Bug 1238177 - Extension content needs to use the correct user context id origin attribute. r=bholley
☠☠ backed out by e86362173ca4 ☠ ☠
authorDave Huseby <dhuseby@mozilla.com>
Sat, 02 Apr 2016 13:14:00 -0400
changeset 291433 0519406b6e579b203a73f0d17aacff4cf67d5380
parent 291432 84f8d2e0106c2c0da2855042abdf197d308db709
child 291434 d20c3ae26cad071cd8bd798e8d6bc5a9c8972733
push id30134
push userryanvm@gmail.com
push dateMon, 04 Apr 2016 01:40:30 +0000
treeherdermozilla-central@cfd51e67b26e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1238177
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1238177 - Extension content needs to use the correct user context id origin attribute. r=bholley
caps/tests/unit/test_origin.js
dom/base/ChromeUtils.cpp
dom/base/ChromeUtils.h
dom/webidl/ChromeUtils.webidl
toolkit/components/extensions/ExtensionContent.jsm
--- a/caps/tests/unit/test_origin.js
+++ b/caps/tests/unit/test_origin.js
@@ -198,17 +198,17 @@ function run_test() {
   checkKind(ssm.getSystemPrincipal(), 'systemPrincipal');
 
   //
   // Test Origin Attribute Manipulation
   //
 
   // check that we can create an empty origin attributes dict with default
   // members and values.
-  emptyAttrs = ChromeUtils.createDefaultOriginAttributes();
+  emptyAttrs = ChromeUtils.fillNonDefaultOriginAttributes({});
   checkValues(emptyAttrs);
 
   var uri = "http://example.org";
   var tests = [
     [ "", {} ],
     [ "^appId=5", {appId: 5} ],
     [ "^userContextId=3", {userContextId: 3} ],
     [ "^addonId=fooBar", {addonId: "fooBar"} ],
@@ -221,17 +221,17 @@ function run_test() {
   tests.forEach(function(t) {
     let attrs = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
     checkValues(attrs, t[1]);
     do_check_eq(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
   });
 
   // check that we can create an origin attributes from a dict properly
   tests.forEach(function(t) {
-    let attrs = ChromeUtils.createOriginAttributesFromDict(t[1]);
+    let attrs = ChromeUtils.fillNonDefaultOriginAttributes(t[1]);
     checkValues(attrs, t[1]);
     do_check_eq(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
   });
 
   // each row in the set_tests array has these values:
   // [0] - the suffix used to create an origin attribute from
   // [1] - the expected result of creating an origin attribute from [0]
   // [2] - the pattern to set on the origin attributes
--- a/dom/base/ChromeUtils.cpp
+++ b/dom/base/ChromeUtils.cpp
@@ -66,39 +66,32 @@ ChromeUtils::OriginAttributesMatchPatter
                                           const dom::OriginAttributesPatternDictionary& aPattern)
 {
   GenericOriginAttributes attrs(aAttrs);
   OriginAttributesPattern pattern(aPattern);
   return pattern.Matches(attrs);
 }
 
 /* static */ void
-ChromeUtils::CreateDefaultOriginAttributes(dom::GlobalObject& aGlobal,
-                                      dom::OriginAttributesDictionary& aAttrs)
-{
-  aAttrs = GenericOriginAttributes();
-}
-
-/* static */ void
 ChromeUtils::CreateOriginAttributesFromOrigin(dom::GlobalObject& aGlobal,
                                        const nsAString& aOrigin,
                                        dom::OriginAttributesDictionary& aAttrs,
                                        ErrorResult& aRv)
 {
   GenericOriginAttributes attrs;
   nsAutoCString suffix;
   if (!attrs.PopulateFromOrigin(NS_ConvertUTF16toUTF8(aOrigin), suffix)) {
     aRv.Throw(NS_ERROR_FAILURE);
     return;
   }
   aAttrs = attrs;
 }
 
 /* static */ void
-ChromeUtils::CreateOriginAttributesFromDict(dom::GlobalObject& aGlobal,
+ChromeUtils::FillNonDefaultOriginAttributes(dom::GlobalObject& aGlobal,
                                  const dom::OriginAttributesDictionary& aAttrs,
                                  dom::OriginAttributesDictionary& aNewAttrs)
 {
   aNewAttrs = aAttrs;
 }
 
 
 /* static */ bool
--- a/dom/base/ChromeUtils.h
+++ b/dom/base/ChromeUtils.h
@@ -54,27 +54,23 @@ public:
                            nsCString& aSuffix);
 
   static bool
   OriginAttributesMatchPattern(dom::GlobalObject& aGlobal,
                                const dom::OriginAttributesDictionary& aAttrs,
                                const dom::OriginAttributesPatternDictionary& aPattern);
 
   static void
-  CreateDefaultOriginAttributes(dom::GlobalObject& aGlobal,
-                                dom::OriginAttributesDictionary& aAttrs);
-
-  static void
   CreateOriginAttributesFromOrigin(dom::GlobalObject& aGlobal,
                                    const nsAString& aOrigin,
                                    dom::OriginAttributesDictionary& aAttrs,
                                    ErrorResult& aRv);
 
   static void
-  CreateOriginAttributesFromDict(dom::GlobalObject& aGlobal,
+  FillNonDefaultOriginAttributes(dom::GlobalObject& aGlobal,
                                  const dom::OriginAttributesDictionary& aAttrs,
                                  dom::OriginAttributesDictionary& aNewAttrs);
 
   static bool
   IsOriginAttributesEqual(dom::GlobalObject& aGlobal,
                           const dom::OriginAttributesDictionary& aA,
                           const dom::OriginAttributesDictionary& aB);
 };
--- a/dom/webidl/ChromeUtils.webidl
+++ b/dom/webidl/ChromeUtils.webidl
@@ -25,26 +25,16 @@ interface ChromeUtils : ThreadSafeChrome
    * @param originAttrs       The originAttributes under consideration.
    * @param pattern           The pattern to use for matching.
    */
   static boolean
   originAttributesMatchPattern(optional OriginAttributesDictionary originAttrs,
                                optional OriginAttributesPatternDictionary pattern);
 
   /**
-   * Returns an OriginAttributesDictionary with all default attributes added
-   * and assigned default values.
-   *
-   * @returns                 An OriginAttributesDictionary populated with the
-   *                          default attributes added and assigned default values.
-   */
-  static OriginAttributesDictionary
-  createDefaultOriginAttributes();
-
-  /**
    * Returns an OriginAttributesDictionary with values from the |origin| suffix
    * and unspecified attributes added and assigned default values.
    *
    * @param origin            The origin URI to create from.
    * @returns                 An OriginAttributesDictionary with values from
    *                          the origin suffix and unspecified attributes
    *                          added and assigned default values.
    */
@@ -57,17 +47,17 @@ interface ChromeUtils : ThreadSafeChrome
    * unspecified attributes added and assigned default values.
    *
    * @param originAttrs       The origin attributes to copy.
    * @returns                 An OriginAttributesDictionary copy of |originAttrs|
    *                          with unspecified attributes added and assigned
    *                          default values.
    */
   static OriginAttributesDictionary
-  createOriginAttributesFromDict(optional OriginAttributesDictionary originAttrs);
+  fillNonDefaultOriginAttributes(optional OriginAttributesDictionary originAttrs);
 
   /**
    * Returns true if the 2 OriginAttributes are equal.
    */
   static boolean
   isOriginAttributesEqual(optional OriginAttributesDictionary aA,
                           optional OriginAttributesDictionary aB);
 };
--- a/toolkit/components/extensions/ExtensionContent.jsm
+++ b/toolkit/components/extensions/ExtensionContent.jsm
@@ -291,23 +291,28 @@ class ExtensionContext extends BaseConte
 
     let mm = getWindowMessageManager(contentWindow);
     this.messageManager = mm;
 
     let prin;
     let contentPrincipal = contentWindow.document.nodePrincipal;
     let ssm = Services.scriptSecurityManager;
 
-    let extensionPrincipal = ssm.createCodebasePrincipal(this.extension.baseURI, {addonId: extensionId});
+    // copy origin attributes from the content window origin attributes to
+    // preserve the user context id. overwrite the addonId.
+    let attrs = ChromeUtils.fillNonDefaultOriginAttributes(contentPrincipal.originAttributes);
+    attrs.addonId = extensionId;
+    let extensionPrincipal = ssm.createCodebasePrincipal(this.extension.baseURI, attrs);
     Object.defineProperty(this, "principal",
                           {value: extensionPrincipal, enumerable: true, configurable: true});
 
     if (ssm.isSystemPrincipal(contentPrincipal)) {
       // Make sure we don't hand out the system principal by accident.
-      prin = Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);
+      // also make sure that the null principal has the right origin attributes
+      prin = ssm.createNullPrincipal(attrs);
     } else {
       prin = [contentPrincipal, extensionPrincipal];
     }
 
     if (isExtensionPage) {
       if (ExtensionManagement.getAddonIdForWindow(this.contentWindow) != extensionId) {
         throw new Error("Invalid target window for this extension context");
       }