Bug 951785 - For browser content, unless explicitly denied for the app, consider permissions for the requesting origin, not the requesting app. r=sicking
authorReuben Morais <reuben.morais@gmail.com>
Fri, 21 Feb 2014 16:56:19 -0300
changeset 170363 d422bf4841af2711eaa5142a3d9d030b2eeba916
parent 170362 bb134fc596eb2040bcd961a5fd0463f45c870f27
child 170364 bec032eb70fa45816228c7a34aa37c9c7a8720be
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewerssicking
bugs951785
milestone30.0a1
Bug 951785 - For browser content, unless explicitly denied for the app, consider permissions for the requesting origin, not the requesting app. r=sicking
dom/ipc/AppProcessChecker.cpp
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -223,29 +223,39 @@ CheckPermission(PContentParent* aActor,
     do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
   NS_ENSURE_TRUE(pm, nsIPermissionManager::DENY_ACTION);
 
   // Make sure that `aPermission' is an app permission before checking the origin.
   nsCOMPtr<nsIPrincipal> appPrincipal = GetAppPrincipal(aPrincipal->GetAppId());
   uint32_t appPerm = nsIPermissionManager::UNKNOWN_ACTION;
   nsresult rv = pm->TestExactPermissionFromPrincipal(appPrincipal, aPermission, &appPerm);
   NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION);
+  // Setting to "deny" in the settings UI should deny everywhere.
   if (appPerm == nsIPermissionManager::UNKNOWN_ACTION ||
       appPerm == nsIPermissionManager::DENY_ACTION) {
     return appPerm;
   }
 
   uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
   rv = pm->TestExactPermissionFromPrincipal(aPrincipal, aPermission, &permission);
   NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION);
   if (permission == nsIPermissionManager::UNKNOWN_ACTION ||
       permission == nsIPermissionManager::DENY_ACTION) {
     return permission;
   }
 
+  // For browser content (and if the app hasn't explicitly denied this),
+  // consider the requesting origin, not the app.
+  if (appPerm == nsIPermissionManager::PROMPT_ACTION &&
+      aPrincipal->GetIsInBrowserElement()) {
+    return permission;
+  }
+
+  // Setting to "prompt" in the settings UI should prompt everywhere in
+  // non-browser content.
   if (appPerm == nsIPermissionManager::PROMPT_ACTION ||
       permission == nsIPermissionManager::PROMPT_ACTION) {
     return nsIPermissionManager::PROMPT_ACTION;
   }
 
   if (appPerm == nsIPermissionManager::ALLOW_ACTION ||
       permission == nsIPermissionManager::ALLOW_ACTION) {
     return nsIPermissionManager::ALLOW_ACTION;