Bug 1580348 - Port |Bug 906190 - Persist "disable protection" option for Mixed Content Blocker in child tabs| to SeaMonkey. r=frg DONTBUILD
authorIan Neal <iann_cvs@blueyonder.co.uk>
Mon, 11 Nov 2019 20:44:10 +0100
changeset 37474 c7d09e547b0f2e0c978473556e23d8e8ad476ee4
parent 37473 f1b5416c152bc6c0b457a661f78cbed98e3b3158
child 37475 8ec843ce7808b7b1d730bdf350a990ddfffb2789
push id396
push userclokep@gmail.com
push dateMon, 06 Jan 2020 23:11:57 +0000
reviewersfrg
bugs1580348, 906190
Bug 1580348 - Port |Bug 906190 - Persist "disable protection" option for Mixed Content Blocker in child tabs| to SeaMonkey. r=frg DONTBUILD
suite/base/content/contentAreaClick.js
suite/base/content/nsContextMenu.js
suite/base/content/utilityOverlay.js
suite/browser/tabbrowser.xml
--- a/suite/base/content/contentAreaClick.js
+++ b/suite/base/content/contentAreaClick.js
@@ -104,20 +104,37 @@ function handleLinkClick(event, href, li
 
   if (where == "save") {
     saveURL(href, linkNode ? gatherTextUnder(linkNode) : "", null, false,
             true, doc.documentURIObject, doc);
     event.preventDefault();
     return true;
   }
 
+  var referrerURI = doc.documentURIObject;
+  // if the mixedContentChannel is present and the referring URI passes
+  // a same origin check with the target URI, we can preserve the users
+  // decision of disabling MCB on a page for it's child tabs.
+  var persistAllowMixedContentInChildTab = false;
+
+  if (where == "tab" && getBrowser().docShell.mixedContentChannel) {
+    const sm = Services.scriptSecurityManager;
+    try {
+      var targetURI = makeURI(href);
+      sm.checkSameOriginURI(referrerURI, targetURI, false);
+      persistAllowMixedContentInChildTab = true;
+    }
+    catch (e) { }
+  }
+
   urlSecurityCheck(href, doc.nodePrincipal);
-  openLinkIn(href, where, { referrerURI: doc.documentURIObject,
+  openLinkIn(href, where, { referrerURI: referrerURI,
                             charset: doc.characterSet,
-                            private: gPrivate ? true : false });
+                            private: gPrivate ? true : false,
+                            allowMixedContent: persistAllowMixedContentInChildTab });
   event.preventDefault();
   return true;
 }
 
   var gURIFixup = null;
 
   function middleMousePaste(event) {
 
--- a/suite/base/content/nsContextMenu.js
+++ b/suite/base/content/nsContextMenu.js
@@ -973,20 +973,38 @@ nsContextMenu.prototype = {
   else
     Services.perms.remove(uri, "image");
   },
 
   // Open linked-to URL in a new tab.
   openLinkInTab: function(aEvent) {
     var doc = this.target.ownerDocument;
     urlSecurityCheck(this.linkURL, doc.nodePrincipal);
+    var referrerURI = doc.documentURIObject;
+
+    // if the mixedContentChannel is present and the referring URI passes
+    // a same origin check with the target URI, we can preserve the users
+    // decision of disabling MCB on a page for it's child tabs.
+    var persistAllowMixedContentInChildTab = false;
+
+    if (this.browser.docShell.mixedContentChannel) {
+      const sm = Services.scriptSecurityManager;
+      try {
+        var targetURI = this.linkURI;
+        sm.checkSameOriginURI(referrerURI, targetURI, false);
+        persistAllowMixedContentInChildTab = true;
+      }
+      catch (e) { }
+    }
+
     openLinkIn(this.linkURL,
                aEvent && aEvent.shiftKey ? "tabshifted" : "tab",
                { charset: doc.characterSet,
-                 referrerURI: doc.documentURIObject });
+                 referrerURI: referrerURI,
+                 allowMixedContent: persistAllowMixedContentInChildTab });
   },
 
   // Open linked-to URL in a new window.
   openLinkInWindow: function() {
     var doc = this.target.ownerDocument;
     urlSecurityCheck(this.linkURL, doc.nodePrincipal);
     openLinkIn(this.linkURL, "window",
                { charset: doc.characterSet,
--- a/suite/base/content/utilityOverlay.js
+++ b/suite/base/content/utilityOverlay.js
@@ -1478,16 +1478,17 @@ function openLinkIn(url, where, params)
   var aFromChrome           = params.fromChrome;
   var aAllowThirdPartyFixup = params.allowThirdPartyFixup;
   var aPostData             = params.postData;
   var aCharset              = params.charset;
   var aReferrerURI          = params.referrerURI;
   var aReferrerPolicy       = ("referrerPolicy" in params ?
         params.referrerPolicy : Ci.nsIHttpChannel.REFERRER_POLICY_UNSET);
   var aRelatedToCurrent     = params.relatedToCurrent;
+  var aAllowMixedContent    = params.allowMixedContent;
   var aInBackground         = params.inBackground;
   var aDisallowInheritPrincipal = params.disallowInheritPrincipal;
   var aInitiatingDoc = params.initiatingDoc ? params.initiatingDoc : document;
   var aIsPrivate            = params.private;
   var aUserContextId        = params.userContextId;
   var aPrincipal            = params.originPrincipal;
   var aTriggeringPrincipal  = params.triggeringPrincipal;
 
@@ -1622,16 +1623,17 @@ function openLinkIn(url, where, params)
     var browser = w.getBrowser();
     var tab = browser.addTab(url, {
                 referrerURI: aReferrerURI,
                 referrerPolicy: aReferrerPolicy,
                 charset: aCharset,
                 postData: aPostData,
                 allowThirdPartyFixup: aAllowThirdPartyFixup,
                 relatedToCurrent: aRelatedToCurrent,
+                allowMixedContent: aAllowMixedContent,
                 userContextId: aUserContextId,
                 originPrincipal: aPrincipal,
                 triggeringPrincipal: aTriggeringPrincipal,
               });
     if (!loadInBackground) {
       browser.selectedTab = tab;
       w.content.focus();
     }
--- a/suite/browser/tabbrowser.xml
+++ b/suite/browser/tabbrowser.xml
@@ -1408,16 +1408,17 @@
               params = {
                 triggeringPrincipal: Services.scriptSecurityManager
                                              .getSystemPrincipal(),
                 referrerURI: aReferrerURI,
                 charset: aCharset,
                 postData: aPostData,
                 inBackground: aLoadInBackground,
                 allowThirdPartyFixup: aAllowThirdPartyFixup,
+                allowMixedContent: false,
                 userContextId: null,
                 opener: null,
               };
             }
 
             params.focusNewTab = params.inBackground != null ?
                 !params.inBackground :
                 !Services.prefs.getBoolPref("browser.tabs.loadInBackground");
@@ -1529,32 +1530,34 @@
         <parameter name="aFocusNewTab"/>
         <parameter name="aAllowThirdPartyFixup"/>
         <body>
           <![CDATA[
             var aTriggeringPrincipal;
             var aReferrerPolicy;
             var aFromExternal;
             var aRelatedToCurrent;
+            var aAllowMixedContent;
             var aUserContextId;
             var aOpener;
             if (arguments.length == 2 &&
                 arguments[1] != null &&
                 typeof arguments[1] == "object" &&
                 !(arguments[1] instanceof Ci.nsIURI)) {
               let params = arguments[1];
               aTriggeringPrincipal  = params.triggeringPrincipal;
               aReferrerURI          = params.referrerURI;
               aReferrerPolicy       = params.referrerPolicy;
               aCharset              = params.charset;
               aPostData             = params.postData;
               aFocusNewTab          = params.focusNewTab;
               aAllowThirdPartyFixup = params.allowThirdPartyFixup;
               aFromExternal         = params.fromExternal;
               aRelatedToCurrent     = params.relatedToCurrent;
+              aAllowMixedContent    = params.allowMixedContent;
               aUserContextId        = params.userContextId;
               aOpener               = params.opener;
             }
 
             this._browsers = null; // invalidate cache
 
             var t = this.referenceTab.cloneNode(true);
 
@@ -1623,23 +1626,24 @@
             this.mTabListeners[position] = tabListener;
             this.mTabFilters[position] = filter;
 
             if (!blank) {
               // pretend the user typed this so it'll be available till
               // the document successfully loads
               b.userTypedValue = aURI;
 
-              let nsIWebNavigation = Ci.nsIWebNavigation;
-              let flags = nsIWebNavigation.LOAD_FLAGS_NONE;
+              let flags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
               if (aAllowThirdPartyFixup)
-                flags = nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
-                        nsIWebNavigation.LOAD_FLAGS_FIXUP_SCHEME_TYPOS;
+                flags = Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
+                        Ci.nsIWebNavigation.LOAD_FLAGS_FIXUP_SCHEME_TYPOS;
               if (aFromExternal)
-                flags |= nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL;
+                flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL;
+              if (aAllowMixedContent)
+                flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_MIXED_CONTENT;
               try {
                 b.loadURIWithFlags(aURI, {
                   flags,
                   triggeringPrincipal : aTriggeringPrincipal,
                   referrerURI: aReferrerURI,
                   charset: aCharset,
                   referrerPolicy: aReferrerPolicy,
                   postData: aPostData,