Bug 1508044 - Part 3: Ensure that the third-party checks performed on channels in nsContentUtils::IsThirdPartyWindowOrChannel() follow the same logic as those performed in nsChannelClassifier r=francois
authorEhsan Akhgari <ehsan@mozilla.com>
Tue, 27 Nov 2018 00:43:20 +0000
changeset 507394 691286d50c87eb419c121c88836a67a8227e611b
parent 507393 5452c9164d46e49aa8ee6cd3444bb0f8cc7cc121
child 507395 e3a074ae3f0c18a5329c23099c5169f135885852
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfrancois
bugs1508044
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1508044 - Part 3: Ensure that the third-party checks performed on channels in nsContentUtils::IsThirdPartyWindowOrChannel() follow the same logic as those performed in nsChannelClassifier r=francois Depends on D12852 Differential Revision: https://phabricator.services.mozilla.com/D12853
dom/base/nsContentUtils.cpp
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -144,16 +144,17 @@
 #include "nsIDOMChromeWindow.h"
 #include "nsIDOMWindowUtils.h"
 #include "nsIDragService.h"
 #include "nsIFormControl.h"
 #include "nsIForm.h"
 #include "nsIFragmentContentSink.h"
 #include "nsContainerFrame.h"
 #include "nsIHTMLDocument.h"
+#include "nsIHttpChannelInternal.h"
 #include "nsIIdleService.h"
 #include "nsIImageLoadingContent.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIIOService.h"
 #include "nsILoadContext.h"
 #include "nsILoadGroup.h"
 #include "nsIMemoryReporter.h"
@@ -8988,16 +8989,35 @@ nsContentUtils::IsThirdPartyWindowOrChan
     // want to check the channel URI against the loading principal as well.
     nsresult rv = thirdPartyUtil->IsThirdPartyChannel(aChannel,
                                                       nullptr,
                                                       &thirdParty);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       // Assume third-party in case of failure
       thirdParty = true;
     }
+
+    // We check isThirdPartyWindow to expand the list of domains that are
+    // considered first party (e.g., if facebook.com includes an iframe from
+    // fatratgames.com, all subsources included in that iframe are considered
+    // third-party with isThirdPartyChannel, even if they are not third-party
+    // w.r.t.  facebook.com), and isThirdPartyChannel to prevent top-level
+    // navigations from being detected as third-party.
+    bool isThirdPartyWindow = true;
+    nsCOMPtr<nsIHttpChannelInternal> chan = do_QueryInterface(aChannel, &rv);
+    if (NS_SUCCEEDED(rv) && chan) {
+      nsCOMPtr<nsIURI> topWinURI;
+      rv = chan->GetTopWindowURI(getter_AddRefs(topWinURI));
+      if (NS_SUCCEEDED(rv) && topWinURI) {
+        rv = thirdPartyUtil->IsThirdPartyURI(aURI, topWinURI, &isThirdPartyWindow);
+        if (NS_SUCCEEDED(rv)) {
+          thirdParty = thirdParty && isThirdPartyWindow;
+        }
+      }
+    }
   }
 
   return thirdParty;
 }
 
 // static public
 bool
 nsContentUtils::IsTrackingResourceWindow(nsPIDOMWindowInner* aWindow)