Bug 1021667 - Give Activity Stream URI_SAFE_FOR_UNTRUSTED_CONTENT draft
authorUrsula Sarracini
Thu, 27 Jul 2017 10:43:48 -0400
changeset 616809 56bae6dcd5df489eaac51031e8fe3d6a055baab1
parent 615105 07484bfdb96bc7297c404e377eea93f1d8ca4442
child 639603 b46f2799b8afa6b1831bd44521bf330ba91a22de
push id70821
push userusarracini@mozilla.com
push dateThu, 27 Jul 2017 14:44:04 +0000
bugs1021667
milestone56.0a1
Bug 1021667 - Give Activity Stream URI_SAFE_FOR_UNTRUSTED_CONTENT MozReview-Commit-ID: A7A2ThcpCeR
browser/components/about/AboutRedirector.cpp
browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -219,17 +219,18 @@ AboutRedirector::GetURIFlags(nsIURI *aUR
 
       // Once ActivityStream is fully rolled out and we've removed Tiles,
       // this special case can go away and the flag can just become part
       // of the normal about:newtab entry in kRedirMap.
       if (name.EqualsLiteral("newtab")) {
         if (sActivityStreamEnabled) {
           *result = redir.flags |
             nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
-            nsIAboutModule::ENABLE_INDEXED_DB;
+            nsIAboutModule::ENABLE_INDEXED_DB |
+            nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT;
           return NS_OK;
         }
       }
 
       *result = redir.flags;
       return NS_OK;
     }
   }
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
@@ -151,17 +151,19 @@ add_task(async function test_aboutURL() 
       let flags = am.getURIFlags(uri);
 
       // We load pages with URI_SAFE_FOR_UNTRUSTED_CONTENT set, this means they
       // are not loaded with System Principal but with codebase principal.
       // Also we skip pages with HIDE_FROM_ABOUTABOUT, some of them may have
       // errors while loading.
       if ((flags & Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT) &&
           !(flags & Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT) &&
-          networkURLs.indexOf(aboutType) == -1) {
+          networkURLs.indexOf(aboutType) == -1 &&
+          // Exclude about:newtab see Bug 1021667
+          aboutType !== "newtab") {
         aboutURLs.push(aboutType);
       }
     } catch (e) {
       // getService might have thrown if the component doesn't actually
       // implement nsIAboutModule
     }
   }