#525: data URL opaque origins M1324406 M1381728

2018-09-27 11:01:54 -07:00 · 2018-09-27 11:01:54 -07:00 · 3920907ee4
parent b95f6e9680
commit 3920907ee4
5 changed files with 41 additions and 6 deletions
--- a/dom/base/nsObjectLoadingContent.cpp
+++ b/dom/base/nsObjectLoadingContent.cpp
@ -22,6 +22,7 @@
 #include "nsIExternalProtocolHandler.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIObjectFrame.h"
+#include "nsIOService.h"
 #include "nsIPermissionManager.h"
 #include "nsPluginHost.h"
 #include "nsPluginInstanceOwner.h"
@ -2524,8 +2525,14 @@ nsObjectLoadingContent::OpenChannel()
                                                               mURI,
                                                               true,   // aInheritForAboutBlank
                                                               false); // aForceInherit
-  nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
-  if (inherit) {
+  nsSecurityFlags securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+
+  bool isData;
+  bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
+                           NS_SUCCEEDED(mURI->SchemeIs("data", &isData)) &&
+                           isData;
+
+  if (inherit && !isURIUniqueOrigin) {
    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
  }
  if (isSandBoxed) {
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -2003,6 +2003,13 @@ pref("security.cert_pinning.enforcement_level", 0);
 // for tests.
 pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);

+// Bug 1324406: Treat 'data:' documents as unique, opaque origins
+// If true, data: URIs will be treated as unique opaque origins, hence will use
+// a NullPrincipal as the security context.
+// Otherwise it will inherit the origin from parent node, this is the legacy
+// behavior of Firefox.
+pref("security.data_uri.unique_opaque_origin", true);
+
 // Modifier key prefs: default to Windows settings,
 // menu access key = alt, accelerator key = control.
 // Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -166,7 +166,9 @@ static const char kNetworkActiveChanged[] = "network-active-changed";
 uint32_t   nsIOService::gDefaultSegmentSize = 4096;
 uint32_t   nsIOService::gDefaultSegmentCount = 24;

-bool nsIOService::sTelemetryEnabled = false;
+bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false;
+
+//bool nsIOService::sTelemetryEnabled = false;

 NS_IMPL_ISUPPORTS(nsAppOfflineInfo, nsIAppOfflineInfo)

@ -250,7 +252,8 @@ nsIOService::Init()
    else
        NS_WARNING("failed to get observer service");

-    Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
+    //Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
+    Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin, "security.data_uri.unique_opaque_origin", true);
    Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);

    gIOService = this;
@ -715,6 +718,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
    if (NS_FAILED(rv))
        return rv;

+#if(0)
    if (sTelemetryEnabled) {
        nsAutoCString path;
        aURI->GetPath(path);
@ -736,6 +740,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
        Telemetry::Accumulate(Telemetry::URL_PATH_CONTAINS_EXCLAMATION_DOUBLE_SLASH,
                              hasBangDoubleSlash);
    }
+#endif

    nsCOMPtr<nsIProtocolHandler> handler;
    rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
@ -2066,3 +2071,9 @@ nsIOService::IsAppOffline(uint32_t aAppId, bool* aResult)

    return NS_OK;
 }
+
+/*static*/ bool
+nsIOService::IsDataURIUniqueOpaqueOrigin()
+{
+    return sIsDataURIUniqueOpaqueOrigin;
+}
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@ -87,6 +87,8 @@ public:
    bool IsShutdown() { return mShutdown; }
    bool IsLinkUp();

+    static bool IsDataURIUniqueOpaqueOrigin();
+
    // Should only be called from NeckoChild. Use SetAppOffline instead.
    void SetAppOfflineInternal(uint32_t appId, int32_t status);

@ -174,7 +176,8 @@ private:
    // that is used especially in IsAppOffline
    nsDataHashtable<nsUint32HashKey, int32_t> mAppsOfflineStatus;

-    static bool                          sTelemetryEnabled;
+    //static bool                          sTelemetryEnabled;
+    static bool                          sIsDataURIUniqueOpaqueOrigin;

    // These timestamps are needed for collecting telemetry on PR_Connect,
    // PR_ConnectContinue and PR_Close blocking time.  If we spend very long
--- a/netwerk/protocol/data/nsDataHandler.cpp
+++ b/netwerk/protocol/data/nsDataHandler.cpp
@ -55,9 +55,16 @@ nsDataHandler::GetDefaultPort(int32_t *result) {

 NS_IMETHODIMP
 nsDataHandler::GetProtocolFlags(uint32_t *result) {
-    *result = URI_NORELATIVE | URI_NOAUTH | URI_INHERITS_SECURITY_CONTEXT |
+    *result = URI_NORELATIVE | URI_NOAUTH |
        URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
        URI_SYNC_LOAD_IS_OK;
+
+    // From bug 1324406:
+    // data: URIs inherit the security context.
+    if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) {
+        *result |= URI_INHERITS_SECURITY_CONTEXT;
+    }
+
    return NS_OK;
 }