Bug 1547813 - Part 5: Introduce StorageAccess::ePartitionForeignOrDeny; r=baku
☠☠ backed out by 8fea66166287 ☠ ☠
authorEhsan Akhgari <ehsan@mozilla.com>
Thu, 09 May 2019 07:14:34 +0000
changeset 532058 4ced8d49ddc37cd3ecdb62c38e7df51f5603f475
parent 532057 77a040f527e9903657ccc0910adb760aef281619
child 532059 06943593738cbfb00527317c54f8b58d324060ab
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1547813
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1547813 - Part 5: Introduce StorageAccess::ePartitionForeignOrDeny; r=baku This StorageAccess code tells callers that they must partition third-party storage, or deny storage access if that is not possible. Differential Revision: https://phabricator.services.mozilla.com/D29740
dom/base/nsContentUtils.h
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -2879,16 +2879,19 @@ class nsContentUtils {
   static bool IsNonSubresourceRequest(nsIChannel* aChannel);
 
   static bool IsNonSubresourceInternalPolicyType(nsContentPolicyType aType);
 
   // The order of these entries matters, as we use std::min for total ordering
   // of permissions. Private Browsing is considered to be more limiting
   // then session scoping
   enum class StorageAccess {
+    // The storage should be partitioned for third-party resources. if the
+    // caller is unable to do it, deny the storage access.
+    ePartitionForeignOrDeny = -2,
     // The storage should be partitioned for third-party trackers. if the caller
     // is unable to do it, deny the storage access.
     ePartitionTrackersOrDeny = -1,
     // Don't allow access to the storage
     eDeny = 0,
     // Allow access to the storage, but only if it is secure to do so in a
     // private browsing context.
     ePrivateBrowsing = 1,