Bug 1454027 - Update SameSite cookie handling inside iframes.r=valentin
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Tue, 17 Apr 2018 18:25:59 +0200
changeset 414172 8c866545bc7cc179067045b3efc760db40fb945b
parent 414171 33d4420119d61139f2cb7ced1cd73ba72efe8cc2
child 414173 0e0dec87cddd04f4d6a3fb05e411ed7196d9d339
push id33861
push userccoroiu@mozilla.com
push dateWed, 18 Apr 2018 10:50:38 +0000
treeherdermozilla-central@4af4ae0aee55 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1454027
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1454027 - Update SameSite cookie handling inside iframes.r=valentin
netwerk/base/nsNetUtil.cpp
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -2155,38 +2155,50 @@ bool NS_IsSameSiteForeign(nsIChannel* aC
   }
 
   nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
     do_GetService(THIRDPARTYUTIL_CONTRACTID);
   if (!thirdPartyUtil) {
     return false;
   }
 
-  bool isForeign = false;
-  thirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
-
+  bool isForeign = true;
+  nsresult rv = thirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
   // if we are dealing with a cross origin request, we can return here
   // because we already know the request is 'foreign'.
-  if (isForeign) {
+  if (NS_FAILED(rv) || isForeign) {
     return true;
   }
 
+  // for loads of TYPE_SUBDOCUMENT we have to perform an additional test, because
+  // a cross-origin iframe might perform a navigation to a same-origin iframe which
+  // would send same-site cookies. Hence, if the iframe navigation was triggered
+  // by a cross-origin triggeringPrincipal, we treat the load as foreign.
+  if (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+    nsCOMPtr<nsIURI> triggeringPrincipalURI;
+    loadInfo->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringPrincipalURI));
+    rv = thirdPartyUtil->IsThirdPartyChannel(aChannel, triggeringPrincipalURI, &isForeign);
+    if (NS_FAILED(rv) || isForeign) {
+      return true;
+    }
+  }
+
   // for the purpose of same-site cookies we have to treat any cross-origin
   // redirects as foreign. E.g. cross-site to same-site redirect is a problem
   // with regards to CSRF.
 
   nsCOMPtr<nsIPrincipal> redirectPrincipal;
   nsCOMPtr<nsIURI> redirectURI;
   for (nsIRedirectHistoryEntry* entry : loadInfo->RedirectChain()) {
     entry->GetPrincipal(getter_AddRefs(redirectPrincipal));
     if (redirectPrincipal) {
       redirectPrincipal->GetURI(getter_AddRefs(redirectURI));
-      thirdPartyUtil->IsThirdPartyChannel(aChannel, redirectURI, &isForeign);
+      rv = thirdPartyUtil->IsThirdPartyChannel(aChannel, redirectURI, &isForeign);
       // if at any point we encounter a cross-origin redirect we can return.
-      if (isForeign) {
+      if (NS_FAILED(rv) || isForeign) {
         return true;
       }
     }
   }
   return isForeign;
 }
 
 bool