ma1 pushed to branch tor-browser-115.30.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
-
7a746281
by Simon Friedberger at 2025-11-10T18:31:53+01:00
1 changed file:
Changes:
| ... | ... | @@ -232,6 +232,8 @@ bool IsSameSite(nsIChannel* aHTTPChannel) { |
| 232 | 232 | |
| 233 | 233 | // Helper function to determine whether a request was triggered
|
| 234 | 234 | // by the end user in the context of SecFetch.
|
| 235 | +// The more secure/closed state to return for this function is "false".
|
|
| 236 | +// A user triggered action is less restricted because it is not cross-origin.
|
|
| 235 | 237 | bool IsUserTriggeredForSecFetchSite(nsIHttpChannel* aHTTPChannel) {
|
| 236 | 238 | /*
|
| 237 | 239 | * The goal is to distinguish between "webby" navigations that are controlled
|
| ... | ... | @@ -243,8 +245,7 @@ bool IsUserTriggeredForSecFetchSite(nsIHttpChannel* aHTTPChannel) { |
| 243 | 245 | ExtContentPolicyType contentType = loadInfo->GetExternalContentPolicyType();
|
| 244 | 246 | |
| 245 | 247 | // A request issued by the browser is always user initiated.
|
| 246 | - if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
|
|
| 247 | - contentType == ExtContentPolicy::TYPE_OTHER) {
|
|
| 248 | + if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
|
|
| 248 | 249 | return true;
|
| 249 | 250 | }
|
| 250 | 251 | |
| ... | ... | @@ -279,12 +280,12 @@ bool IsUserTriggeredForSecFetchSite(nsIHttpChannel* aHTTPChannel) { |
| 279 | 280 | if (referrerInfo) {
|
| 280 | 281 | nsCOMPtr<nsIURI> originalReferrer;
|
| 281 | 282 | referrerInfo->GetOriginalReferrer(getter_AddRefs(originalReferrer));
|
| 282 | - if (originalReferrer) {
|
|
| 283 | - return false;
|
|
| 283 | + if (!originalReferrer) {
|
|
| 284 | + return true;
|
|
| 284 | 285 | }
|
| 285 | 286 | }
|
| 286 | 287 | |
| 287 | - return true;
|
|
| 288 | + return false;
|
|
| 288 | 289 | }
|
| 289 | 290 | |
| 290 | 291 | void mozilla::dom::SecFetch::AddSecFetchDest(nsIHttpChannel* aHTTPChannel) {
|