Bug 1409226 - When opening a link into a new private window, remove Referer. draft
authorLuke Crouch <lcrouch@mozilla.com>
Tue, 17 Oct 2017 18:07:58 -0500
changeset 685567 a8e1d9fd524f04c8c186598acf11c59a54d5bfc3
parent 681681 7b75416fb54c6733b7403e340457007658c42c14
child 737187 b1b09747cbf28a2b18d81fe768d0ef601f2e5505
push id85974
push userbmo:lcrouch@mozilla.com
push dateTue, 24 Oct 2017 21:01:45 +0000
bugs1409226
milestone58.0a1
Bug 1409226 - When opening a link into a new private window, remove Referer. Always set aNoReferrer = true in openLinkIn when where == 'window' and aIsPrivate MozReview-Commit-ID: 7szUyO6w6d4
browser/base/content/test/referrer/browser_referrer_open_link_in_container_tab3.js
browser/base/content/test/referrer/browser_referrer_open_link_in_private.js
browser/base/content/test/referrer/head.js
browser/base/content/utilityOverlay.js
--- a/browser/base/content/test/referrer/browser_referrer_open_link_in_container_tab3.js
+++ b/browser/base/content/test/referrer/browser_referrer_open_link_in_container_tab3.js
@@ -1,23 +1,15 @@
 // Tests referrer on context menu navigation - open link in new container tab.
 // Selects "open link in new container tab" from the context menu.
 
 // The test runs from a container ID 2.
 // Output: we have no referrer.
 
-function getReferrerTest(aTestNumber) {
-  let testCase = _referrerTests[aTestNumber];
-  if (testCase) {
-    // We want all the referrer tests to fail!
-    testCase.result = "";
-  }
-
-  return testCase;
-}
+getReferrerTest = getRemovedReferrerTest;
 
 function startNewTabTestCase(aTestNumber) {
   info("browser_referrer_open_link_in_container_tab: " +
        getReferrerTestDescription(aTestNumber));
   contextMenuOpened(gTestWindow, "testlink").then(function(aContextMenu) {
     someTabLoaded(gTestWindow).then(function(aNewTab) {
       gTestWindow.gBrowser.selectedTab = aNewTab;
 
--- a/browser/base/content/test/referrer/browser_referrer_open_link_in_private.js
+++ b/browser/base/content/test/referrer/browser_referrer_open_link_in_private.js
@@ -1,11 +1,16 @@
 // Tests referrer on context menu navigation - open link in new private window.
 // Selects "open link in new private window" from the context menu.
 
+// The test runs from a regular browsing window.
+// Output: we have no referrer.
+
+getReferrerTest = getRemovedReferrerTest;
+
 function startNewPrivateWindowTestCase(aTestNumber) {
   info("browser_referrer_open_link_in_private: " +
        getReferrerTestDescription(aTestNumber));
   contextMenuOpened(gTestWindow, "testlink").then(function(aContextMenu) {
     newWindowOpened().then(function(aNewWindow) {
       BrowserTestUtils.firstBrowserLoaded(aNewWindow, false).then(function() {
         checkReferrerAndStartNextTest(aTestNumber, aNewWindow, null,
                                       startNewPrivateWindowTestCase);
--- a/browser/base/content/test/referrer/head.js
+++ b/browser/base/content/test/referrer/head.js
@@ -73,16 +73,33 @@ var _referrerTests = [
  * @param aTestNumber The test number - 0, 1, 2, ...
  * @return The test object, or undefined if the number is out of range.
  */
 function getReferrerTest(aTestNumber) {
   return _referrerTests[aTestNumber];
 }
 
 /**
+ * Returns shimmed test object for a given test number.
+ *
+ * @param aTestNumber The test number - 0, 1, 2, ...
+ * @return The test object with result hard-coded to "",
+ *          or undefined if the number is out of range.
+ */
+function getRemovedReferrerTest(aTestNumber) {
+  let testCase = _referrerTests[aTestNumber];
+  if (testCase) {
+    // We want all the referrer tests to fail!
+    testCase.result = "";
+  }
+
+  return testCase;
+}
+
+/**
  * Returns a brief summary of the test, for logging.
  * @param aTestNumber The test number - 0, 1, 2...
  * @return The test description.
  */
 function getReferrerTestDescription(aTestNumber) {
   let test = getReferrerTest(aTestNumber);
   return "policy=[" + test.policy + "] " +
          "rel=[" + test.rel + "] " +
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -283,16 +283,24 @@ function openLinkIn(url, where, params) 
       return Services.scriptSecurityManager.createCodebasePrincipal(principal.URI, attrs);
     }
     return principal;
   }
   aPrincipal = useOAForPrincipal(aPrincipal);
   aTriggeringPrincipal = useOAForPrincipal(aTriggeringPrincipal);
 
   if (!w || where == "window") {
+    let features = "chrome,dialog=no,all";
+    if (aIsPrivate) {
+      features += ",private";
+      // To prevent regular browsing data from leaking to private browsing sites,
+      // strip the referrer when opening a new private window. (See Bug: 1409226)
+      aNoReferrer = true;
+    }
+
     // This propagates to window.arguments.
     var sa = Cc["@mozilla.org/array;1"].
              createInstance(Ci.nsIMutableArray);
 
     var wuri = Cc["@mozilla.org/supports-string;1"].
                createInstance(Ci.nsISupportsString);
     wuri.data = url;
 
@@ -327,21 +335,16 @@ function openLinkIn(url, where, params) 
     sa.appendElement(referrerURISupports);
     sa.appendElement(aPostData);
     sa.appendElement(allowThirdPartyFixupSupports);
     sa.appendElement(referrerPolicySupports);
     sa.appendElement(userContextIdSupports);
     sa.appendElement(aPrincipal);
     sa.appendElement(aTriggeringPrincipal);
 
-    let features = "chrome,dialog=no,all";
-    if (aIsPrivate) {
-      features += ",private";
-    }
-
     const sourceWindow = (w || window);
     let win;
     if (params.frameOuterWindowID != undefined && sourceWindow) {
       // Only notify it as a WebExtensions' webNavigation.onCreatedNavigationTarget
       // event if it contains the expected frameOuterWindowID params.
       // (e.g. we should not notify it as a onCreatedNavigationTarget if the user is
       // opening a new window using the keyboard shortcut).
       const sourceTabBrowser = sourceWindow.gBrowser.selectedBrowser;