Bug 1461407 - Make about:home unlinkable again and improve behavior of serialized principals across changes to URLs. r=bz,Mardak,mikedeboer, a=RyanVM
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Mon, 14 May 2018 22:04:49 +0100
changeset 473414 7272335e193cb0500b4f3657245b4b0a1422899e
parent 473413 323494cc7e95da96e2189dc174477a66775e10b4
child 473415 fbd069ce4e4dc5e2c724f1bc5b8d3ae7d34f0fa3
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, Mardak, mikedeboer, RyanVM
bugs1461407
milestone61.0
Bug 1461407 - Make about:home unlinkable again and improve behavior of serialized principals across changes to URLs. r=bz,Mardak,mikedeboer, a=RyanVM Making about:home unlinkable changes its URL structure. Prior to this change, it is a nested URL. After this change, it no longer is. We store serialized versions of principals in some cases. These include details about whether the URI is nested etc. This is problematic for the about:home change because the change in nesting changes the origin of the page, so the origin would mismatch between the principal and its URL. To avoid this, we always re-create URIs for about: URIs when deserializing them from strings, ensuring we don't create bogus principals. MozReview-Commit-ID: 87zVUFgbusn
browser/components/about/AboutRedirector.cpp
caps/ContentPrincipal.cpp
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -79,17 +79,17 @@ static const RedirEntry kRedirMap[] = {
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   { "sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml",
     nsIAboutModule::ALLOW_SCRIPT |
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   { "welcomeback", "chrome://browser/content/aboutWelcomeBack.xhtml",
     nsIAboutModule::ALLOW_SCRIPT |
     nsIAboutModule::HIDE_FROM_ABOUTABOUT },
   // Actual activity stream URL for home and newtab are set in channel creation
-  { "home", "about:blank", ACTIVITY_STREAM_FLAGS | nsIAboutModule::MAKE_LINKABLE }, // Bug 1438367 to try removing MAKE_LINKABLE again
+  { "home", "about:blank", ACTIVITY_STREAM_FLAGS },
   { "newtab", "about:blank", ACTIVITY_STREAM_FLAGS },
   { "library", "chrome://browser/content/aboutLibrary.xhtml",
     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT },
   { "preferences", "chrome://browser/content/preferences/in-content/preferences.xul",
     nsIAboutModule::ALLOW_SCRIPT },
   { "downloads", "chrome://browser/content/downloads/contentAreaDownloadsView.xul",
     nsIAboutModule::ALLOW_SCRIPT },
--- a/caps/ContentPrincipal.cpp
+++ b/caps/ContentPrincipal.cpp
@@ -443,16 +443,24 @@ ContentPrincipal::Read(nsIObjectInputStr
   nsCOMPtr<nsISupports> supports;
   nsCOMPtr<nsIURI> codebase;
   nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   codebase = do_QueryInterface(supports);
+  // Enforce re-parsing about: URIs so that if they change, we continue to use
+  // their new principals correctly.
+  bool isAbout = false;
+  if (NS_SUCCEEDED(codebase->SchemeIs("about", &isAbout)) && isAbout) {
+    nsAutoCString spec;
+    codebase->GetSpec(spec);
+    NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(codebase), spec), NS_ERROR_FAILURE);
+  }
 
   nsCOMPtr<nsIURI> domain;
   rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   domain = do_QueryInterface(supports);