[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor-browser/tor-browser-24.6.0esr-4.x-1] Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
commit d0062623b1cb82844bd83af308515d86ccc610a3
Author: Arthur Edelstein <arthuredelstein@xxxxxxxxx>
Date: Thu Apr 17 16:39:37 2014 -0700
Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
---
browser/app/profile/firefox.js | 8 ++
content/base/src/ThirdPartyUtil.cpp | 34 ++++++++
content/base/src/ThirdPartyUtil.h | 1 +
content/base/src/nsContentUtils.cpp | 28 +++----
docshell/base/nsDocShell.cpp | 10 +--
dom/base/nsGlobalWindow.cpp | 28 +++----
dom/base/nsGlobalWindow.h | 2 +-
dom/interfaces/storage/nsIDOMStorageManager.idl | 14 ++--
dom/src/storage/DOMStorageCache.cpp | 4 +-
dom/src/storage/DOMStorageCache.h | 6 +-
dom/src/storage/DOMStorageManager.cpp | 44 +++++-----
dom/src/storage/DOMStorageManager.h | 4 +-
embedding/browser/webBrowser/nsContextMenuInfo.cpp | 8 +-
image/public/imgILoader.idl | 4 +-
image/src/imgLoader.cpp | 84 ++++++++------------
image/src/imgLoader.h | 6 +-
image/src/imgRequest.cpp | 8 +-
image/src/imgRequest.h | 4 +-
layout/generic/nsImageFrame.cpp | 22 ++---
netwerk/base/public/mozIThirdPartyUtil.idl | 23 ++++++
widget/cocoa/nsMenuItemIconX.mm | 8 +-
21 files changed, 200 insertions(+), 150 deletions(-)
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 56ae000..ae78798 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -517,6 +517,14 @@ pref("privacy.sanitize.migrateFx3Prefs", false);
pref("network.proxy.share_proxy_settings", false); // use the same proxy settings for all protocols
+// The privacy.thirdparty.isolate pref determines whether
+// an isolated DOM Storage map and image cache are
+// maintained for each URL bar domain.
+// 0 - No isolation
+// 1 - Enable isolation in private windows
+// 2 - Enable isolation everywhere
+pref("privacy.thirdparty.isolate", 1);
+
// simple gestures support
pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate");
pref("browser.gesture.swipe.right", "Browser:ForwardOrForwardDuplicate");
diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp
index 55eb316..06b2a14 100644
--- a/content/base/src/ThirdPartyUtil.cpp
+++ b/content/base/src/ThirdPartyUtil.cpp
@@ -3,6 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ThirdPartyUtil.h"
+#include "mozilla/Preferences.h"
#include "nsNetUtil.h"
#include "nsIServiceManager.h"
#include "nsIHttpChannelInternal.h"
@@ -411,6 +412,39 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
return NS_OK;
}
+// Returns true if First Party Isolation is currently active for the given nsIChannel.
+// Depends on Preference setting and possibly the state of Private Browsing mode.
+bool ThirdPartyUtil::IsFirstPartyIsolationActive(nsIChannel *aChannel, nsIDocument *aDoc)
+{
+ int32_t isolationState = mozilla::Preferences::GetInt("privacy.thirdparty.isolate");
+ if (isolationState == 1) {
+ if (!aChannel && aDoc) {
+ // No channel passed directly. Can we get a channel from aDoc?
+ aChannel = aDoc->GetChannel();
+ }
+ return aChannel && NS_UsePrivateBrowsing(aChannel);
+ } else { // (isolationState == 0) || (isolationState == 2)
+ return (isolationState == 2);
+ }
+}
+
+// Produces a URI that uniquely identifies the first party to which
+// image cache and dom storage objects should be isolated. If isolation
+// is deactivated, then aOutput will return null.
+// Not scriptable due to the use of an nsIDocument parameter.
+NS_IMETHODIMP
+ThirdPartyUtil::GetFirstPartyIsolationURI(nsIChannel *aChannel, nsIDocument *aDoc, nsIURI **aOutput)
+{
+ bool isolationActive = IsFirstPartyIsolationActive(aChannel, aDoc);
+ if (isolationActive) {
+ return GetFirstPartyURI(aChannel, aDoc, aOutput);
+ } else {
+ // We return a null pointer when isolation is off.
+ *aOutput = nullptr;
+ return NS_OK;
+ }
+}
+
// Not scriptable due to the use of an nsIDocument parameter.
NS_IMETHODIMP
ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,
diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h
index 8777f44..c90dbad 100644
--- a/content/base/src/ThirdPartyUtil.h
+++ b/content/base/src/ThirdPartyUtil.h
@@ -27,6 +27,7 @@ public:
private:
nsresult IsThirdPartyInternal(const nsCString& aFirstDomain,
nsIURI* aSecondURI, bool* aResult);
+ bool IsFirstPartyIsolationActive(nsIChannel* aChannel, nsIDocument* aDoc);
bool SchemeIsWhiteListed(nsIURI *aURI);
static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);
static nsresult GetOriginatingURI(nsIChannel *aChannel, nsIURI **aURI);
diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp
index db038bf..308cea8 100644
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -2693,22 +2693,22 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
// Make the URI immutable so people won't change it under us
NS_TryToSetImmutable(aURI);
- nsCOMPtr<nsIURI> firstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
= do_GetService(THIRDPARTYUTIL_CONTRACTID);
- thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument,
- getter_AddRefs(firstPartyURI));
-
- return imgLoader->LoadImage(aURI, /* uri to load */
- firstPartyURI, /* firstPartyURI */
- aReferrer, /* referrer */
- aLoadingPrincipal, /* loading principal */
- loadGroup, /* loadgroup */
- aObserver, /* imgINotificationObserver */
- aLoadingDocument, /* uniquification key */
- aLoadFlags, /* load flags */
- nullptr, /* cache key */
- channelPolicy, /* CSP info */
+ thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aLoadingDocument,
+ getter_AddRefs(firstPartyIsolationURI));
+
+ return imgLoader->LoadImage(aURI, /* uri to load */
+ firstPartyIsolationURI, /* firstPartyIsolationURI, NULL if isolation is not active */
+ aReferrer, /* referrer */
+ aLoadingPrincipal, /* loading principal */
+ loadGroup, /* loadgroup */
+ aObserver, /* imgINotificationObserver */
+ aLoadingDocument, /* uniquification key */
+ aLoadFlags, /* load flags */
+ nullptr, /* cache key */
+ channelPolicy, /* CSP info */
aRequest);
}
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 8963ea0..205b197 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -2698,18 +2698,18 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
return NS_ERROR_FAILURE;
nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
- nsCOMPtr<nsIURI> firstPartyURI;
- nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc,
- getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ nsresult rv = thirdPartyUtil->GetFirstPartyIsolationURI(nullptr, doc,
+ getter_AddRefs(firstPartyIsolationURI));
NS_ENSURE_SUCCESS(rv, rv);
if (aCreate) {
- return manager->CreateStorageForFirstParty(firstPartyURI,
+ return manager->CreateStorageForFirstParty(firstPartyIsolationURI,
aPrincipal, aDocumentURI,
mInPrivateBrowsing, aStorage);
}
- return manager->GetStorageForFirstParty(firstPartyURI, aPrincipal,
+ return manager->GetStorageForFirstParty(firstPartyIsolationURI, aPrincipal,
mInPrivateBrowsing, aStorage);
}
diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 5a0998a..7c742b0 100644
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -2604,8 +2604,8 @@ nsGlobalWindow::PreloadLocalStorage()
}
nsresult rv;
- nsCOMPtr<nsIURI> firstPartyURI;
- rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
if (NS_FAILED(rv)) {
return;
}
@@ -2616,7 +2616,7 @@ nsGlobalWindow::PreloadLocalStorage()
return;
}
- storageManager->PrecacheStorageForFirstParty(firstPartyURI, principal);
+ storageManager->PrecacheStorageForFirstParty(firstPartyIsolationURI, principal);
}
void
@@ -6665,7 +6665,7 @@ nsGlobalWindow::CallerInnerWindow()
}
nsresult
-nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI)
+nsGlobalWindow::GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI)
{
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
do_GetService(THIRDPARTYUTIL_CONTRACTID);
@@ -6673,7 +6673,7 @@ nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI)
return NS_ERROR_FAILURE;
nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDoc);
- return thirdPartyUtil->GetFirstPartyURI(NULL, doc, aFirstPartyURI);
+ return thirdPartyUtil->GetFirstPartyIsolationURI(NULL, doc, aFirstPartyIsolationURI);
}
@@ -8984,11 +8984,11 @@ nsGlobalWindow::GetSessionStorage(nsIDOMStorage ** aSessionStorage)
nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
- nsCOMPtr<nsIURI> firstPartyURI;
- rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
NS_ENSURE_SUCCESS(rv, rv);
- rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal,
+ rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal,
documentURI,
loadContext && loadContext->UsePrivateBrowsing(),
getter_AddRefs(mSessionStorage));
@@ -9056,14 +9056,14 @@ nsGlobalWindow::GetLocalStorage(nsIDOMStorage ** aLocalStorage)
mDoc->GetDocumentURI(documentURI);
}
- nsCOMPtr<nsIURI> firstPartyURI;
- rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
NS_ENSURE_SUCCESS(rv, rv);
nsIDocShell* docShell = GetDocShell();
nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
- rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal,
+ rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal,
documentURI,
loadContext && loadContext->UsePrivateBrowsing(),
getter_AddRefs(mLocalStorage));
@@ -9681,11 +9681,11 @@ nsGlobalWindow::Observe(nsISupports* aSubject, const char* aTopic,
nsCOMPtr<nsIDOMStorageManager> storageManager = do_QueryInterface(GetDocShell());
if (storageManager) {
nsresult rv;
- nsCOMPtr<nsIURI> firstPartyURI;
- rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
NS_ENSURE_SUCCESS(rv, rv);
- rv = storageManager->CheckStorageForFirstParty(firstPartyURI,
+ rv = storageManager->CheckStorageForFirstParty(firstPartyIsolationURI,
principal, changingStorage, &check);
NS_ENSURE_SUCCESS(rv, rv);
}
diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h
index af012bc..da6b54d 100644
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -1092,7 +1092,7 @@ protected:
nsresult RequestAnimationFrame(const nsIDocument::FrameRequestCallbackHolder& aCallback,
int32_t* aHandle);
- nsresult GetFirstPartyURI(nsIURI** aFirstPartyURI);
+ nsresult GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI);
// When adding new member variables, be careful not to create cycles
// through JavaScript. If there is any chance that a member variable
diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl
index 6d1c5fc..ea7246e 100644
--- a/dom/interfaces/storage/nsIDOMStorageManager.idl
+++ b/dom/interfaces/storage/nsIDOMStorageManager.idl
@@ -21,13 +21,13 @@ interface nsIDOMStorageManager : nsISupports
* This starts async preloading of a storage cache for scope
* defined by the principal.
*
- * @param aFirstPartyURI
+ * @param aFirstPartyIsolationURI
* First party URI to bound storage to.
* @param aPrincipal
* Principal to bound storage to.
*/
void precacheStorage(in nsIPrincipal aPrincipal);
- void precacheStorageForFirstParty(in nsIURI aFirstPartyURI,
+ void precacheStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
in nsIPrincipal aPrincipal);
/**
@@ -35,7 +35,7 @@ interface nsIDOMStorageManager : nsISupports
* A new object is always returned and it is ensured there is
* a storage for the scope created.
*
- * @param aFirstPartyURI
+ * @param aFirstPartyIsolationURI
* First party URI to bound storage to.
* @param aPrincipal
* Principal to bound storage to.
@@ -47,7 +47,7 @@ interface nsIDOMStorageManager : nsISupports
nsIDOMStorage createStorage(in nsIPrincipal aPrincipal,
in DOMString aDocumentURI,
[optional] in bool aPrivate);
- nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyURI,
+ nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
in nsIPrincipal aPrincipal,
in DOMString aDocumentURI,
[optional] in bool aPrivate);
@@ -64,7 +64,7 @@ interface nsIDOMStorageManager : nsISupports
*/
nsIDOMStorage getStorage(in nsIPrincipal aPrincipal,
[optional] in bool aPrivate);
- nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyURI,
+ nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
in nsIPrincipal aPrincipal,
[optional] in bool aPrivate);
@@ -83,7 +83,7 @@ interface nsIDOMStorageManager : nsISupports
* Returns true if the storage belongs to the given principal and is managed
* (i.e. has been created and is cached) by this storage manager.
*
- * @param aFirstPartyURI
+ * @param aFirstPartyIsolationURI
* First party URI to check the storage against.
* @param aPrincipal
* Principal to check the storage against.
@@ -97,7 +97,7 @@ interface nsIDOMStorageManager : nsISupports
*/
bool checkStorage(in nsIPrincipal aPrincipal,
in nsIDOMStorage aStorage);
- bool checkStorageForFirstParty(in nsIURI aFirstPartyURI,
+ bool checkStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
in nsIPrincipal aPrincipal,
in nsIDOMStorage aStorage);
diff --git a/dom/src/storage/DOMStorageCache.cpp b/dom/src/storage/DOMStorageCache.cpp
index 84ef729..b67a559 100644
--- a/dom/src/storage/DOMStorageCache.cpp
+++ b/dom/src/storage/DOMStorageCache.cpp
@@ -120,7 +120,7 @@ DOMStorageCache::Release(void)
void
DOMStorageCache::Init(DOMStorageManager* aManager,
bool aPersistent,
- nsIURI* aFirstPartyURI,
+ nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
const nsACString& aQuotaScope)
{
@@ -130,7 +130,7 @@ DOMStorageCache::Init(DOMStorageManager* aManager,
mManager = aManager;
mInitialized = true;
- mFirstPartyURI = aFirstPartyURI;
+ mFirstPartyIsolationURI = aFirstPartyIsolationURI;
mPrincipal = aPrincipal;
mPersistent = aPersistent;
mQuotaScope = aQuotaScope.IsEmpty() ? mScope : aQuotaScope;
diff --git a/dom/src/storage/DOMStorageCache.h b/dom/src/storage/DOMStorageCache.h
index 42836ac..2b892fc 100644
--- a/dom/src/storage/DOMStorageCache.h
+++ b/dom/src/storage/DOMStorageCache.h
@@ -72,7 +72,7 @@ public:
virtual ~DOMStorageCache();
void Init(DOMStorageManager* aManager, bool aPersistent,
- nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+ nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
const nsACString& aQuotaScope);
// Copies all data from the other storage.
@@ -97,7 +97,7 @@ public:
nsTArray<nsString>* GetKeys(const DOMStorage* aStorage);
- nsIURI* FirstPartyURI() const { return mFirstPartyURI; }
+ nsIURI* FirstPartyIsolationURI() const { return mFirstPartyIsolationURI; }
// Whether the principal equals principal the cache was created for
bool CheckPrincipal(nsIPrincipal* aPrincipal) const;
@@ -177,7 +177,7 @@ private:
nsCOMPtr<nsITimer> mKeepAliveTimer;
// The first party URI associated with this cache.
- nsCOMPtr<nsIURI> mFirstPartyURI;
+ nsCOMPtr<nsIURI> mFirstPartyIsolationURI;
// Principal the cache has been initially created for, this is used only
// for sessionStorage access checks since sessionStorage objects are strictly
diff --git a/dom/src/storage/DOMStorageManager.cpp b/dom/src/storage/DOMStorageManager.cpp
index 9cc5042..4dbe66c 100644
--- a/dom/src/storage/DOMStorageManager.cpp
+++ b/dom/src/storage/DOMStorageManager.cpp
@@ -132,16 +132,16 @@ DOMStorageManager::~DOMStorageManager()
namespace { // anon
nsresult
-AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey)
+AppendFirstPartyToKey(nsIURI* aFirstPartyIsolationURI, nsACString& aKey)
{
- if (aFirstPartyURI) {
+ if (aFirstPartyIsolationURI) {
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
do_GetService(THIRDPARTYUTIL_CONTRACTID);
if (!thirdPartyUtil)
return NS_ERROR_FAILURE;
nsAutoCString firstPartyHost;
- nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyURI,
+ nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyIsolationURI,
firstPartyHost);
NS_ENSURE_SUCCESS(rv, rv);
@@ -153,7 +153,7 @@ AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey)
}
nsresult
-CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+CreateScopeKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
nsACString& aKey)
{
nsCOMPtr<nsIURI> uri;
@@ -231,11 +231,11 @@ CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
// Isolate scope keys to the URL bar domain by appending &firstPartyHost
// if available.
- return AppendFirstPartyToKey(aFirstPartyURI, aKey);
+ return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey);
}
nsresult
-CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+CreateQuotaDBKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
nsACString& aKey)
{
nsresult rv;
@@ -286,7 +286,7 @@ CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
// Isolate scope keys to the URL bar domain by appending &firstPartyHost
// if available.
- return AppendFirstPartyToKey(aFirstPartyURI, aKey);
+ return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey);
}
} // anon
@@ -304,14 +304,14 @@ DOMStorageManager::GetCache(const nsACString& aScope) const
already_AddRefed<DOMStorageCache>
DOMStorageManager::PutCache(const nsACString& aScope,
- nsIURI* aFirstPartyURI,
+ nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal)
{
DOMStorageCacheHashKey* entry = mCaches.PutEntry(aScope);
nsRefPtr<DOMStorageCache> cache = entry->cache();
nsAutoCString quotaScope;
- CreateQuotaDBKey(aFirstPartyURI, aPrincipal, quotaScope);
+ CreateQuotaDBKey(aFirstPartyIsolationURI, aPrincipal, quotaScope);
// To avoid ever persisting session storage to disk, initialize LocalStorage
// like SessionStorage.
@@ -320,7 +320,7 @@ DOMStorageManager::PutCache(const nsACString& aScope,
case LocalStorage:
// Lifetime handled by the manager, don't persist
entry->HardRef();
- cache->Init(nullptr, false, aFirstPartyURI, aPrincipal, quotaScope);
+ cache->Init(nullptr, false, aFirstPartyIsolationURI, aPrincipal, quotaScope);
break;
default:
@@ -342,7 +342,7 @@ DOMStorageManager::DropCache(DOMStorageCache* aCache)
nsresult
DOMStorageManager::GetStorageInternal(bool aCreate,
- nsIURI* aFirstPartyURI,
+ nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
const nsAString& aDocumentURI,
bool aPrivate,
@@ -351,7 +351,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate,
nsresult rv;
nsAutoCString scope;
- rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope);
+ rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope);
if (NS_FAILED(rv)) {
return NS_ERROR_NOT_AVAILABLE;
}
@@ -382,7 +382,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate,
// There is always a single instance of a cache per scope
// in a single instance of a DOM storage manager.
- cache = PutCache(scope, aFirstPartyURI, aPrincipal);
+ cache = PutCache(scope, aFirstPartyIsolationURI, aPrincipal);
} else if (mType == SessionStorage) {
if (!cache->CheckPrincipal(aPrincipal)) {
return NS_ERROR_DOM_SECURITY_ERR;
@@ -405,10 +405,10 @@ DOMStorageManager::PrecacheStorage(nsIPrincipal* aPrincipal)
}
NS_IMETHODIMP
-DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal)
{
- return GetStorageInternal(true, aFirstPartyURI, aPrincipal, EmptyString(),
+ return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, EmptyString(),
false, nullptr);
}
@@ -423,13 +423,13 @@ DOMStorageManager::CreateStorage(nsIPrincipal* aPrincipal,
}
NS_IMETHODIMP
-DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
const nsAString& aDocumentURI,
bool aPrivate,
nsIDOMStorage** aRetval)
{
- return GetStorageInternal(true, aFirstPartyURI, aPrincipal, aDocumentURI,
+ return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, aDocumentURI,
aPrivate, aRetval);
}
@@ -443,12 +443,12 @@ DOMStorageManager::GetStorage(nsIPrincipal* aPrincipal,
}
NS_IMETHODIMP
-DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
bool aPrivate,
nsIDOMStorage** aRetval)
{
- return GetStorageInternal(false, aFirstPartyURI, aPrincipal,
+ return GetStorageInternal(false, aFirstPartyIsolationURI, aPrincipal,
EmptyString(), aPrivate, aRetval);
}
@@ -476,7 +476,7 @@ DOMStorageManager::CloneStorage(nsIDOMStorage* aStorage)
// Since this manager is sessionStorage manager, PutCache hard references
// the cache in our hashtable.
nsRefPtr<DOMStorageCache> newCache = PutCache(origCache->Scope(),
- origCache->FirstPartyURI(),
+ origCache->FirstPartyIsolationURI(),
origCache->Principal());
newCache->CloneFrom(origCache);
@@ -492,7 +492,7 @@ DOMStorageManager::CheckStorage(nsIPrincipal* aPrincipal,
}
NS_IMETHODIMP
-DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
nsIDOMStorage* aStorage,
bool* aRetval)
@@ -509,7 +509,7 @@ DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI,
}
nsAutoCString scope;
- nsresult rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope);
+ nsresult rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope);
NS_ENSURE_SUCCESS(rv, rv);
DOMStorageCache* cache = GetCache(scope);
diff --git a/dom/src/storage/DOMStorageManager.h b/dom/src/storage/DOMStorageManager.h
index 5e044b5..6ed9a70 100644
--- a/dom/src/storage/DOMStorageManager.h
+++ b/dom/src/storage/DOMStorageManager.h
@@ -74,12 +74,12 @@ private:
// Ensures cache for a scope, when it doesn't exist it is created and initalized,
// this also starts preload of persistent data.
already_AddRefed<DOMStorageCache> PutCache(const nsACString& aScope,
- nsIURI* aFirstPartyURI,
+ nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal);
// Helper for creation of DOM storage objects
nsresult GetStorageInternal(bool aCreate,
- nsIURI* aFirstPartyURI,
+ nsIURI* aFirstPartyIsolationURI,
nsIPrincipal* aPrincipal,
const nsAString& aDocumentURI,
bool aPrivate,
diff --git a/embedding/browser/webBrowser/nsContextMenuInfo.cpp b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
index 8cca3e3..092e619 100644
--- a/embedding/browser/webBrowser/nsContextMenuInfo.cpp
+++ b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
@@ -306,13 +306,13 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
nsRefPtr<imgLoader> il = imgLoader::GetInstance();
NS_ENSURE_TRUE(il, NS_ERROR_FAILURE);
- nsCOMPtr<nsIURI> firstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
= do_GetService(THIRDPARTYUTIL_CONTRACTID);
- thirdPartySvc->GetFirstPartyURI(nullptr, doc,
- getter_AddRefs(firstPartyURI));
+ thirdPartySvc->GetFirstPartyIsolationURI(nullptr, doc,
+ getter_AddRefs(firstPartyIsolationURI));
- return il->LoadImage(bgUri, firstPartyURI, nullptr, principal, nullptr,
+ return il->LoadImage(bgUri, firstPartyIsolationURI, nullptr, principal, nullptr,
nullptr, nullptr, nsIRequest::LOAD_NORMAL,
nullptr, channelPolicy, aRequest);
}
diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl
index c16a30a..e6e7727 100644
--- a/image/public/imgILoader.idl
+++ b/image/public/imgILoader.idl
@@ -38,7 +38,7 @@ interface imgILoader : nsISupports
/**
* Start the load and decode of an image.
* @param aURI the URI to load
- * @param aFirstPartyURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking
+ * @param aFirstPartyIsolationURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking
* @param aReferrerURI the 'referring' URI
* @param aLoadingPrincipal the principal of the loading document
* @param aLoadGroup Loadgroup to put the image load into
@@ -55,7 +55,7 @@ interface imgILoader : nsISupports
* goes away.
*/
imgIRequest loadImageXPCOM(in nsIURI aURI,
- in nsIURI aFirstPartyURI,
+ in nsIURI aFirstPartyIsolationURI,
in nsIURI aReferrerURI,
in nsIPrincipal aLoadingPrincipal,
in nsILoadGroup aLoadGroup,
diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp
index 7e20aba..60a6b6d 100644
--- a/image/src/imgLoader.cpp
+++ b/image/src/imgLoader.cpp
@@ -427,7 +427,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
// aLoadingPrincipal and false otherwise.
bool *aForcePrincipalCheckForCacheEntry,
nsIURI *aURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIURI *aReferringURI,
nsILoadGroup *aLoadGroup,
const nsCString& aAcceptHeader,
@@ -479,7 +479,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = do_QueryInterface(newHttpChannel);
NS_ENSURE_TRUE(httpChannelInternal, NS_ERROR_UNEXPECTED);
- httpChannelInternal->SetDocumentURI(aFirstPartyURI);
+ httpChannelInternal->SetDocumentURI(aFirstPartyIsolationURI);
newHttpChannel->SetReferrer(aReferringURI);
}
@@ -1107,7 +1107,7 @@ bool imgLoader::SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry)
return true;
}
-bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI)
+bool imgLoader::SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI)
{
VerifyCacheSizes();
@@ -1118,7 +1118,7 @@ bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI)
LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::SetHasProxies", "uri", spec.get());
- nsAutoCString key = GetCacheKey(firstPartyURI, imgURI, nullptr);
+ nsAutoCString key = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr);
nsRefPtr<imgCacheEntry> entry;
if (cache.Get(key, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) {
imgCacheQueue &queue = GetCacheQueue(imgURI);
@@ -1173,7 +1173,7 @@ void imgLoader::CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue)
bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
nsIURI *aURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIURI *aReferrerURI,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
@@ -1223,7 +1223,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
rv = NewImageChannel(getter_AddRefs(newChannel),
&forcePrincipalCheck,
aURI,
- aFirstPartyURI,
+ aFirstPartyIsolationURI,
aReferrerURI,
aLoadGroup,
mAcceptHeader,
@@ -1293,7 +1293,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
nsIURI *aURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIURI *aReferrerURI,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
@@ -1404,7 +1404,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
if (validateRequest && aCanMakeNewChannel) {
LOG_SCOPE(GetImgLog(), "imgLoader::ValidateRequest |cache hit| must validate");
- return ValidateRequestWithNewChannel(request, aURI, aFirstPartyURI,
+ return ValidateRequestWithNewChannel(request, aURI, aFirstPartyIsolationURI,
aReferrerURI, aLoadGroup, aObserver,
aCX, aLoadFlags, aProxyRequest, aPolicy,
aLoadingPrincipal, aCORSMode);
@@ -1475,12 +1475,12 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry)
nsRefPtr<imgRequest> request(getter_AddRefs(entry->GetRequest()));
if (request) {
nsCOMPtr<nsIURI> imgURI = request->mURI;
- nsCOMPtr<nsIURI> firstPartyURI = request->mFirstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI = request->mFirstPartyIsolationURI;
if (imgURI) {
imgCacheTable &cache = GetCache(imgURI);
imgCacheQueue &queue = GetCacheQueue(imgURI);
- nsAutoCString spec = GetCacheKey(firstPartyURI, imgURI, nullptr);
+ nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr);
LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::RemoveFromCache", "entry's uri", spec.get());
@@ -1576,7 +1576,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
/* imgIRequest loadImage (in nsIURI aURI, in nsIURI aUrlBarURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */
nsresult imgLoader::LoadImage(nsIURI *aURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIURI *aReferrerURI,
nsIPrincipal* aLoadingPrincipal,
nsILoadGroup *aLoadGroup,
@@ -1595,7 +1595,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
return NS_ERROR_NULL_POINTER;
bool isIsolated = false;
- nsAutoCString spec = GetCacheKey(aFirstPartyURI, aURI, &isIsolated);
+ nsAutoCString spec = GetCacheKey(aFirstPartyIsolationURI, aURI, &isIsolated);
LOG_SCOPE_WITH_PARAM(GetImgLog(), "imgLoader::LoadImage", "aURI", spec.get());
@@ -1662,7 +1662,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
imgCacheTable &cache = GetCache(aURI);
if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
- if (ValidateEntry(entry, aURI, aFirstPartyURI, aReferrerURI,
+ if (ValidateEntry(entry, aURI, aFirstPartyIsolationURI, aReferrerURI,
aLoadGroup, aObserver, aCX, requestFlags, true,
_retval, aPolicy, aLoadingPrincipal, corsmode)) {
request = getter_AddRefs(entry->GetRequest());
@@ -1701,7 +1701,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
rv = NewImageChannel(getter_AddRefs(newChannel),
&forcePrincipalCheck,
aURI,
- aFirstPartyURI,
+ aFirstPartyIsolationURI,
aReferrerURI,
aLoadGroup,
mAcceptHeader,
@@ -1729,7 +1729,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
childLoadGroup->SetParentLoadGroup(aLoadGroup);
newChannel->SetLoadGroup(loadGroup);
- request->Init(aURI, aURI, aFirstPartyURI, loadGroup, newChannel, entry,
+ request->Init(aURI, aURI, aFirstPartyIsolationURI, loadGroup, newChannel, entry,
aCX, aLoadingPrincipal, corsmode);
// Pass the inner window ID of the loading document, if possible.
@@ -1838,7 +1838,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
return NS_OK;
}
-nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI,
+nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI,
bool *isIsolated)
{
NS_ASSERTION(imgURI, "imgLoader::GetCacheKey -- NULL imgURI");
@@ -1850,37 +1850,21 @@ nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI,
imgURI->GetSpec(spec);
nsAutoCString hostKey;
- if (firstPartyURI && sThirdPartyUtilSvc)
- sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyURI, hostKey);
+ if (firstPartyIsolationURI && sThirdPartyUtilSvc)
+ sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyIsolationURI, hostKey);
if (hostKey.Length() > 0) {
if (isIsolated)
*isIsolated = true;
+ // Make a new key using host
+ // FIXME: This might involve a couple more copies than necessary..
+ // But man, 18 string types? Who knows which one I need to use to do
+ // this cheaply..
+ return hostKey + nsAutoCString("&") + spec;
} else {
- hostKey = "--NoFirstParty--";
- nsCOMPtr<nsIConsoleService> consoleSvc =
- do_GetService(NS_CONSOLESERVICE_CONTRACTID);
- if (consoleSvc) {
- nsAutoString msg(NS_LITERAL_STRING(
- "imgLoader::GetCacheKey: NULL firstPartyURI for ")
- .get());
- if (!spec.IsEmpty())
- msg.AppendASCII(spec.get());
- else
- msg.Append(NS_LITERAL_STRING("Unknown URI!").get());
- consoleSvc->LogStringMessage(msg.get());
- }
-
-#ifdef DEBUG
- printf("imgLoader::GetCacheKey: NULL firstPartyURI for %s\n", spec.get());
-#endif
+ // No hostKey found, so don't isolate image to a first party.
+ return spec;
}
-
- // Make a new key using host
- // FIXME: This might involve a couple more copies than necessary..
- // But man, 18 string types? Who knows which one I need to use to do
- // this cheaply..
- return hostKey + nsAutoCString("&") + spec;
}
/* imgIRequest loadImageWithChannelXPCOM(in nsIChannel channel, in imgINotificationObserver aObserver, in nsISupports cx, out nsIStreamListener); */
@@ -1911,16 +1895,16 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
nsCOMPtr<nsIURI> uri;
channel->GetURI(getter_AddRefs(uri));
- nsCOMPtr<nsIURI> firstPartyURI;
- sThirdPartyUtilSvc->GetFirstPartyURI(channel, nullptr,
- getter_AddRefs(firstPartyURI));
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
+ sThirdPartyUtilSvc->GetFirstPartyIsolationURI(channel, nullptr,
+ getter_AddRefs(firstPartyIsolationURI));
nsLoadFlags requestFlags = nsIRequest::LOAD_NORMAL;
channel->GetLoadFlags(&requestFlags);
nsRefPtr<imgCacheEntry> entry;
imgCacheTable &cache = GetCache(uri);
- nsAutoCString spec = GetCacheKey(firstPartyURI, uri, nullptr);
+ nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, uri, nullptr);
if (requestFlags & nsIRequest::LOAD_BYPASS_CACHE) {
imgCacheQueue &queue = GetCacheQueue(uri);
@@ -2001,7 +1985,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
channel->GetOriginalURI(getter_AddRefs(originalURI));
// No principal specified here, because we're not passed one.
- request->Init(originalURI, uri, firstPartyURI, channel, channel, entry,
+ request->Init(originalURI, uri, firstPartyIsolationURI, channel, channel, entry,
aCX, nullptr, imgIRequest::CORS_NONE);
ProxyListener *pl = new ProxyListener(static_cast<nsIStreamListener *>(request.get()));
@@ -2013,7 +1997,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
NS_RELEASE(pl);
bool isIsolated = false;
- nsAutoCString key = GetCacheKey(firstPartyURI, originalURI, &isIsolated);
+ nsAutoCString key = GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated);
if (isIsolated) // Try to add the new request into the cache.
PutIntoCache(key, entry);
@@ -2301,7 +2285,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
int32_t corsmode = mRequest->GetCORSMode();
nsCOMPtr<nsIPrincipal> loadingPrincipal = mRequest->GetLoadingPrincipal();
- nsCOMPtr<nsIURI> firstPartyURI = mRequest->mFirstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI = mRequest->mFirstPartyIsolationURI;
// Doom the old request's cache entry
mRequest->RemoveFromCache();
@@ -2312,7 +2296,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
// We use originalURI here to fulfil the imgIRequest contract on GetURI.
nsCOMPtr<nsIURI> originalURI;
channel->GetOriginalURI(getter_AddRefs(originalURI));
- mNewRequest->Init(originalURI, uri, firstPartyURI, aRequest, channel,
+ mNewRequest->Init(originalURI, uri, firstPartyIsolationURI, aRequest, channel,
mNewEntry, mContext, loadingPrincipal, corsmode);
mDestListener = new ProxyListener(mNewRequest);
@@ -2321,7 +2305,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
// the cache before the proxies' ownership changes, because adding a proxy
// changes the caching behaviour for imgRequests.
bool isIsolated = false;
- nsAutoCString key = mImgLoader->GetCacheKey(firstPartyURI, originalURI,
+ nsAutoCString key = mImgLoader->GetCacheKey(firstPartyIsolationURI, originalURI,
&isIsolated);
if (isIsolated)
mImgLoader->PutIntoCache(key, mNewEntry);
diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h
index 0ab4a5e..3a31ecd 100644
--- a/image/src/imgLoader.h
+++ b/image/src/imgLoader.h
@@ -267,7 +267,7 @@ public:
nsresult InitCache();
- nsAutoCString GetCacheKey(nsIURI *firstPartyURI,
+ nsAutoCString GetCacheKey(nsIURI *firstPartyIsolationURI,
nsIURI *imgURI,
bool *isIsolated);
bool RemoveFromCache(imgCacheEntry *entry);
@@ -312,12 +312,12 @@ public:
// happens, by calling imgRequest::SetCacheEntry() when an entry with no
// observers is re-requested.
bool SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry);
- bool SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI);
+ bool SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI);
private: // methods
bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI,
- nsIURI *aFirstPartyURI, nsIURI *aReferrerURI,
+ nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver, nsISupports *aCX,
nsLoadFlags aLoadFlags, bool aCanMakeNewChannel,
diff --git a/image/src/imgRequest.cpp b/image/src/imgRequest.cpp
index 9040679..5758d62 100644
--- a/image/src/imgRequest.cpp
+++ b/image/src/imgRequest.cpp
@@ -89,7 +89,7 @@ imgRequest::~imgRequest()
nsresult imgRequest::Init(nsIURI *aURI,
nsIURI *aCurrentURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIRequest *aRequest,
nsIChannel *aChannel,
imgCacheEntry *aCacheEntry,
@@ -109,7 +109,7 @@ nsresult imgRequest::Init(nsIURI *aURI,
mURI = aURI;
mCurrentURI = aCurrentURI;
- mFirstPartyURI = aFirstPartyURI;
+ mFirstPartyIsolationURI = aFirstPartyIsolationURI;
mRequest = aRequest;
mChannel = aChannel;
mTimedChannel = do_QueryInterface(mChannel);
@@ -171,7 +171,7 @@ void imgRequest::AddProxy(imgRequestProxy *proxy)
// proxies.
if (GetStatusTracker().ConsumerCount() == 0) {
NS_ABORT_IF_FALSE(mURI, "Trying to SetHasProxies without key uri.");
- mLoader->SetHasProxies(mFirstPartyURI, mURI);
+ mLoader->SetHasProxies(mFirstPartyIsolationURI, mURI);
}
GetStatusTracker().AddConsumer(proxy);
@@ -301,7 +301,7 @@ void imgRequest::RemoveFromCache()
else {
mLoader->RemoveKeyFromCache(mLoader->GetCache(mURI),
mLoader->GetCacheQueue(mURI),
- mLoader->GetCacheKey(mFirstPartyURI, mURI, nullptr));
+ mLoader->GetCacheKey(mFirstPartyIsolationURI, mURI, nullptr));
}
}
diff --git a/image/src/imgRequest.h b/image/src/imgRequest.h
index 240a33b..f80af17 100644
--- a/image/src/imgRequest.h
+++ b/image/src/imgRequest.h
@@ -51,7 +51,7 @@ public:
nsresult Init(nsIURI *aURI,
nsIURI *aCurrentURI,
- nsIURI *aFirstPartyURI,
+ nsIURI *aFirstPartyIsolationURI,
nsIRequest *aRequest,
nsIChannel *aChannel,
imgCacheEntry *aCacheEntry,
@@ -195,7 +195,7 @@ private:
// The URI of the resource we ended up loading after all redirects, etc.
nsCOMPtr<nsIURI> mCurrentURI;
// The first party that triggered the load -- for cookie + cache isolation
- nsCOMPtr<nsIURI> mFirstPartyURI;
+ nsCOMPtr<nsIURI> mFirstPartyIsolationURI;
// The principal of the document which loaded this image. Used when validating for CORS.
nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
// The principal of this image.
diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp
index 8f4bf25..6daa959 100644
--- a/layout/generic/nsImageFrame.cpp
+++ b/layout/generic/nsImageFrame.cpp
@@ -1810,26 +1810,26 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
// For icon loads, we don't need to merge with the loadgroup flags
nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL;
- nsCOMPtr<nsIURI> firstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
= do_GetService(THIRDPARTYUTIL_CONTRACTID);
// XXX: Should we pass the loadgroup, too? Is document ever likely
// to be unset?
- thirdPartySvc->GetFirstPartyURI(nullptr, aPresContext->Document(),
- getter_AddRefs(firstPartyURI));
+ thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aPresContext->Document(),
+ getter_AddRefs(firstPartyIsolationURI));
- return il->LoadImage(realURI, /* icon URI */
- firstPartyURI, /* initial document URI; this is only
- relevant for cookies, so does not
- apply to icons. */
- nullptr, /* referrer (not relevant for icons) */
- nullptr, /* principal (not relevant for icons) */
+ return il->LoadImage(realURI, /* icon URI */
+ firstPartyIsolationURI, /* initial document URI; this is only
+ relevant for cookies, so does not
+ apply to icons. */
+ nullptr, /* referrer (not relevant for icons) */
+ nullptr, /* principal (not relevant for icons) */
loadGroup,
gIconLoad,
- nullptr, /* Not associated with any particular document */
+ nullptr, /* Not associated with any particular document */
loadFlags,
nullptr,
- nullptr, /* channel policy not needed */
+ nullptr, /* channel policy not needed */
aRequest);
}
diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl
index 6137274..87fb630 100644
--- a/netwerk/base/public/mozIThirdPartyUtil.idl
+++ b/netwerk/base/public/mozIThirdPartyUtil.idl
@@ -165,6 +165,29 @@ interface mozIThirdPartyUtil : nsISupports
in nsIDocument aDoc);
/**
+ * getFirstPartyIsolationURI
+ *
+ * If first-party isolation is active, then
+ * obtains the top-level url bar URI for either a channel or a document.
+ * Otherwise returns null.
+ * Either parameter may be null (but not both).
+ *
+ * @param aChannel
+ * An arbitrary channel for some content element of a first party
+ * load. Can be null.
+ *
+ * @param aDoc
+ * An arbitrary third party document. Can be null.
+ *
+ * @return the first party url bar URI for the load.
+ *
+ * @throws if the URI cannot be obtained or the URI lacks a hostname and the
+ * URI's scheme is not white listed.
+ */
+ [noscript] nsIURI getFirstPartyIsolationURI(in nsIChannel aChannel,
+ in nsIDocument aDoc);
+
+ /**
* getFirstPartyURIFromChannel
*
* Obtain the top-level url bar URI for a channel.
diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm
index bd1f2f3..397239e 100644
--- a/widget/cocoa/nsMenuItemIconX.mm
+++ b/widget/cocoa/nsMenuItemIconX.mm
@@ -314,15 +314,15 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
[mNativeMenuItem setImage:sPlaceholderIconImage];
}
- nsCOMPtr<nsIURI> firstPartyURI;
+ nsCOMPtr<nsIURI> firstPartyIsolationURI;
nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
= do_GetService(THIRDPARTYUTIL_CONTRACTID);
- thirdPartySvc->GetFirstPartyURI(nullptr, document,
- getter_AddRefs(firstPartyURI));
+ thirdPartySvc->GetFirstPartyIsolationURI(nullptr, document,
+ getter_AddRefs(firstPartyIsolationURI));
// Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is
// not exposed to web content
- nsresult rv = loader->LoadImage(aIconURI, firstPartyURI, nullptr, nullptr, loadGroup, this,
+ nsresult rv = loader->LoadImage(aIconURI, firstPartyIsolationURI, nullptr, nullptr, loadGroup, this,
nullptr, nsIRequest::LOAD_NORMAL, nullptr,
nullptr, getter_AddRefs(mIconRequest));
if (NS_FAILED(rv)) return rv;
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits