commit 9c9809f628c810e53f428ec565aa8d515908a2b7 Author: Georg Koppen gk@torproject.org Date: Mon Jan 21 11:28:54 2019 +0000
Revert "Bug 22343: Make 'Save Page As' obey first-party isolation"
This reverts commit 3fe87eec8bc9555ed4d1a59e1a26bc6c6df93f38. --- browser/base/content/browser.js | 2 +- browser/base/content/nsContextMenu.js | 39 ++++++++------------------ browser/base/content/pageinfo/pageInfo.js | 5 ++-- browser/base/content/utilityOverlay.js | 6 ++-- dom/webbrowserpersist/nsIWebBrowserPersist.idl | 9 +----- dom/webbrowserpersist/nsWebBrowserPersist.cpp | 18 ++---------- dom/webbrowserpersist/nsWebBrowserPersist.h | 2 -- mobile/android/chrome/content/browser.js | 6 ++-- netwerk/base/LoadContextInfo.cpp | 18 ++---------- toolkit/components/browser/nsWebBrowser.cpp | 12 -------- toolkit/content/contentAreaUtils.js | 32 ++++++--------------- 11 files changed, 34 insertions(+), 115 deletions(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 5eed34e08086..0fc6a72daf66 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -6175,7 +6175,7 @@ function handleLinkClick(event, href, linkNode) {
if (where == "save") { saveURL(href, linkNode ? gatherTextUnder(linkNode) : "", null, true, - true, doc.documentURIObject, doc, undefined, doc.nodePrincipal); + true, doc.documentURIObject, doc); event.preventDefault(); return true; } diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js index 37ebde22ea07..368d0475ac34 100644 --- a/browser/base/content/nsContextMenu.js +++ b/browser/base/content/nsContextMenu.js @@ -989,11 +989,9 @@ nsContextMenu.prototype = { let onMessage = (message) => { mm.removeMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); let dataURL = message.data.dataURL; - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(dataURL), this.principal.originAttributes); saveImageURL(dataURL, name, "SaveImageTitle", true, false, document.documentURIObject, null, null, null, - isPrivate, principal); + isPrivate); }; mm.addMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage); }, @@ -1065,7 +1063,7 @@ nsContextMenu.prototype = { // Helper function to wait for appropriate MIME-type headers and // then prompt the user with a file picker saveHelper(linkURL, linkText, dialogTitle, bypassCache, doc, docURI, - windowID, linkDownload, isContentWindowPrivate, contentPrincipal) { + windowID, linkDownload, isContentWindowPrivate) { // canonical def in nsURILoader.h const NS_ERROR_SAVE_LINK_AS_TIMEOUT = 0x805d0020;
@@ -1118,7 +1116,7 @@ nsContextMenu.prototype = { // do it the old fashioned way, which will pick the best filename // it can without waiting. saveURL(linkURL, linkText, dialogTitle, bypassCache, false, docURI, - doc, isContentWindowPrivate, contentPrincipal); + doc, isContentWindowPrivate); } if (this.extListener) this.extListener.onStopRequest(aRequest, aContext, aStatusCode); @@ -1158,13 +1156,10 @@ nsContextMenu.prototype = { } };
- const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(linkURL), this.principal.originAttributes); - // setting up a new channel for 'right click - save link as ...' var channel = NetUtil.newChannel({ uri: makeURI(linkURL), - loadingPrincipal: principal, + loadingPrincipal: this.principal, contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD, securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS, }); @@ -1206,17 +1201,14 @@ nsContextMenu.prototype = {
// Save URL of clicked-on link. saveLink() { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.linkURL), this.principal.originAttributes); - urlSecurityCheck(this.linkURL, principal); + urlSecurityCheck(this.linkURL, this.principal);
let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined; this.saveHelper(this.linkURL, this.linkTextStr, null, true, this.ownerDoc, gContextMenuContentData.documentURIObject, this.frameOuterWindowID, this.linkDownload, - isContentWindowPrivate, - principal); + isContentWindowPrivate); },
// Backwards-compatibility wrapper @@ -1231,32 +1223,23 @@ nsContextMenu.prototype = { let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined; let referrerURI = gContextMenuContentData.documentURIObject; let isPrivate = PrivateBrowsingUtils.isBrowserPrivate(this.browser); - let thisPrincipal = this.principal; if (this.onCanvas) { // Bypass cache, since it's a data: URL. this._canvasToBlobURL(this.target).then(function(blobURL) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(blobURL), thisPrincipal.originAttributes); saveImageURL(blobURL, "canvas.png", "SaveImageTitle", true, false, referrerURI, null, null, null, - isPrivate, principal); + isPrivate); }, Cu.reportError); } else if (this.onImage) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.mediaURL), thisPrincipal.originAttributes); - urlSecurityCheck(this.mediaURL, principal); + urlSecurityCheck(this.mediaURL, this.principal); saveImageURL(this.mediaURL, null, "SaveImageTitle", false, false, referrerURI, null, gContextMenuContentData.contentType, - gContextMenuContentData.contentDisposition, isPrivate, - principal); + gContextMenuContentData.contentDisposition, isPrivate); } else if (this.onVideo || this.onAudio) { - const principal = Services.scriptSecurityManager.createCodebasePrincipal( - makeURI(this.mediaURL), thisPrincipal.originAttributes); - urlSecurityCheck(this.mediaURL, principal); + urlSecurityCheck(this.mediaURL, this.principal); var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle"; this.saveHelper(this.mediaURL, null, dialogTitle, false, doc, referrerURI, - this.frameOuterWindowID, "", isContentWindowPrivate, - principal); + this.frameOuterWindowID, "", isContentWindowPrivate); } },
diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js index efe24f7487d9..86f548c74494 100644 --- a/browser/base/content/pageinfo/pageInfo.js +++ b/browser/base/content/pageinfo/pageInfo.js @@ -696,7 +696,7 @@ function saveMedia() { titleKey = "SaveAudioTitle";
saveURL(url, null, titleKey, false, false, makeURI(item.baseURI), - null, gDocInfo.isContentWindowPrivate, gDocInfo.principal); + null, gDocInfo.isContentWindowPrivate); } } else { selectSaveFolder(function(aDirectory) { @@ -704,8 +704,7 @@ function saveMedia() { var saveAnImage = function(aURIString, aChosenData, aBaseURI) { uniqueFile(aChosenData.file); internalSave(aURIString, null, null, null, null, false, "SaveImageTitle", - aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate, - gDocInfo.principal); + aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate); };
for (var i = 0; i < rowArray.length; i++) { diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js index 4cd7d91e4e9a..b73a01a0b0f3 100644 --- a/browser/base/content/utilityOverlay.js +++ b/browser/base/content/utilityOverlay.js @@ -258,16 +258,14 @@ function openLinkIn(url, where, params) {
// ContentClick.jsm passes isContentWindowPrivate for saveURL instead of passing a CPOW initiatingDoc if ("isContentWindowPrivate" in params) { - saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, - null, params.isContentWindowPrivate, - aPrincipal || aTriggeringPrincipal); + saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, null, params.isContentWindowPrivate); } else { if (!aInitiatingDoc) { Cu.reportError("openUILink/openLinkIn was called with " + "where == 'save' but without initiatingDoc. See bug 814264."); return; } - saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc, params.isContentWindowPrivate, aPrincipal || aTriggeringPrincipal); + saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc); } return; } diff --git a/dom/webbrowserpersist/nsIWebBrowserPersist.idl b/dom/webbrowserpersist/nsIWebBrowserPersist.idl index 62ac1c1cd7bd..8de84f5e2904 100644 --- a/dom/webbrowserpersist/nsIWebBrowserPersist.idl +++ b/dom/webbrowserpersist/nsIWebBrowserPersist.idl @@ -13,12 +13,11 @@ interface nsIWebProgressListener; interface nsIFile; interface nsIChannel; interface nsILoadContext; -interface nsIPrincipal;
/** * Interface for persisting DOM documents and URIs to local or remote storage. */ -[scriptable, uuid(ccdbc750-be09-4f11-bb01-4e0a4db76c41)] +[scriptable, uuid(8cd752a4-60b1-42c3-a819-65c7a1138a28)] interface nsIWebBrowserPersist : nsICancelable { /** No special persistence behaviour. */ @@ -113,12 +112,6 @@ interface nsIWebBrowserPersist : nsICancelable attribute nsIWebProgressListener progressListener;
/** - * This attribute can be used to set the loading principal - * of the document or URI to be persisted. - */ - attribute nsIPrincipal loadingPrincipal; - - /** * Save the specified URI to file. * * @param aURI URI to save to file. Some implementations of this interface diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp index 4f49b63475f3..fd6d9d0d9315 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp @@ -277,7 +277,6 @@ const char *kWebBrowserPersistStringBundle = nsWebBrowserPersist::nsWebBrowserPersist() : mCurrentDataPathIsRelative(false), mCurrentThingsToPersist(0), - mLoadingPrincipal(nsContentUtils::GetSystemPrincipal()), mFirstAndOnlyUse(true), mSavingDocument(false), mCancel(false), @@ -414,19 +413,6 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener( return NS_OK; }
-NS_IMETHODIMP nsWebBrowserPersist::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal) -{ - *loadingPrincipal = mLoadingPrincipal; - return NS_OK; -} - -NS_IMETHODIMP nsWebBrowserPersist::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal) -{ - mLoadingPrincipal = loadingPrincipal ? loadingPrincipal : - nsContentUtils::GetSystemPrincipal(); - return NS_OK; -} - NS_IMETHODIMP nsWebBrowserPersist::SaveURI( nsIURI *aURI, nsISupports *aCacheKey, nsIURI *aReferrer, uint32_t aReferrerPolicy, @@ -1399,7 +1385,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( nsCOMPtr<nsIChannel> inputChannel; rv = NS_NewChannel(getter_AddRefs(inputChannel), aURI, - mLoadingPrincipal, + nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER, nullptr, // aPerformanceStorage @@ -2770,7 +2756,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel)
rv = NS_NewChannel(aChannel, aURI, - mLoadingPrincipal, + nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER); NS_ENSURE_SUCCESS(rv, rv); diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h index f95300be12cb..17b570d783e7 100644 --- a/dom/webbrowserpersist/nsWebBrowserPersist.h +++ b/dom/webbrowserpersist/nsWebBrowserPersist.h @@ -147,8 +147,6 @@ private: nsCOMPtr<nsIMIMEService> mMIMEService; nsCOMPtr<nsIURI> mURI; nsCOMPtr<nsIWebProgressListener> mProgressListener; - nsCOMPtr<nsIPrincipal> mLoadingPrincipal; - /** * Progress listener for 64-bit values; this is the same object as * mProgressListener, but is a member to avoid having to qi it for each diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js index 3e074009fad9..c3430f5b5a4c 100644 --- a/mobile/android/chrome/content/browser.js +++ b/mobile/android/chrome/content/browser.js @@ -886,10 +886,10 @@ var BrowserApp = { if (!permissionGranted) { return; } - let doc = aTarget.ownerDocument; + ContentAreaUtils.saveImageURL(aTarget.currentRequestFinalURI.spec, null, "SaveImageTitle", - false, true, doc.documentURIObject, - null, null, null, doc.isPrivate, doc.nodePrincipal); + false, true, aTarget.ownerDocument.documentURIObject, + aTarget.ownerDocument); }); });
diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp index 1218345b63ed..79f870e8d20d 100644 --- a/netwerk/base/LoadContextInfo.cpp +++ b/netwerk/base/LoadContextInfo.cpp @@ -121,6 +121,8 @@ GetLoadContextInfo(nsIChannel * aChannel) { nsresult rv;
+ DebugOnly<bool> pb = NS_UsePrivateBrowsing(aChannel); + bool anon = false; nsLoadFlags loadFlags; rv = aChannel->GetLoadFlags(&loadFlags); @@ -130,21 +132,7 @@ GetLoadContextInfo(nsIChannel * aChannel)
OriginAttributes oa; NS_GetOriginAttributes(aChannel, oa); - -#ifdef DEBUG - nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); - if (loadInfo) { - nsCOMPtr<nsIPrincipal> principal = loadInfo->LoadingPrincipal(); - if (principal) { - bool chrome; - principal->GetIsSystemPrincipal(&chrome); - if (!chrome) { - bool pb = NS_UsePrivateBrowsing(aChannel); - MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0)); - } - } - } -#endif + MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
return new LoadContextInfo(anon, oa); } diff --git a/toolkit/components/browser/nsWebBrowser.cpp b/toolkit/components/browser/nsWebBrowser.cpp index ff1e728243b4..40ac82210502 100644 --- a/toolkit/components/browser/nsWebBrowser.cpp +++ b/toolkit/components/browser/nsWebBrowser.cpp @@ -997,18 +997,6 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener) }
NS_IMETHODIMP -nsWebBrowser::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP -nsWebBrowser::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP nsWebBrowser::SaveURI(nsIURI* aURI, nsISupports* aCacheKey, nsIURI* aReferrer, diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js index e213a0e4333e..48cf448798a5 100644 --- a/toolkit/content/contentAreaUtils.js +++ b/toolkit/content/contentAreaUtils.js @@ -62,14 +62,14 @@ function forbidCPOW(arg, func, argname) { // - A linked document using Alt-click Save Link As... // function saveURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, - aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate, - aContentPrincipal) { + aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate) { forbidCPOW(aURL, "saveURL", "aURL"); forbidCPOW(aReferrer, "saveURL", "aReferrer"); // Allow aSourceDocument to be a CPOW. + internalSave(aURL, null, aFileName, null, null, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, aSourceDocument, - aSkipPrompt, null, aIsContentWindowPrivate, aContentPrincipal); + aSkipPrompt, null, aIsContentWindowPrivate); }
// Just like saveURL, but will get some info off the image before @@ -109,12 +109,10 @@ const nsISupportsCString = Ci.nsISupportsCString; * @param aIsContentWindowPrivate (bool) * Whether or not the containing window is in private browsing mode. * Does not need to be provided is aDoc is passed. - * @param aContentPrincipal [optional] - * The principal to be used for fetching and saving the target URL. */ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache, aSkipPrompt, aReferrer, aDoc, aContentType, aContentDisp, - aIsContentWindowPrivate, aContentPrincipal) { + aIsContentWindowPrivate) { forbidCPOW(aURL, "saveImageURL", "aURL"); forbidCPOW(aReferrer, "saveImageURL", "aReferrer");
@@ -158,8 +156,7 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
internalSave(aURL, null, aFileName, aContentDisp, aContentType, aShouldBypassCache, aFilePickerTitleKey, null, aReferrer, - null, aSkipPrompt, null, aIsContentWindowPrivate, - aContentPrincipal); + null, aSkipPrompt, null, aIsContentWindowPrivate); }
// This is like saveDocument, but takes any browser/frame-like element @@ -173,7 +170,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) { let stack = Components.stack.caller; persistable.startPersistence(aOuterWindowID, { onDocumentReady(document) { - saveDocument(document, aSkipPrompt, aBrowser.contentPrincipal); + saveDocument(document, aSkipPrompt); }, onError(status) { throw new Components.Exception("saveBrowser failed asynchronously in startPersistence", @@ -189,9 +186,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) { // case "save as" modes that serialize the document's DOM are // unavailable. This is a temporary measure for the "Save Frame As" // command (bug 1141337) and pre-e10s add-ons. -// -// aContentPrincipal is the principal for downloading and saving the document. -function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) { +function saveDocument(aDocument, aSkipPrompt) { if (!aDocument) throw "Must have a document when calling saveDocument";
@@ -246,7 +241,7 @@ function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) { internalSave(aDocument.documentURI, aDocument, null, contentDisposition, aDocument.contentType, false, null, null, aDocument.referrer ? makeURI(aDocument.referrer) : null, - aDocument, aSkipPrompt, cacheKey, undefined, aContentPrincipal); + aDocument, aSkipPrompt, cacheKey); }
function DownloadListener(win, transfer) { @@ -355,13 +350,11 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text); * This parameter is provided when the aInitiatingDocument is not a * real document object. Stores whether aInitiatingDocument.defaultView * was private or not. - * @param aContentPrincipal [optional] - * The principal to be used for fetching and saving the target URL. */ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, aContentType, aShouldBypassCache, aFilePickerTitleKey, aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt, - aCacheKey, aIsContentWindowPrivate, aContentPrincipal) { + aCacheKey, aIsContentWindowPrivate) { forbidCPOW(aURL, "internalSave", "aURL"); forbidCPOW(aReferrer, "internalSave", "aReferrer"); forbidCPOW(aCacheKey, "internalSave", "aCacheKey"); @@ -430,7 +423,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, let nonCPOWDocument = aDocument && !Cu.isCrossProcessWrapper(aDocument);
- let isPrivate = aIsContentWindowPrivate; if (isPrivate === undefined) { isPrivate = aInitiatingDocument instanceof Ci.nsIDOMDocument @@ -448,7 +440,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, sourcePostData: nonCPOWDocument ? getPostData(aDocument) : null, bypassCache: aShouldBypassCache, isPrivate, - loadingPrincipal: aContentPrincipal, };
// Start the actual save process @@ -485,15 +476,10 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition, * If true, the document will always be refetched from the server * @param persistArgs.isPrivate * Indicates whether this is taking place in a private browsing context. - * @param persistArgs.loadingPrincipal - * The principal assigned to the document being saved. */ function internalPersist(persistArgs) { var persist = makeWebBrowserPersist();
- if (["http", "https", "ftp"].includes(persistArgs.sourceURI.scheme)) { - persist.loadingPrincipal = persistArgs.loadingPrincipal; - } // Calculate persist flags. const nsIWBP = Ci.nsIWebBrowserPersist; const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES |