Pier Angelo Vendrame pushed to branch mullvad-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 22bbf08b by Pier Angelo Vendrame at 2025-10-08T21:50:39+02:00 fixup! BB 19741: Fix FPI with OpenSearch. This reverts commit 55015024a190faf1b69c4b7962ae9c6d5a4fed9c. This reverts commit 771d640c9a037885731802bf868addd68fd678a1. - - - - - 6aa07685 by Pier Angelo Vendrame at 2025-10-08T21:50:41+02:00 Bug 1987600 - Add origin attributes to OpenSearch. r=search-reviewers,Standard8 Differential Revision: https://phabricator.services.mozilla.com/D265878 - - - - - c381b8e6 by John M. Schanck at 2025-10-08T21:50:41+02:00 Bug 1989986 - enable mlkem768x25519 in beta and release on Android. r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D265640 - - - - - ccff7add by Pier Angelo Vendrame at 2025-10-08T21:50:41+02:00 fixup! BB 43664: Automatically check the PBM checkbox when in always-on PBM. This reverts commit 513f129ea336d1e0bd513eb2c1f7d6b029f0dd47. - - - - - cb4aeda9 by Pier Angelo Vendrame at 2025-10-08T21:50:42+02:00 Bug 1987183 - Automatically check the addon PBM checkbox when in always-on PBM. r=robwu Differential Revision: https://phabricator.services.mozilla.com/D263934 - - - - - 9 changed files: - browser/base/content/browser-addons.js - browser/components/extensions/test/browser/browser-private.toml - + browser/components/extensions/test/browser/browser_always_on_pbm_prompt.js - browser/components/search/SearchUIUtils.sys.mjs - browser/modules/ExtensionsUI.sys.mjs - modules/libpref/init/StaticPrefList.yaml - toolkit/components/search/OpenSearchLoader.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - tools/@types/generated/lib.gecko.xpcom.d.ts Changes: ===================================== browser/base/content/browser-addons.js ===================================== @@ -20,7 +20,6 @@ ChromeUtils.defineESModuleGetters(lazy, { ExtensionPermissions: "resource://gre/modules/ExtensionPermissions.sys.mjs", OriginControls: "resource://gre/modules/ExtensionPermissions.sys.mjs", PERMISSION_L10N: "resource://gre/modules/ExtensionPermissionMessages.sys.mjs", - PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs", SITEPERMS_ADDON_TYPE: "resource://gre/modules/addons/siteperms-addon-utils.sys.mjs", }); @@ -467,9 +466,7 @@ customElements.define( this.notification.options.customElementOptions; let checkboxEl = this.ownerDocument.createElement("moz-checkbox"); - checkboxEl.checked = - grantPrivateBrowsingAllowed || - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing; + checkboxEl.checked = grantPrivateBrowsingAllowed; checkboxEl.addEventListener("change", () => { // NOTE: the popupnotification instances will be reused // and so the callback function is destructured here to ===================================== browser/components/extensions/test/browser/browser-private.toml ===================================== @@ -6,6 +6,8 @@ tags = "webextensions" prefs = ["browser.privatebrowsing.autostart=true"] support-files = ["head.js"] +["browser_always_on_pbm_prompt.js"] + ["browser_ext_tabs_cookieStoreId_private.js"] ["browser_ext_tabs_newtab_private.js"] ===================================== browser/components/extensions/test/browser/browser_always_on_pbm_prompt.js ===================================== @@ -0,0 +1,95 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { AddonTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/AddonTestUtils.sys.mjs" +); + +AddonTestUtils.initMochitest(this); + +const addonId = "test@pbm-checkbox"; +let xpi; + +async function testCheckbox(allowPbm, expectedCheckboxValue) { + const readyPromise = AddonTestUtils.promiseWebExtensionStartup(addonId); + + window.gURLBar.value = xpi.path; + window.gURLBar.focus(); + EventUtils.synthesizeKey("KEY_Enter", {}, window); + + const panel = await promisePopupNotificationShown("addon-webext-permissions"); + const checkbox = panel.querySelector( + "li.webext-perm-privatebrowsing > moz-checkbox" + ); + ok(checkbox, "We found the PBM checkbox"); + + is( + checkbox.checked, + expectedCheckboxValue, + `We expected the PBM checkbox ${expectedCheckboxValue ? "" : "not "}to be checked for this test case.` + ); + + if (checkbox.checked != allowPbm) { + let { promise, resolve } = Promise.withResolvers(); + checkbox.addEventListener("change", resolve, { once: true }); + checkbox.click(); + await promise; + } + + is(checkbox.checked, allowPbm, "The checkbox matches allowPbm."); + + // Accept the installation + panel.button.click(); + + await readyPromise; + + let policy = WebExtensionPolicy.getByID(addonId); + is( + policy.privateBrowsingAllowed, + allowPbm, + `Private browsing permission has ${allowPbm ? "" : "not "}been granted` + ); +} + +async function uninstall() { + const addon = await AddonManager.getAddonByID(addonId); + await addon.uninstall(); +} + +add_task(async function () { + is( + PrivateBrowsingUtils.permanentPrivateBrowsing, + true, + "We are in permanent PBM for this test" + ); + + xpi = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + browser_specific_settings: { gecko: { id: addonId } }, + }, + }); + + await BrowserTestUtils.withNewTab({ gBrowser: window.gBrowser }, async () => { + // First run: install the addon for the first time. We do not let it run in + // PBM. + await testCheckbox(false, true); + // Second run: reinstall the already installed addon, to check the + // permission denial prevails on being in always-on PBM. + await testCheckbox(false, false); + }); + + await uninstall(); + + await BrowserTestUtils.withNewTab({ gBrowser: window.gBrowser }, async () => { + // Third run: install the addon for the first time, and let it run also in + // PBM. + await testCheckbox(true, true); + // Fourth run: reinstall the already installed addon, to check permission + // approval is persisted. + await testCheckbox(true, true); + }); + + await uninstall(); +}); ===================================== browser/components/search/SearchUIUtils.sys.mjs ===================================== @@ -184,7 +184,7 @@ export var SearchUIUtils = { await Services.search.addOpenSearchEngine( locationURL, image, - browsingContext?.originAttributes + browsingContext?.embedderElement?.contentPrincipal?.originAttributes ); } catch (ex) { let titleMsgName; ===================================== browser/modules/ExtensionsUI.sys.mjs ===================================== @@ -15,6 +15,7 @@ ChromeUtils.defineESModuleGetters(lazy, { AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.sys.mjs", ExtensionData: "resource://gre/modules/Extension.sys.mjs", ExtensionPermissions: "resource://gre/modules/ExtensionPermissions.sys.mjs", + PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs", OriginControls: "resource://gre/modules/ExtensionPermissions.sys.mjs", QuarantinedDomains: "resource://gre/modules/ExtensionPermissions.sys.mjs", }); @@ -413,7 +414,8 @@ export var ExtensionsUI = { !!strings.dataCollectionPermissions?.collectsTechnicalAndInteractionData; const incognitoPermissionName = "internal:privateBrowsingAllowed"; - let grantPrivateBrowsingAllowed = false; + let grantPrivateBrowsingAllowed = + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing; if (showIncognitoCheckbox) { let { permissions } = await lazy.ExtensionPermissions.get(addon.id); grantPrivateBrowsingAllowed = permissions.includes( ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -14999,11 +14999,7 @@ # Has no effect unless security.tls.enable_kyber is true. - name: network.http.http3.enable_kyber type: RelaxedAtomicBool -#ifdef ANDROID - value: @IS_NIGHTLY_BUILD@ -#else value: true -#endif mirror: always rust: true @@ -17061,11 +17057,7 @@ - name: security.tls.enable_kyber type: RelaxedAtomicBool -#ifdef ANDROID - value: @IS_NIGHTLY_BUILD@ -#else value: true -#endif mirror: always rust: true ===================================== toolkit/components/search/OpenSearchLoader.sys.mjs ===================================== @@ -98,8 +98,9 @@ const MOZSEARCH_LOCALNAME = "SearchPlugin"; * @param {string} [lastModified] * The UTC date when the engine was last updated, if any. * @param {object} [originAttributes] - * The first party domain of the site loading that manifest. The domain of the - * manifest will be used if not provided. + * The origin attributes of the site loading the manifest. If none are + * specified, the origin attributes will be formed of the first party domain + * based on the domain of the manifest. * @returns {Promise<OpenSearchProperties>} * The properties of the loaded OpenSearch engine. */ @@ -165,7 +166,8 @@ function loadEngineXML(sourceURI, lastModified, originAttributes = null) { sourceURI, // OpenSearchEngine is loading a definition file for a search engine, // TYPE_DOCUMENT captures that load best. - Ci.nsIContentPolicy.TYPE_DOCUMENT + Ci.nsIContentPolicy.TYPE_DOCUMENT, + originAttributes ); // we collect https telemetry for all top-level (document) loads. @@ -173,17 +175,6 @@ function loadEngineXML(sourceURI, lastModified, originAttributes = null) { ? Ci.nsILoadInfo.ALREADY_HTTPS : Ci.nsILoadInfo.NO_UPGRADE; - if (!originAttributes) { - originAttributes = {}; - try { - originAttributes.firstPartyDomain = - Services.eTLD.getSchemelessSite(sourceURI); - } catch (ex) { - console.error("Failed to get first party domain for the manifest", ex); - } - } - chan.loadInfo.originAttributes = originAttributes; - if (lastModified && chan instanceof Ci.nsIHttpChannel) { chan.setRequestHeader("If-Modified-Since", lastModified, false); } ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -244,19 +244,34 @@ export var SearchUtils = { * The URL string from which to create an nsIChannel. * @param {nsContentPolicyType} contentPolicyType * The type of document being loaded. + * @param {object} [originAttributes] + * The origin attributes to associate to this channel. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url, contentPolicyType) { + makeChannel(url, contentPolicyType, originAttributes = null) { if (!contentPolicyType) { throw new Error("makeChannel called with invalid content policy type"); } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; - let principal = - uri.scheme == "moz-extension" - ? Services.scriptSecurityManager.createContentPrincipal(uri, {}) - : Services.scriptSecurityManager.createNullPrincipal({}); + let principal; + if (uri.scheme == "moz-extension") { + principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + } else { + if (!originAttributes) { + originAttributes = {}; + try { + originAttributes.firstPartyDomain = + Services.eTLD.getSchemelessSite(uri); + } catch {} + } + principal = + Services.scriptSecurityManager.createNullPrincipal(originAttributes); + } return Services.io.newChannelFromURI( uri, ===================================== tools/@types/generated/lib.gecko.xpcom.d.ts ===================================== @@ -11613,7 +11613,7 @@ interface nsISearchService extends nsISupports, Enums<typeof nsISearchService_Op readonly hasSuccessfullyInitialized: boolean; runBackgroundChecks(): Promise<any>; resetToAppDefaultEngine(): void; - addOpenSearchEngine(engineURL: string, iconURL: string): Promise<any>; + addOpenSearchEngine(engineURL: string, iconURL: string, originAttributes?: any): Promise<any>; addUserEngine(formInfo: any): Promise<any>; addEnginesFromExtension(extension: any): Promise<any>; restoreDefaultEngines(): void; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/824... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/824... You're receiving this email because of your account on gitlab.torproject.org.