From 3920907ee45065265aa4217321051983be73ad6d Mon Sep 17 00:00:00 2001 From: Cameron Kaiser Date: Thu, 27 Sep 2018 11:01:54 -0700 Subject: [PATCH] #525: data URL opaque origins M1324406 M1381728 --- dom/base/nsObjectLoadingContent.cpp | 11 +++++++++-- modules/libpref/init/all.js | 7 +++++++ netwerk/base/nsIOService.cpp | 15 +++++++++++++-- netwerk/base/nsIOService.h | 5 ++++- netwerk/protocol/data/nsDataHandler.cpp | 9 ++++++++- 5 files changed, 41 insertions(+), 6 deletions(-) diff --git a/dom/base/nsObjectLoadingContent.cpp b/dom/base/nsObjectLoadingContent.cpp index 7ce67652c..168baaab6 100644 --- a/dom/base/nsObjectLoadingContent.cpp +++ b/dom/base/nsObjectLoadingContent.cpp @@ -22,6 +22,7 @@ #include "nsIExternalProtocolHandler.h" #include "nsIInterfaceRequestorUtils.h" #include "nsIObjectFrame.h" +#include "nsIOService.h" #include "nsIPermissionManager.h" #include "nsPluginHost.h" #include "nsPluginInstanceOwner.h" @@ -2524,8 +2525,14 @@ nsObjectLoadingContent::OpenChannel() mURI, true, // aInheritForAboutBlank false); // aForceInherit - nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL; - if (inherit) { + nsSecurityFlags securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL; + + bool isData; + bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() && + NS_SUCCEEDED(mURI->SchemeIs("data", &isData)) && + isData; + + if (inherit && !isURIUniqueOrigin) { securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL; } if (isSandBoxed) { diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index ccfd41464..be4973dbf 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2003,6 +2003,13 @@ pref("security.cert_pinning.enforcement_level", 0); // for tests. pref("security.cert_pinning.process_headers_from_non_builtin_roots", false); +// Bug 1324406: Treat 'data:' documents as unique, opaque origins +// If true, data: URIs will be treated as unique opaque origins, hence will use +// a NullPrincipal as the security context. +// Otherwise it will inherit the origin from parent node, this is the legacy +// behavior of Firefox. +pref("security.data_uri.unique_opaque_origin", true); + // Modifier key prefs: default to Windows settings, // menu access key = alt, accelerator key = control. // Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index 7471da769..1de6b14f8 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -166,7 +166,9 @@ static const char kNetworkActiveChanged[] = "network-active-changed"; uint32_t nsIOService::gDefaultSegmentSize = 4096; uint32_t nsIOService::gDefaultSegmentCount = 24; -bool nsIOService::sTelemetryEnabled = false; +bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false; + +//bool nsIOService::sTelemetryEnabled = false; NS_IMPL_ISUPPORTS(nsAppOfflineInfo, nsIAppOfflineInfo) @@ -250,7 +252,8 @@ nsIOService::Init() else NS_WARNING("failed to get observer service"); - Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false); + //Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false); + Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin, "security.data_uri.unique_opaque_origin", true); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -715,6 +718,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI, if (NS_FAILED(rv)) return rv; +#if(0) if (sTelemetryEnabled) { nsAutoCString path; aURI->GetPath(path); @@ -736,6 +740,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI, Telemetry::Accumulate(Telemetry::URL_PATH_CONTAINS_EXCLAMATION_DOUBLE_SLASH, hasBangDoubleSlash); } +#endif nsCOMPtr handler; rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler)); @@ -2066,3 +2071,9 @@ nsIOService::IsAppOffline(uint32_t aAppId, bool* aResult) return NS_OK; } + +/*static*/ bool +nsIOService::IsDataURIUniqueOpaqueOrigin() +{ + return sIsDataURIUniqueOpaqueOrigin; +} diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index e948ffdfb..60d978ec4 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -87,6 +87,8 @@ public: bool IsShutdown() { return mShutdown; } bool IsLinkUp(); + static bool IsDataURIUniqueOpaqueOrigin(); + // Should only be called from NeckoChild. Use SetAppOffline instead. void SetAppOfflineInternal(uint32_t appId, int32_t status); @@ -174,7 +176,8 @@ private: // that is used especially in IsAppOffline nsDataHashtable mAppsOfflineStatus; - static bool sTelemetryEnabled; + //static bool sTelemetryEnabled; + static bool sIsDataURIUniqueOpaqueOrigin; // These timestamps are needed for collecting telemetry on PR_Connect, // PR_ConnectContinue and PR_Close blocking time. If we spend very long diff --git a/netwerk/protocol/data/nsDataHandler.cpp b/netwerk/protocol/data/nsDataHandler.cpp index 91cbff091..480580aaf 100644 --- a/netwerk/protocol/data/nsDataHandler.cpp +++ b/netwerk/protocol/data/nsDataHandler.cpp @@ -55,9 +55,16 @@ nsDataHandler::GetDefaultPort(int32_t *result) { NS_IMETHODIMP nsDataHandler::GetProtocolFlags(uint32_t *result) { - *result = URI_NORELATIVE | URI_NOAUTH | URI_INHERITS_SECURITY_CONTEXT | + *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE | URI_SYNC_LOAD_IS_OK; + + // From bug 1324406: + // data: URIs inherit the security context. + if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) { + *result |= URI_INHERITS_SECURITY_CONTEXT; + } + return NS_OK; }