--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -7,17 +7,16 @@
#include "nsGlobalWindow.h"
#include <algorithm>
#include "mozilla/MemoryReporting.h"
// Local Includes
#include "Navigator.h"
-#include "nsContentSecurityManager.h"
#include "nsScreen.h"
#include "nsHistory.h"
#include "nsPerformance.h"
#include "nsDOMNavigationTiming.h"
#include "nsIDOMStorageManager.h"
#include "mozilla/dom/DOMStorage.h"
#include "mozilla/dom/StorageEvent.h"
#include "mozilla/dom/StorageEventBinding.h"
@@ -1175,17 +1174,16 @@ nsGlobalWindow::nsGlobalWindow(nsGlobalW
mAddActiveEventFuzzTime(true),
mIsFrozen(false),
mFullScreen(false),
mFullscreenMode(false),
mIsClosed(false),
mInClose(false),
mHavePendingClose(false),
mHadOriginalOpener(false),
- mOriginalOpenerWasSecureContext(false),
mIsPopupSpam(false),
mBlockScriptedClosingFlag(false),
mWasOffline(false),
mHasHadSlowScript(false),
mNotifyIdleObserversIdleOnThaw(false),
mNotifyIdleObserversActiveOnThaw(false),
mCreatingInnerWindow(false),
mIsChrome(false),
@@ -2340,186 +2338,26 @@ InitializeLegacyNetscapeObject(JSContext
/* Define PrivilegeManager object with the necessary "static" methods. */
obj = JS_DefineObject(aCx, obj, "PrivilegeManager", nullptr);
NS_ENSURE_TRUE(obj, false);
return JS_DefineFunctions(aCx, obj, EnablePrivilegeSpec);
}
/**
- * Returns true if the "HTTPS state" of the document should be "modern". See:
- *
- * https://html.spec.whatwg.org/#concept-document-https-state
- * https://fetch.spec.whatwg.org/#concept-response-https-state
- *
- * Note: this function only relates to figuring out HTTPS state, which is an
- * input to the Secure Context algorithm. We are not actually implementing any
- * part of the Secure Context algorithm itself here.
- *
- * This is a bit of a hack. Ideally we'd propagate HTTPS state through
- * nsIChannel as described in the Fetch and HTML specs, but making channels
- * know about whether they should inherit HTTPS state, propagating information
- * about who the channel's "client" is, exposing GetHttpsState API on channels
- * and modifying the various cache implementations to store and retrieve HTTPS
- * state involves a huge amount of code (see bug 1220687). We avoid that for
- * now using this function.
- *
- * This function takes advantage of the observation that we can return true if
- * nsIContentSecurityManager::IsOriginPotentiallyTrustworthy returns true for
- * the document's origin (e.g. the origin has a scheme of 'https' or host
- * 'localhost' etc.). Since we generally propagate a creator document's origin
- * onto data:, blob:, etc. documents, this works for them too.
- *
- * The scenario where this observation breaks down is sandboxing without the
- * 'allow-same-origin' flag, since in this case a document is given a unique
- * origin (IsOriginPotentiallyTrustworthy would return false). We handle that
- * by using the origin that the document would have had had it not been
- * sandboxed.
- *
- * DEFICIENCIES: Note that this function uses nsIScriptSecurityManager's
- * getChannelResultPrincipalIfNotSandboxed, and that method's ignoring of
- * sandboxing is limited to the immediate sandbox. In the case that aDocument
- * should inherit its origin (e.g. data: URI) but its parent has ended up
- * with a unique origin due to sandboxing further up the parent chain we may
- * end up returning false when we would ideally return true (since we will
- * examine the parent's origin for 'https' and not finding it.) This means
- * that we may restrict the privileges of some pages unnecessarily in this
- * edge case.
- */
-static bool HttpsStateIsModern(nsIDocument* aDocument)
-{
- nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal();
-
- // If aDocument is sandboxed, try and get the principal that it would have
- // been given had it not been sandboxed:
- if (principal->GetIsNullPrincipal() &&
- (aDocument->GetSandboxFlags() & SANDBOXED_ORIGIN)) {
- nsIChannel* channel = aDocument->GetChannel();
- if (channel) {
- nsCOMPtr<nsIScriptSecurityManager> ssm =
- nsContentUtils::GetSecurityManager();
- nsresult rv =
- ssm->GetChannelResultPrincipalIfNotSandboxed(channel,
- getter_AddRefs(principal));
- if (NS_FAILED(rv)) {
- return false;
- }
- }
- }
-
- if (principal->GetIsNullPrincipal()) {
- return false;
- }
-
- MOZ_ASSERT(principal->GetIsCodebasePrincipal());
-
- nsCOMPtr<nsIContentSecurityManager> csm =
- do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
- NS_WARN_IF(!csm);
- if (csm) {
- bool isTrustworthyOrigin = false;
- csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
- if (isTrustworthyOrigin) {
- return true;
- }
- }
-
- return false;
-}
-
-bool
-nsGlobalWindow::ComputeIsSecureContext(nsIDocument* aDocument)
-{
- MOZ_ASSERT(IsOuterWindow());
-
- nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal();
- if (nsContentUtils::IsSystemPrincipal(principal)) {
- return true;
- }
-
- // Implement https://w3c.github.io/webappsec-secure-contexts/#settings-object
-
- bool hadNonSecureContextCreator = false;
-
- nsPIDOMWindowOuter* parentOuterWin = GetScriptableParent();
- MOZ_ASSERT(parentOuterWin, "How can we get here? No docShell somehow?");
- if (nsGlobalWindow::Cast(parentOuterWin) != this) {
- // There may be a small chance that parentOuterWin has navigated in
- // the time that it took us to start loading this sub-document. If that
- // were the case then parentOuterWin->GetCurrentInnerWindow() wouldn't
- // return the window for the document that is embedding us. For this
- // reason we only use the GetScriptableParent call above to check that we
- // have a same-type parent, but actually get the inner window via the
- // document that we know is embedding us.
- nsIDocument* creatorDoc = aDocument->GetParentDocument();
- if (!creatorDoc) {
- return false; // we must be tearing down
- }
- nsGlobalWindow* parentWin =
- nsGlobalWindow::Cast(creatorDoc->GetInnerWindow());
- if (!parentWin) {
- return false; // we must be tearing down
- }
- MOZ_ASSERT(parentWin ==
- nsGlobalWindow::Cast(parentOuterWin->GetCurrentInnerWindow()),
- "Creator window mismatch while setting Secure Context state");
- hadNonSecureContextCreator = !parentWin->IsSecureContext();
- } else if (mHadOriginalOpener) {
- hadNonSecureContextCreator = !mOriginalOpenerWasSecureContext;
- }
-
- if (hadNonSecureContextCreator) {
- return false;
- }
-
- if (HttpsStateIsModern(aDocument)) {
- return true;
- }
-
- if (principal->GetIsNullPrincipal()) {
- nsCOMPtr<nsIURI> uri = aDocument->GetOriginalURI();
- // IsOriginPotentiallyTrustworthy doesn't care about origin attributes so
- // it doesn't actually matter what we use here, but reusing the document
- // principal's attributes is convenient.
- const PrincipalOriginAttributes& attrs =
- BasePrincipal::Cast(principal)->OriginAttributesRef();
- // CreateCodebasePrincipal correctly gets a useful principal for blob: and
- // other URI_INHERITS_SECURITY_CONTEXT URIs.
- principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
- if (NS_WARN_IF(!principal)) {
- return false;
- }
- }
-
- nsCOMPtr<nsIContentSecurityManager> csm =
- do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
- NS_WARN_IF(!csm);
- if (csm) {
- bool isTrustworthyOrigin = false;
- csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
- if (isTrustworthyOrigin) {
- return true;
- }
- }
-
- return false;
-}
-
-/**
* Create a new global object that will be used for an inner window.
* Return the native global and an nsISupports 'holder' that can be used
* to manage the lifetime of it.
*/
static nsresult
CreateNativeGlobalForInner(JSContext* aCx,
nsGlobalWindow* aNewInner,
nsIURI* aURI,
nsIPrincipal* aPrincipal,
- JS::MutableHandle<JSObject*> aGlobal,
- bool aIsSecureContext)
+ JS::MutableHandle<JSObject*> aGlobal)
{
MOZ_ASSERT(aCx);
MOZ_ASSERT(aNewInner);
MOZ_ASSERT(aNewInner->IsInnerWindow());
MOZ_ASSERT(aPrincipal);
// DOMWindow with nsEP is not supported, we have to make sure
// no one creates one accidentally.
@@ -2539,18 +2377,16 @@ CreateNativeGlobalForInner(JSContext* aC
if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
options.creationOptions().setAddonId(MapURIToAddonID(aURI));
}
if (top && top->GetGlobalJSObject()) {
options.creationOptions().setSameZoneAs(top->GetGlobalJSObject());
}
- options.creationOptions().setSecureContext(aIsSecureContext);
-
xpc::InitGlobalObjectOptions(options, aPrincipal);
// Determine if we need the Components object.
bool needComponents = nsContentUtils::IsSystemPrincipal(aPrincipal) ||
TreatAsRemoteXUL(aPrincipal);
uint32_t flags = needComponents ? 0 : nsIXPConnect::OMIT_COMPONENTS_OBJECT;
flags |= nsIXPConnect::DONT_FIRE_ONNEWGLOBALHOOK;
@@ -2759,18 +2595,17 @@ nsGlobalWindow::SetNewDocument(nsIDocume
Freeze();
mCreatingInnerWindow = true;
// Every script context we are initialized with must create a
// new global.
rv = CreateNativeGlobalForInner(cx, newInnerWindow,
aDocument->GetDocumentURI(),
aDocument->NodePrincipal(),
- &newInnerGlobal,
- ComputeIsSecureContext(aDocument));
+ &newInnerGlobal);
NS_ASSERTION(NS_SUCCEEDED(rv) && newInnerGlobal &&
newInnerWindow->GetWrapperPreserveColor() == newInnerGlobal,
"Failed to get script global");
mCreatingInnerWindow = false;
createdInnerWindow = true;
Thaw();
@@ -3201,21 +3036,17 @@ nsGlobalWindow::SetOpenerWindow(nsPIDOMW
"SetOpenerWindow!");
NS_ASSERTION(aOpener || !aOriginalOpener,
"Shouldn't set mHadOriginalOpener if aOpener is null");
mOpener = do_GetWeakReference(aOpener);
NS_ASSERTION(mOpener || !aOpener, "Opener must support weak references!");
if (aOriginalOpener) {
- MOZ_ASSERT(!mHadOriginalOpener,
- "Probably too late to call ComputeIsSecureContext again");
mHadOriginalOpener = true;
- mOriginalOpenerWasSecureContext =
- nsGlobalWindow::Cast(aOpener->GetCurrentInnerWindow())->IsSecureContext();
}
#ifdef DEBUG
mSetOpenerWindowCalled = true;
#endif
}
static
@@ -14036,24 +13867,16 @@ nsGlobalWindow::GetConsole(ErrorResult&
if (NS_WARN_IF(aRv.Failed())) {
return nullptr;
}
}
return mConsole;
}
-bool
-nsGlobalWindow::IsSecureContext() const
-{
- MOZ_RELEASE_ASSERT(IsInnerWindow());
-
- return JS_GetIsSecureContext(js::GetObjectCompartment(GetWrapperPreserveColor()));
-}
-
already_AddRefed<External>
nsGlobalWindow::GetExternal(ErrorResult& aRv)
{
MOZ_RELEASE_ASSERT(IsInnerWindow());
#ifdef HAVE_SIDEBAR
if (!mExternal) {
AutoJSContext cx;
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -919,19 +919,16 @@ public:
already_AddRefed<nsIDOMOfflineResourceList> GetApplicationCache() override;
#if defined(MOZ_WIDGET_ANDROID) || defined(MOZ_WIDGET_GONK)
int16_t Orientation() const;
#endif
mozilla::dom::Console* GetConsole(mozilla::ErrorResult& aRv);
- // https://w3c.github.io/webappsec-secure-contexts/#dom-window-issecurecontext
- bool IsSecureContext() const;
-
void GetSidebar(mozilla::dom::OwningExternalOrWindowProxy& aResult,
mozilla::ErrorResult& aRv);
already_AddRefed<mozilla::dom::External> GetExternal(mozilla::ErrorResult& aRv);
// Exposed only for testing
static bool
TokenizeDialogOptions(nsAString& aToken, nsAString::const_iterator& aIter,
nsAString::const_iterator aEnd);
@@ -1662,20 +1659,16 @@ protected:
void CheckForDPIChange();
private:
// Fire the JS engine's onNewGlobalObject hook. Only used on inner windows.
void FireOnNewGlobalObject();
void DisconnectEventTargetObjects();
- // Called only on outer windows to compute the value that will be returned by
- // IsSecureContext() for the inner window that corresponds to aDocument.
- bool ComputeIsSecureContext(nsIDocument* aDocument);
-
protected:
// This member is also used on both inner and outer windows, but
// for slightly different purposes. On inner windows it means the
// inner window is held onto by session history and should not
// change. On outer windows it means that the window is in a state
// where we don't want to force creation of a new inner window since
// we're in the middle of doing just that.
bool mIsFrozen : 1;
@@ -1686,17 +1679,16 @@ protected:
bool mFullscreenMode : 1;
bool mIsClosed : 1;
bool mInClose : 1;
// mHavePendingClose means we've got a termination function set to
// close us when the JS stops executing or that we have a close
// event posted. If this is set, just ignore window.close() calls.
bool mHavePendingClose : 1;
bool mHadOriginalOpener : 1;
- bool mOriginalOpenerWasSecureContext : 1;
bool mIsPopupSpam : 1;
// Indicates whether scripts are allowed to close this window.
bool mBlockScriptedClosingFlag : 1;
// Window offline status. Checked to see if we need to fire offline event
bool mWasOffline : 1;