Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 16 - Always grant storage permission for storage-access door hanger, r=johannh
authorAndrea Marchesini <amarchesini@mozilla.com>
Fri, 08 Mar 2019 09:06:22 +0000
changeset 520995 3cddc7cd4da5
parent 520994 dd197c3722a0
child 521004 ff29f140d687
child 521005 546397372dd7
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh
bugs1525245
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 16 - Always grant storage permission for storage-access door hanger, r=johannh Differential Revision: https://phabricator.services.mozilla.com/D22273
toolkit/components/antitracking/AntiTrackingCommon.cpp
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@@ -988,46 +988,51 @@ AntiTrackingCommon::SaveFirstPartyStorag
     LOG(
         ("Setting 'any site' permission expiry: %u, proceeding to save in the "
          "permission manager",
          expirationTime));
 
     rv = permManager->AddFromPrincipal(
         aTrackingPrincipal, NS_LITERAL_CSTRING("cookie"),
         nsICookiePermission::ACCESS_ALLOW, expirationType, when);
-  } else {
-    uint32_t privateBrowsingId = 0;
-    rv = aParentPrincipal->GetPrivateBrowsingId(&privateBrowsingId);
-    if ((!NS_WARN_IF(NS_FAILED(rv)) && privateBrowsingId > 0) ||
-        (aAllowMode == eAllowAutoGrant)) {
-      // If we are coming from a private window or are automatically granting a
-      // permission, make sure to store a session-only permission which won't
-      // get persisted to disk.
-      expirationType = nsIPermissionManager::EXPIRE_SESSION;
-      when = 0;
-    }
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+  }
+
+  // We must grant the storage permission also if we allow it for any site
+  // because the setting 'cookie' permission is not applied to existing
+  // documents (See CookieSettings documentation).
 
-    nsAutoCString type;
-    CreatePermissionKey(aTrackingOrigin, aGrantedOrigin, type);
+  uint32_t privateBrowsingId = 0;
+  rv = aParentPrincipal->GetPrivateBrowsingId(&privateBrowsingId);
+  if ((!NS_WARN_IF(NS_FAILED(rv)) && privateBrowsingId > 0) ||
+      (aAllowMode == eAllowAutoGrant)) {
+    // If we are coming from a private window or are automatically granting a
+    // permission, make sure to store a session-only permission which won't
+    // get persisted to disk.
+    expirationType = nsIPermissionManager::EXPIRE_SESSION;
+    when = 0;
+  }
 
-    LOG(
-        ("Computed permission key: %s, expiry: %u, proceeding to save in the "
-         "permission manager",
-         type.get(), expirationTime));
+  nsAutoCString type;
+  CreatePermissionKey(aTrackingOrigin, aGrantedOrigin, type);
+
+  LOG(
+      ("Computed permission key: %s, expiry: %u, proceeding to save in the "
+       "permission manager",
+       type.get(), expirationTime));
 
-    rv = permManager->AddFromPrincipal(aParentPrincipal, type,
-                                       nsIPermissionManager::ALLOW_ACTION,
-                                       expirationType, when);
+  rv = permManager->AddFromPrincipal(aParentPrincipal, type,
+                                     nsIPermissionManager::ALLOW_ACTION,
+                                     expirationType, when);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 
-    if (NS_SUCCEEDED(rv) && (aAllowMode == eAllowAutoGrant)) {
-      // Make sure temporary access grants do not survive more than 24 hours.
-      TemporaryAccessGrantObserver::Create(permManager, aParentPrincipal, type);
-    }
+  if (NS_SUCCEEDED(rv) && (aAllowMode == eAllowAutoGrant)) {
+    // Make sure temporary access grants do not survive more than 24 hours.
+    TemporaryAccessGrantObserver::Create(permManager, aParentPrincipal, type);
   }
-  Unused << NS_WARN_IF(NS_FAILED(rv));
 
   LOG(("Result: %s", NS_SUCCEEDED(rv) ? "success" : "failure"));
   return FirstPartyStorageAccessGrantPromise::CreateAndResolve(rv, __func__);
 }
 
 // static
 bool AntiTrackingCommon::IsStorageAccessPermission(nsIPermission* aPermission,
                                                    nsIPrincipal* aPrincipal) {