WebGL
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 4306713f498584d85e9e7a3e2468d59126f9d3e0 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 13 07:50:53 2018 +0000 Bug 21805: Add click-to-play button for WebGL --- src/modules/noscript-control.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/noscript-control.js b/src/modules/noscript-control.js index 275f9dba..895889c8 100644 --- a/src/modules/noscript-control.js +++ b/src/modules/noscript-control.js @@ -17,7 +17,7 @@ let log = (level, msg) => logger.log(level, msg); // ## NoScript settings // Minimum and maximum capability states as controlled by NoScript. -const max_caps = ["fetch", "font", "frame", "media", "object", "other", "script", "webgl"]; +const max_caps = ["fetch", "font", "frame", "media", "object", "other", "script"]; const min_caps = ["frame", "other"]; // Untrusted capabilities for [Standard, Safer, Safest] safety levels. @@ -30,7 +30,7 @@ const untrusted_caps = [ // Default capabilities for [Standard, Safer, Safest] safety levels. const default_caps = [ max_caps, // standard: both http and https - ["fetch", "font", "frame", "object", "other", "script", "webgl"], // safer: https only + ["fetch", "font", "frame", "object", "other", "script"], // safer: https only min_caps, // safest: both http and https ];

1 0

[tor-browser-build/maint-8.0] Release preparations for 8.0.5
by gk＠torproject.org 23 Jan '19

23 Jan '19

commit 90fc41be122b0bd59dba5aa5003345e8f227cae5 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Jan 23 07:47:57 2019 +0000 Release preparations for 8.0.5 Changelog update versions bump --- projects/firefox-langpacks/config | 2 +- projects/firefox/config | 2 +- projects/https-everywhere/config | 2 +- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 15 +++++++++++++++ projects/tor/config | 2 +- projects/torbutton/config | 2 +- rbm.conf | 6 +++--- 7 files changed, 23 insertions(+), 8 deletions(-) diff --git a/projects/firefox-langpacks/config b/projects/firefox-langpacks/config index 04cd7dd..4e42939 100644 --- a/projects/firefox-langpacks/config +++ b/projects/firefox-langpacks/config @@ -4,7 +4,7 @@ filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/buil var: ff_version: '[% pc("firefox", "var/firefox_version") %]' - ff_build: build2 + ff_build: build1 ff_arch: linux-i686 input_filename: 'dl-langpack-[% c("var/ff_arch") %]-[% c("version") %]' diff --git a/projects/firefox/config b/projects/firefox/config index 831a5fb..238bc5c 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -7,7 +7,7 @@ git_url: https://git.torproject.org/tor-browser.git gpg_keyring: torbutton.gpg var: - firefox_platform_version: 60.4.0 + firefox_platform_version: 60.5.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' torbrowser_branch: 8.0 torbrowser_update_channel: alpha diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config index bcd47f2..eeef02c 100644 --- a/projects/https-everywhere/config +++ b/projects/https-everywhere/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 2018.10.31 +version: 2019.1.7 git_url: https://git.torproject.org/https-everywhere.git git_hash: '[% c("version") %]' git_submodule: 1 diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 156b812..cc51f85 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,18 @@ +Tor Browser 8.0.5 -- January 29 2019 + * All platforms + * Update Firefox to 60.5.0esr + * Update Tor to 0.3.5.7 + * Update Torbutton to 2.0.10 + * Bug 29035: Clean up our donation campaign and add newsletter sign-up link + * Bug 27175: Add pref to allow users to persist custom noscript settings + * Update HTTPS Everywhere to 2019.1.7 + * Update NoScript to 10.2.1 + * Bug 28873: Cascading of permissions is broken + * Bug 28720: Some videos are blocked outright on higher security levels + * Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading + * Bug 28740: Adapt Windows navigator.platform value on 64-bit systems + * Bug 28695: Set default security.pki.name_matching_mode to enforce (3) + Tor Browser 8.0.4 -- December 11 2018 * All platforms * Update Firefox to 60.4.0esr diff --git a/projects/tor/config b/projects/tor/config index 5dd5206..f5e2515 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -version: 0.3.4.9 +version: 0.3.5.7 git_hash: 'tor-[% c("version") %]' git_url: https://git.torproject.org/tor.git git_submodule: 1 diff --git a/projects/torbutton/config b/projects/torbutton/config index 168584a..c262950 100644 --- a/projects/torbutton/config +++ b/projects/torbutton/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 2.0.9 +version: 2.0.10 git_url: https://git.torproject.org/torbutton.git git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg diff --git a/rbm.conf b/rbm.conf index 1df185a..4f06501 100644 --- a/rbm.conf +++ b/rbm.conf @@ -15,10 +15,10 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '8.0.4' - torbrowser_build: 'build2' + torbrowser_version: '8.0.5' + torbrowser_build: 'build1' torbrowser_incremental_from: - - 8.0.3 + - 8.0.4 project_name: tor-browser multi_lingual: 0 build_mar: 1

1 0