GitLab

at 2025-10-08T21:50:39+02:00

fixup! BB 19741: Fix FPI with OpenSearch.

This reverts commit 55015024a190faf1b69c4b7962ae9c6d5a4fed9c.

This reverts commit 771d640c9a037885731802bf868addd68fd678a1.

Bug 1987600 - Add origin attributes to OpenSearch. r=search-reviewers,Standard8

Differential Revision: https://phabricator.services.mozilla.com/D265878

Bug 1989986 - enable mlkem768x25519 in beta and release on Android. r=nkulatova

Differential Revision: https://phabricator.services.mozilla.com/D265640

fixup! BB 43664: Automatically check the PBM checkbox when in always-on PBM.

This reverts commit 513f129ea336d1e0bd513eb2c1f7d6b029f0dd47.

Bug 1987183 - Automatically check the addon PBM checkbox when in always-on PBM. r=robwu

Differential Revision: https://phabricator.services.mozilla.com/D263934

   ExtensionPermissions: "resource://gre/modules/ExtensionPermissions.sys.mjs",

   OriginControls: "resource://gre/modules/ExtensionPermissions.sys.mjs",

   PERMISSION_L10N: "resource://gre/modules/ExtensionPermissionMessages.sys.mjs",

-  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs",

   SITEPERMS_ADDON_TYPE:

     "resource://gre/modules/addons/siteperms-addon-utils.sys.mjs",

 });

         this.notification.options.customElementOptions;

       let checkboxEl = this.ownerDocument.createElement("moz-checkbox");

-      checkboxEl.checked =

-        grantPrivateBrowsingAllowed ||

-        lazy.PrivateBrowsingUtils.permanentPrivateBrowsing;

+      checkboxEl.checked = grantPrivateBrowsingAllowed;

       checkboxEl.addEventListener("change", () => {

         // NOTE: the popupnotification instances will be reused

         // and so the callback function is destructured here to

 prefs = ["browser.privatebrowsing.autostart=true"]

 support-files = ["head.js"]

+["browser_always_on_pbm_prompt.js"]

+

 ["browser_ext_tabs_cookieStoreId_private.js"]

 ["browser_ext_tabs_newtab_private.js"]
+/* Any copyright is dedicated to the Public Domain.

+   http://creativecommons.org/publicdomain/zero/1.0/ */

+

+"use strict";

+

+const { AddonTestUtils } = ChromeUtils.importESModule(

+  "resource://testing-common/AddonTestUtils.sys.mjs"

+);

+

+AddonTestUtils.initMochitest(this);

+

+const addonId = "test@pbm-checkbox";

+let xpi;

+

+async function testCheckbox(allowPbm, expectedCheckboxValue) {

+  const readyPromise = AddonTestUtils.promiseWebExtensionStartup(addonId);

+

+  window.gURLBar.value = xpi.path;

+  window.gURLBar.focus();

+  EventUtils.synthesizeKey("KEY_Enter", {}, window);

+

+  const panel = await promisePopupNotificationShown("addon-webext-permissions");

+  const checkbox = panel.querySelector(

+    "li.webext-perm-privatebrowsing > moz-checkbox"

+  );

+  ok(checkbox, "We found the PBM checkbox");

+

+  is(

+    checkbox.checked,

+    expectedCheckboxValue,

+    `We expected the PBM checkbox ${expectedCheckboxValue ? "" : "not "}to be checked for this test case.`

+  );

+

+  if (checkbox.checked != allowPbm) {

+    let { promise, resolve } = Promise.withResolvers();

+    checkbox.addEventListener("change", resolve, { once: true });

+    checkbox.click();

+    await promise;

+  }

+

+  is(checkbox.checked, allowPbm, "The checkbox matches allowPbm.");

+

+  // Accept the installation

+  panel.button.click();

+

+  await readyPromise;

+

+  let policy = WebExtensionPolicy.getByID(addonId);

+  is(

+    policy.privateBrowsingAllowed,

+    allowPbm,

+    `Private browsing permission has ${allowPbm ? "" : "not "}been granted`

+  );

+}

+

+async function uninstall() {

+  const addon = await AddonManager.getAddonByID(addonId);

+  await addon.uninstall();

+}

+

+add_task(async function () {

+  is(

+    PrivateBrowsingUtils.permanentPrivateBrowsing,

+    true,

+    "We are in permanent PBM for this test"

+  );

+

+  xpi = AddonTestUtils.createTempWebExtensionFile({

+    manifest: {

+      browser_specific_settings: { gecko: { id: addonId } },

+    },

+  });

+

+  await BrowserTestUtils.withNewTab({ gBrowser: window.gBrowser }, async () => {

+    // First run: install the addon for the first time. We do not let it run in

+    // PBM.

+    await testCheckbox(false, true);

+    // Second run: reinstall the already installed addon, to check the

+    // permission denial prevails on being in always-on PBM.

+    await testCheckbox(false, false);

+  });

+

+  await uninstall();

+

+  await BrowserTestUtils.withNewTab({ gBrowser: window.gBrowser }, async () => {

+    // Third run: install the addon for the first time, and let it run also in

+    // PBM.

+    await testCheckbox(true, true);

+    // Fourth run: reinstall the already installed addon, to check permission

+    // approval is persisted.

+    await testCheckbox(true, true);

+  });

+

+  await uninstall();

+});
       await Services.search.addOpenSearchEngine(

         locationURL,

         image,

-        browsingContext?.originAttributes

+        browsingContext?.embedderElement?.contentPrincipal?.originAttributes

       );

     } catch (ex) {

       let titleMsgName;

   AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.sys.mjs",

   ExtensionData: "resource://gre/modules/Extension.sys.mjs",

   ExtensionPermissions: "resource://gre/modules/ExtensionPermissions.sys.mjs",

+  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs",

   OriginControls: "resource://gre/modules/ExtensionPermissions.sys.mjs",

   QuarantinedDomains: "resource://gre/modules/ExtensionPermissions.sys.mjs",

 });

       !!strings.dataCollectionPermissions?.collectsTechnicalAndInteractionData;

     const incognitoPermissionName = "internal:privateBrowsingAllowed";

-    let grantPrivateBrowsingAllowed = false;

+    let grantPrivateBrowsingAllowed =

+      lazy.PrivateBrowsingUtils.permanentPrivateBrowsing;

     if (showIncognitoCheckbox) {

       let { permissions } = await lazy.ExtensionPermissions.get(addon.id);

       grantPrivateBrowsingAllowed = permissions.includes(

 # Has no effect unless security.tls.enable_kyber is true.

 - name: network.http.http3.enable_kyber

   type: RelaxedAtomicBool

-#ifdef ANDROID

-  value: @IS_NIGHTLY_BUILD@

-#else

   value: true

-#endif

   mirror: always

   rust: true

 - name: security.tls.enable_kyber

   type: RelaxedAtomicBool

-#ifdef ANDROID

-  value: @IS_NIGHTLY_BUILD@

-#else

   value: true

-#endif

   mirror: always

   rust: true

  * @param {string} [lastModified]

  *   The UTC date when the engine was last updated, if any.

  * @param {object} [originAttributes]

- *   The first party domain of the site loading that manifest. The domain of the

- *   manifest will be used if not provided.

+ *   The origin attributes of the site loading the manifest. If none are

+ *   specified, the origin attributes will be formed of the first party domain

+ *   based on the domain of the manifest.

  * @returns {Promise<OpenSearchProperties>}

  *   The properties of the loaded OpenSearch engine.

  */

     sourceURI,

     // OpenSearchEngine is loading a definition file for a search engine,

     // TYPE_DOCUMENT captures that load best.

-    Ci.nsIContentPolicy.TYPE_DOCUMENT

+    Ci.nsIContentPolicy.TYPE_DOCUMENT,

+    originAttributes

   );

   // we collect https telemetry for all top-level (document) loads.

     ? Ci.nsILoadInfo.ALREADY_HTTPS

     : Ci.nsILoadInfo.NO_UPGRADE;

-  if (!originAttributes) {

-    originAttributes = {};

-    try {

-      originAttributes.firstPartyDomain =

-        Services.eTLD.getSchemelessSite(sourceURI);

-    } catch (ex) {

-      console.error("Failed to get first party domain for the manifest", ex);

-    }

-  }

-  chan.loadInfo.originAttributes = originAttributes;

-

   if (lastModified && chan instanceof Ci.nsIHttpChannel) {

     chan.setRequestHeader("If-Modified-Since", lastModified, false);

   }

    *   The URL string from which to create an nsIChannel.

    * @param {nsContentPolicyType} contentPolicyType

    *   The type of document being loaded.

+   * @param {object} [originAttributes]

+   *   The origin attributes to associate to this channel.

    * @returns {nsIChannel}

    *   an nsIChannel object, or null if the url is invalid.

    */

-  makeChannel(url, contentPolicyType) {

+  makeChannel(url, contentPolicyType, originAttributes = null) {

     if (!contentPolicyType) {

       throw new Error("makeChannel called with invalid content policy type");

     }

     try {

       let uri = typeof url == "string" ? Services.io.newURI(url) : url;

-      let principal =

-        uri.scheme == "moz-extension"

-          ? Services.scriptSecurityManager.createContentPrincipal(uri, {})

-          : Services.scriptSecurityManager.createNullPrincipal({});

+      let principal;

+      if (uri.scheme == "moz-extension") {

+        principal = Services.scriptSecurityManager.createContentPrincipal(

+          uri,

+          {}

+        );

+      } else {

+        if (!originAttributes) {

+          originAttributes = {};

+          try {

+            originAttributes.firstPartyDomain =

+              Services.eTLD.getSchemelessSite(uri);

+          } catch {}

+        }

+        principal =

+          Services.scriptSecurityManager.createNullPrincipal(originAttributes);

+      }

       return Services.io.newChannelFromURI(

         uri,

   readonly hasSuccessfullyInitialized: boolean;

   runBackgroundChecks(): Promise<any>;

   resetToAppDefaultEngine(): void;

-  addOpenSearchEngine(engineURL: string, iconURL: string): Promise<any>;

+  addOpenSearchEngine(engineURL: string, iconURL: string, originAttributes?: any): Promise<any>;

   addUserEngine(formInfo: any): Promise<any>;

   addEnginesFromExtension(extension: any): Promise<any>;

   restoreDefaultEngines(): void;

Pier Angelo Vendrame pushed to branch mullvad-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser

Commits:

9 changed files:

Changes: