Bug 1461407 - make about:home unlinkable again and improve behavior of serialized principals across changes to URLs, r=bz,Mardak,mikedeboer
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Mon, 14 May 2018 22:04:49 +0100
changeset 418597 7cef5b202339fb6b687fa921ccd438f17714d07d
parent 418596 f2b4d5d46f688da00717626a9fc887bed1dc79e9
child 418653 767a4e9688109d9b027acd7962d6b95fb07264f0
push id64110
push usergijskruitbosch@gmail.com
push dateThu, 17 May 2018 08:34:13 +0000
treeherderautoland@7cef5b202339 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, Mardak, mikedeboer
bugs1461407
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1461407 - make about:home unlinkable again and improve behavior of serialized principals across changes to URLs, r=bz,Mardak,mikedeboer Making about:home unlinkable changes its URL structure. Prior to this change, it is a nested URL. After this change, it no longer is. We store serialized versions of principals in some cases. These include details about whether the URI is nested etc. This is problematic for the about:home change because the change in nesting changes the origin of the page, so the origin would mismatch between the principal and its URL. To avoid this, we always re-create URIs for about: URIs when deserializing them from strings, ensuring we don't create bogus principals. MozReview-Commit-ID: 87zVUFgbusn
browser/components/about/AboutRedirector.cpp
caps/ContentPrincipal.cpp
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -79,17 +79,17 @@ static const RedirEntry kRedirMap[] = {
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   { "sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml",
     nsIAboutModule::ALLOW_SCRIPT |
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   { "welcomeback", "chrome://browser/content/aboutWelcomeBack.xhtml",
     nsIAboutModule::ALLOW_SCRIPT |
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   // Actual activity stream URL for home and newtab are set in channel creation
-  { "home", "about:blank", ACTIVITY_STREAM_FLAGS | nsIAboutModule::MAKE_LINKABLE }, // Bug 1438367 to try removing MAKE_LINKABLE again
+  { "home", "about:blank", ACTIVITY_STREAM_FLAGS },
   { "newtab", "about:blank", ACTIVITY_STREAM_FLAGS },
   { "welcome", "about:blank",
     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
     nsIAboutModule::ALLOW_SCRIPT },
   { "library", "chrome://browser/content/aboutLibrary.xhtml",
     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT },
--- a/caps/ContentPrincipal.cpp
+++ b/caps/ContentPrincipal.cpp
@@ -415,16 +415,24 @@ ContentPrincipal::Read(nsIObjectInputStr
   nsCOMPtr<nsISupports> supports;
   nsCOMPtr<nsIURI> codebase;
   nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   codebase = do_QueryInterface(supports);
+  // Enforce re-parsing about: URIs so that if they change, we continue to use
+  // their new principals correctly.
+  bool isAbout = false;
+  if (NS_SUCCEEDED(codebase->SchemeIs("about", &isAbout)) && isAbout) {
+    nsAutoCString spec;
+    codebase->GetSpec(spec);
+    NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(codebase), spec), NS_ERROR_FAILURE);
+  }
 
   nsCOMPtr<nsIURI> domain;
   rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   domain = do_QueryInterface(supports);