Bug 1319773 - Part 2: Add a pref 'privacy.firstparty.isolate.restrict_opener_access' which controls the access of window.opener for different first party domain. r?baku draft
authorTim Huang <tihuang@mozilla.com>
Mon, 23 Jan 2017 10:50:22 +0800
changeset 464879 f463a0db8bd48b1d8ac59500cdc8fcc1e97d6c95
parent 464878 6461bd26b4b5fef207aeda99568952d433ec1cbf
child 464880 ce61e5e68269503d31583c2c27f59e35049bd9c5
push id42468
push userbmo:tihuang@mozilla.com
push dateMon, 23 Jan 2017 07:30:07 +0000
reviewersbaku
bugs1319773
milestone53.0a1
Bug 1319773 - Part 2: Add a pref 'privacy.firstparty.isolate.restrict_opener_access' which controls the access of window.opener for different first party domain. r?baku
browser/app/profile/firefox.js
caps/BasePrincipal.cpp
caps/BasePrincipal.h
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -529,17 +529,18 @@ pref("privacy.history.custom",          
 // 6 - Last 24 hours
 pref("privacy.sanitize.timeSpan", 1);
 pref("privacy.sanitize.sanitizeOnShutdown", false);
 
 pref("privacy.sanitize.migrateFx3Prefs",    false);
 
 pref("privacy.panicButton.enabled",         true);
 
-pref("privacy.firstparty.isolate",          false);
+pref("privacy.firstparty.isolate",                        false);
+pref("privacy.firstparty.isolate.restrict_opener_access", true);
 
 // Time until temporary permissions expire, in ms
 pref("privacy.temporary_permission_expire_time_ms",  3600000);
 
 pref("network.proxy.share_proxy_settings",  false); // use the same proxy settings for all protocols
 
 // simple gestures support
 pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate");
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -281,16 +281,34 @@ OriginAttributes::IsFirstPartyEnabled()
     Preferences::AddBoolVarCache(&sFirstPartyIsolation, "privacy.firstparty.isolate");
   }
 
   return sFirstPartyIsolation;
 }
 
 /* static */
 bool
+OriginAttributes::IsRestrictOpenerAccessForFPI()
+{
+  bool isFirstPartyEnabled = IsFirstPartyEnabled();
+
+  // Cache the privacy.firstparty.isolate.restrict_opener_access pref.
+  static bool sRestrictedOpenerAccess = false;
+  static bool sCachedRestrictedAccessPref = false;
+  if (!sCachedRestrictedAccessPref) {
+    sCachedRestrictedAccessPref = true;
+    Preferences::AddBoolVarCache(&sRestrictedOpenerAccess,
+                                 "privacy.firstparty.isolate.restrict_opener_access");
+  }
+
+  return isFirstPartyEnabled && sRestrictedOpenerAccess;
+}
+
+/* static */
+bool
 OriginAttributes::IsPrivateBrowsing(const nsACString& aOrigin)
 {
   nsAutoCString dummy;
   OriginAttributes attrs;
   if (NS_WARN_IF(!attrs.PopulateFromOrigin(aOrigin, dummy))) {
     return false;
   }
 
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -98,16 +98,21 @@ public:
 
   // Helper function to match mIsPrivateBrowsing to existing private browsing
   // flags. Once all other flags are removed, this can be removed too.
   void SyncAttributesWithPrivateBrowsing(bool aInPrivateBrowsing);
 
   // check if "privacy.firstparty.isolate" is enabled.
   static bool IsFirstPartyEnabled();
 
+  // check if the access of window.opener across different FPDs is restricted.
+  // We only restrict the access of window.opener when first party isolation
+  // is enabled and "privacy.firstparty.isolate.restrict_opener_access" is on.
+  static bool IsRestrictOpenerAccessForFPI();
+
   // returns true if the originAttributes suffix has mPrivateBrowsingId value
   // different than 0.
   static bool IsPrivateBrowsing(const nsACString& aOrigin);
 };
 
 class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary
 {
 public: