[tor-commits] [tor-browser/tor-browser-60.4.0esr-8.5-1] Revert "Bug 22343: Make 'Save Page As' obey first-party isolation"
gk at torproject.org
gk at torproject.org
Wed Jan 23 08:04:19 UTC 2019
commit 9c9809f628c810e53f428ec565aa8d515908a2b7
Author: Georg Koppen <gk at torproject.org>
Date: Mon Jan 21 11:28:54 2019 +0000
Revert "Bug 22343: Make 'Save Page As' obey first-party isolation"
This reverts commit 3fe87eec8bc9555ed4d1a59e1a26bc6c6df93f38.
---
browser/base/content/browser.js | 2 +-
browser/base/content/nsContextMenu.js | 39 ++++++++------------------
browser/base/content/pageinfo/pageInfo.js | 5 ++--
browser/base/content/utilityOverlay.js | 6 ++--
dom/webbrowserpersist/nsIWebBrowserPersist.idl | 9 +-----
dom/webbrowserpersist/nsWebBrowserPersist.cpp | 18 ++----------
dom/webbrowserpersist/nsWebBrowserPersist.h | 2 --
mobile/android/chrome/content/browser.js | 6 ++--
netwerk/base/LoadContextInfo.cpp | 18 ++----------
toolkit/components/browser/nsWebBrowser.cpp | 12 --------
toolkit/content/contentAreaUtils.js | 32 ++++++---------------
11 files changed, 34 insertions(+), 115 deletions(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 5eed34e08086..0fc6a72daf66 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -6175,7 +6175,7 @@ function handleLinkClick(event, href, linkNode) {
if (where == "save") {
saveURL(href, linkNode ? gatherTextUnder(linkNode) : "", null, true,
- true, doc.documentURIObject, doc, undefined, doc.nodePrincipal);
+ true, doc.documentURIObject, doc);
event.preventDefault();
return true;
}
diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js
index 37ebde22ea07..368d0475ac34 100644
--- a/browser/base/content/nsContextMenu.js
+++ b/browser/base/content/nsContextMenu.js
@@ -989,11 +989,9 @@ nsContextMenu.prototype = {
let onMessage = (message) => {
mm.removeMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage);
let dataURL = message.data.dataURL;
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(dataURL), this.principal.originAttributes);
saveImageURL(dataURL, name, "SaveImageTitle", true, false,
document.documentURIObject, null, null, null,
- isPrivate, principal);
+ isPrivate);
};
mm.addMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage);
},
@@ -1065,7 +1063,7 @@ nsContextMenu.prototype = {
// Helper function to wait for appropriate MIME-type headers and
// then prompt the user with a file picker
saveHelper(linkURL, linkText, dialogTitle, bypassCache, doc, docURI,
- windowID, linkDownload, isContentWindowPrivate, contentPrincipal) {
+ windowID, linkDownload, isContentWindowPrivate) {
// canonical def in nsURILoader.h
const NS_ERROR_SAVE_LINK_AS_TIMEOUT = 0x805d0020;
@@ -1118,7 +1116,7 @@ nsContextMenu.prototype = {
// do it the old fashioned way, which will pick the best filename
// it can without waiting.
saveURL(linkURL, linkText, dialogTitle, bypassCache, false, docURI,
- doc, isContentWindowPrivate, contentPrincipal);
+ doc, isContentWindowPrivate);
}
if (this.extListener)
this.extListener.onStopRequest(aRequest, aContext, aStatusCode);
@@ -1158,13 +1156,10 @@ nsContextMenu.prototype = {
}
};
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(linkURL), this.principal.originAttributes);
-
// setting up a new channel for 'right click - save link as ...'
var channel = NetUtil.newChannel({
uri: makeURI(linkURL),
- loadingPrincipal: principal,
+ loadingPrincipal: this.principal,
contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
});
@@ -1206,17 +1201,14 @@ nsContextMenu.prototype = {
// Save URL of clicked-on link.
saveLink() {
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(this.linkURL), this.principal.originAttributes);
- urlSecurityCheck(this.linkURL, principal);
+ urlSecurityCheck(this.linkURL, this.principal);
let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined;
this.saveHelper(this.linkURL, this.linkTextStr, null, true, this.ownerDoc,
gContextMenuContentData.documentURIObject,
this.frameOuterWindowID,
this.linkDownload,
- isContentWindowPrivate,
- principal);
+ isContentWindowPrivate);
},
// Backwards-compatibility wrapper
@@ -1231,32 +1223,23 @@ nsContextMenu.prototype = {
let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined;
let referrerURI = gContextMenuContentData.documentURIObject;
let isPrivate = PrivateBrowsingUtils.isBrowserPrivate(this.browser);
- let thisPrincipal = this.principal;
if (this.onCanvas) {
// Bypass cache, since it's a data: URL.
this._canvasToBlobURL(this.target).then(function(blobURL) {
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(blobURL), thisPrincipal.originAttributes);
saveImageURL(blobURL, "canvas.png", "SaveImageTitle",
true, false, referrerURI, null, null, null,
- isPrivate, principal);
+ isPrivate);
}, Cu.reportError);
} else if (this.onImage) {
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(this.mediaURL), thisPrincipal.originAttributes);
- urlSecurityCheck(this.mediaURL, principal);
+ urlSecurityCheck(this.mediaURL, this.principal);
saveImageURL(this.mediaURL, null, "SaveImageTitle", false,
false, referrerURI, null, gContextMenuContentData.contentType,
- gContextMenuContentData.contentDisposition, isPrivate,
- principal);
+ gContextMenuContentData.contentDisposition, isPrivate);
} else if (this.onVideo || this.onAudio) {
- const principal = Services.scriptSecurityManager.createCodebasePrincipal(
- makeURI(this.mediaURL), thisPrincipal.originAttributes);
- urlSecurityCheck(this.mediaURL, principal);
+ urlSecurityCheck(this.mediaURL, this.principal);
var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle";
this.saveHelper(this.mediaURL, null, dialogTitle, false, doc, referrerURI,
- this.frameOuterWindowID, "", isContentWindowPrivate,
- principal);
+ this.frameOuterWindowID, "", isContentWindowPrivate);
}
},
diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js
index efe24f7487d9..86f548c74494 100644
--- a/browser/base/content/pageinfo/pageInfo.js
+++ b/browser/base/content/pageinfo/pageInfo.js
@@ -696,7 +696,7 @@ function saveMedia() {
titleKey = "SaveAudioTitle";
saveURL(url, null, titleKey, false, false, makeURI(item.baseURI),
- null, gDocInfo.isContentWindowPrivate, gDocInfo.principal);
+ null, gDocInfo.isContentWindowPrivate);
}
} else {
selectSaveFolder(function(aDirectory) {
@@ -704,8 +704,7 @@ function saveMedia() {
var saveAnImage = function(aURIString, aChosenData, aBaseURI) {
uniqueFile(aChosenData.file);
internalSave(aURIString, null, null, null, null, false, "SaveImageTitle",
- aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate,
- gDocInfo.principal);
+ aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate);
};
for (var i = 0; i < rowArray.length; i++) {
diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js
index 4cd7d91e4e9a..b73a01a0b0f3 100644
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -258,16 +258,14 @@ function openLinkIn(url, where, params) {
// ContentClick.jsm passes isContentWindowPrivate for saveURL instead of passing a CPOW initiatingDoc
if ("isContentWindowPrivate" in params) {
- saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI,
- null, params.isContentWindowPrivate,
- aPrincipal || aTriggeringPrincipal);
+ saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, null, params.isContentWindowPrivate);
} else {
if (!aInitiatingDoc) {
Cu.reportError("openUILink/openLinkIn was called with " +
"where == 'save' but without initiatingDoc. See bug 814264.");
return;
}
- saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc, params.isContentWindowPrivate, aPrincipal || aTriggeringPrincipal);
+ saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc);
}
return;
}
diff --git a/dom/webbrowserpersist/nsIWebBrowserPersist.idl b/dom/webbrowserpersist/nsIWebBrowserPersist.idl
index 62ac1c1cd7bd..8de84f5e2904 100644
--- a/dom/webbrowserpersist/nsIWebBrowserPersist.idl
+++ b/dom/webbrowserpersist/nsIWebBrowserPersist.idl
@@ -13,12 +13,11 @@ interface nsIWebProgressListener;
interface nsIFile;
interface nsIChannel;
interface nsILoadContext;
-interface nsIPrincipal;
/**
* Interface for persisting DOM documents and URIs to local or remote storage.
*/
-[scriptable, uuid(ccdbc750-be09-4f11-bb01-4e0a4db76c41)]
+[scriptable, uuid(8cd752a4-60b1-42c3-a819-65c7a1138a28)]
interface nsIWebBrowserPersist : nsICancelable
{
/** No special persistence behaviour. */
@@ -113,12 +112,6 @@ interface nsIWebBrowserPersist : nsICancelable
attribute nsIWebProgressListener progressListener;
/**
- * This attribute can be used to set the loading principal
- * of the document or URI to be persisted.
- */
- attribute nsIPrincipal loadingPrincipal;
-
- /**
* Save the specified URI to file.
*
* @param aURI URI to save to file. Some implementations of this interface
diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp
index 4f49b63475f3..fd6d9d0d9315 100644
--- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp
+++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp
@@ -277,7 +277,6 @@ const char *kWebBrowserPersistStringBundle =
nsWebBrowserPersist::nsWebBrowserPersist() :
mCurrentDataPathIsRelative(false),
mCurrentThingsToPersist(0),
- mLoadingPrincipal(nsContentUtils::GetSystemPrincipal()),
mFirstAndOnlyUse(true),
mSavingDocument(false),
mCancel(false),
@@ -414,19 +413,6 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener(
return NS_OK;
}
-NS_IMETHODIMP nsWebBrowserPersist::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
-{
- *loadingPrincipal = mLoadingPrincipal;
- return NS_OK;
-}
-
-NS_IMETHODIMP nsWebBrowserPersist::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
-{
- mLoadingPrincipal = loadingPrincipal ? loadingPrincipal :
- nsContentUtils::GetSystemPrincipal();
- return NS_OK;
-}
-
NS_IMETHODIMP nsWebBrowserPersist::SaveURI(
nsIURI *aURI, nsISupports *aCacheKey,
nsIURI *aReferrer, uint32_t aReferrerPolicy,
@@ -1399,7 +1385,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
nsCOMPtr<nsIChannel> inputChannel;
rv = NS_NewChannel(getter_AddRefs(inputChannel),
aURI,
- mLoadingPrincipal,
+ nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aPerformanceStorage
@@ -2770,7 +2756,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel)
rv = NS_NewChannel(aChannel,
aURI,
- mLoadingPrincipal,
+ nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER);
NS_ENSURE_SUCCESS(rv, rv);
diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h
index f95300be12cb..17b570d783e7 100644
--- a/dom/webbrowserpersist/nsWebBrowserPersist.h
+++ b/dom/webbrowserpersist/nsWebBrowserPersist.h
@@ -147,8 +147,6 @@ private:
nsCOMPtr<nsIMIMEService> mMIMEService;
nsCOMPtr<nsIURI> mURI;
nsCOMPtr<nsIWebProgressListener> mProgressListener;
- nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
-
/**
* Progress listener for 64-bit values; this is the same object as
* mProgressListener, but is a member to avoid having to qi it for each
diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js
index 3e074009fad9..c3430f5b5a4c 100644
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -886,10 +886,10 @@ var BrowserApp = {
if (!permissionGranted) {
return;
}
- let doc = aTarget.ownerDocument;
+
ContentAreaUtils.saveImageURL(aTarget.currentRequestFinalURI.spec, null, "SaveImageTitle",
- false, true, doc.documentURIObject,
- null, null, null, doc.isPrivate, doc.nodePrincipal);
+ false, true, aTarget.ownerDocument.documentURIObject,
+ aTarget.ownerDocument);
});
});
diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp
index 1218345b63ed..79f870e8d20d 100644
--- a/netwerk/base/LoadContextInfo.cpp
+++ b/netwerk/base/LoadContextInfo.cpp
@@ -121,6 +121,8 @@ GetLoadContextInfo(nsIChannel * aChannel)
{
nsresult rv;
+ DebugOnly<bool> pb = NS_UsePrivateBrowsing(aChannel);
+
bool anon = false;
nsLoadFlags loadFlags;
rv = aChannel->GetLoadFlags(&loadFlags);
@@ -130,21 +132,7 @@ GetLoadContextInfo(nsIChannel * aChannel)
OriginAttributes oa;
NS_GetOriginAttributes(aChannel, oa);
-
-#ifdef DEBUG
- nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
- if (loadInfo) {
- nsCOMPtr<nsIPrincipal> principal = loadInfo->LoadingPrincipal();
- if (principal) {
- bool chrome;
- principal->GetIsSystemPrincipal(&chrome);
- if (!chrome) {
- bool pb = NS_UsePrivateBrowsing(aChannel);
- MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
- }
- }
- }
-#endif
+ MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
return new LoadContextInfo(anon, oa);
}
diff --git a/toolkit/components/browser/nsWebBrowser.cpp b/toolkit/components/browser/nsWebBrowser.cpp
index ff1e728243b4..40ac82210502 100644
--- a/toolkit/components/browser/nsWebBrowser.cpp
+++ b/toolkit/components/browser/nsWebBrowser.cpp
@@ -997,18 +997,6 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener)
}
NS_IMETHODIMP
-nsWebBrowser::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
-{
- return NS_ERROR_NOT_IMPLEMENTED;
-}
-
-NS_IMETHODIMP
-nsWebBrowser::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
-{
- return NS_ERROR_NOT_IMPLEMENTED;
-}
-
-NS_IMETHODIMP
nsWebBrowser::SaveURI(nsIURI* aURI,
nsISupports* aCacheKey,
nsIURI* aReferrer,
diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js
index e213a0e4333e..48cf448798a5 100644
--- a/toolkit/content/contentAreaUtils.js
+++ b/toolkit/content/contentAreaUtils.js
@@ -62,14 +62,14 @@ function forbidCPOW(arg, func, argname) {
// - A linked document using Alt-click Save Link As...
//
function saveURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
- aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate,
- aContentPrincipal) {
+ aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate) {
forbidCPOW(aURL, "saveURL", "aURL");
forbidCPOW(aReferrer, "saveURL", "aReferrer");
// Allow aSourceDocument to be a CPOW.
+
internalSave(aURL, null, aFileName, null, null, aShouldBypassCache,
aFilePickerTitleKey, null, aReferrer, aSourceDocument,
- aSkipPrompt, null, aIsContentWindowPrivate, aContentPrincipal);
+ aSkipPrompt, null, aIsContentWindowPrivate);
}
// Just like saveURL, but will get some info off the image before
@@ -109,12 +109,10 @@ const nsISupportsCString = Ci.nsISupportsCString;
* @param aIsContentWindowPrivate (bool)
* Whether or not the containing window is in private browsing mode.
* Does not need to be provided is aDoc is passed.
- * @param aContentPrincipal [optional]
- * The principal to be used for fetching and saving the target URL.
*/
function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
aSkipPrompt, aReferrer, aDoc, aContentType, aContentDisp,
- aIsContentWindowPrivate, aContentPrincipal) {
+ aIsContentWindowPrivate) {
forbidCPOW(aURL, "saveImageURL", "aURL");
forbidCPOW(aReferrer, "saveImageURL", "aReferrer");
@@ -158,8 +156,7 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
internalSave(aURL, null, aFileName, aContentDisp, aContentType,
aShouldBypassCache, aFilePickerTitleKey, null, aReferrer,
- null, aSkipPrompt, null, aIsContentWindowPrivate,
- aContentPrincipal);
+ null, aSkipPrompt, null, aIsContentWindowPrivate);
}
// This is like saveDocument, but takes any browser/frame-like element
@@ -173,7 +170,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) {
let stack = Components.stack.caller;
persistable.startPersistence(aOuterWindowID, {
onDocumentReady(document) {
- saveDocument(document, aSkipPrompt, aBrowser.contentPrincipal);
+ saveDocument(document, aSkipPrompt);
},
onError(status) {
throw new Components.Exception("saveBrowser failed asynchronously in startPersistence",
@@ -189,9 +186,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) {
// case "save as" modes that serialize the document's DOM are
// unavailable. This is a temporary measure for the "Save Frame As"
// command (bug 1141337) and pre-e10s add-ons.
-//
-// aContentPrincipal is the principal for downloading and saving the document.
-function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) {
+function saveDocument(aDocument, aSkipPrompt) {
if (!aDocument)
throw "Must have a document when calling saveDocument";
@@ -246,7 +241,7 @@ function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) {
internalSave(aDocument.documentURI, aDocument, null, contentDisposition,
aDocument.contentType, false, null, null,
aDocument.referrer ? makeURI(aDocument.referrer) : null,
- aDocument, aSkipPrompt, cacheKey, undefined, aContentPrincipal);
+ aDocument, aSkipPrompt, cacheKey);
}
function DownloadListener(win, transfer) {
@@ -355,13 +350,11 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text);
* This parameter is provided when the aInitiatingDocument is not a
* real document object. Stores whether aInitiatingDocument.defaultView
* was private or not.
- * @param aContentPrincipal [optional]
- * The principal to be used for fetching and saving the target URL.
*/
function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
aContentType, aShouldBypassCache, aFilePickerTitleKey,
aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt,
- aCacheKey, aIsContentWindowPrivate, aContentPrincipal) {
+ aCacheKey, aIsContentWindowPrivate) {
forbidCPOW(aURL, "internalSave", "aURL");
forbidCPOW(aReferrer, "internalSave", "aReferrer");
forbidCPOW(aCacheKey, "internalSave", "aCacheKey");
@@ -430,7 +423,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
let nonCPOWDocument =
aDocument && !Cu.isCrossProcessWrapper(aDocument);
-
let isPrivate = aIsContentWindowPrivate;
if (isPrivate === undefined) {
isPrivate = aInitiatingDocument instanceof Ci.nsIDOMDocument
@@ -448,7 +440,6 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
sourcePostData: nonCPOWDocument ? getPostData(aDocument) : null,
bypassCache: aShouldBypassCache,
isPrivate,
- loadingPrincipal: aContentPrincipal,
};
// Start the actual save process
@@ -485,15 +476,10 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
* If true, the document will always be refetched from the server
* @param persistArgs.isPrivate
* Indicates whether this is taking place in a private browsing context.
- * @param persistArgs.loadingPrincipal
- * The principal assigned to the document being saved.
*/
function internalPersist(persistArgs) {
var persist = makeWebBrowserPersist();
- if (["http", "https", "ftp"].includes(persistArgs.sourceURI.scheme)) {
- persist.loadingPrincipal = persistArgs.loadingPrincipal;
- }
// Calculate persist flags.
const nsIWBP = Ci.nsIWebBrowserPersist;
const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES |
More information about the tor-commits
mailing list