Bug 1319773 - Part 2: Add a pref 'privacy.firstparty.isolate.restrict_opener_access' which controls the access of window.opener for different first party domain. r?baku
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -529,17 +529,18 @@ pref("privacy.history.custom",
// 6 - Last 24 hours
pref("privacy.sanitize.timeSpan", 1);
pref("privacy.sanitize.sanitizeOnShutdown", false);
pref("privacy.sanitize.migrateFx3Prefs", false);
pref("privacy.panicButton.enabled", true);
-pref("privacy.firstparty.isolate", false);
+pref("privacy.firstparty.isolate", false);
+pref("privacy.firstparty.isolate.restrict_opener_access", true);
// Time until temporary permissions expire, in ms
pref("privacy.temporary_permission_expire_time_ms", 3600000);
pref("network.proxy.share_proxy_settings", false); // use the same proxy settings for all protocols
// simple gestures support
pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate");
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -281,16 +281,41 @@ OriginAttributes::IsFirstPartyEnabled()
Preferences::AddBoolVarCache(&sFirstPartyIsolation, "privacy.firstparty.isolate");
}
return sFirstPartyIsolation;
}
/* static */
bool
+OriginAttributes::IsRestrictOpenerAccessForFPI()
+{
+ bool isFirstPartyEnabled = IsFirstPartyEnabled();
+
+ // Cache the privacy.firstparty.isolate.restrict_opener_access pref.
+ static bool sRestrictedOpenerAccess = false;
+ static bool sCachedRestrictedAccessPref = false;
+ if (!sCachedRestrictedAccessPref) {
+ MOZ_ASSERT(NS_IsMainThread());
+ sCachedRestrictedAccessPref = true;
+ Preferences::AddBoolVarCache(&sRestrictedOpenerAccess,
+ "privacy.firstparty.isolate.restrict_opener_access");
+ }
+
+ // We always want to restrict window.opener if first party isolation is
+ // disabled.
+ if (!isFirstPartyEnabled) {
+ return true;
+ }
+
+ return isFirstPartyEnabled && sRestrictedOpenerAccess;
+}
+
+/* static */
+bool
OriginAttributes::IsPrivateBrowsing(const nsACString& aOrigin)
{
nsAutoCString dummy;
OriginAttributes attrs;
if (NS_WARN_IF(!attrs.PopulateFromOrigin(aOrigin, dummy))) {
return false;
}
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -98,16 +98,21 @@ public:
// Helper function to match mIsPrivateBrowsing to existing private browsing
// flags. Once all other flags are removed, this can be removed too.
void SyncAttributesWithPrivateBrowsing(bool aInPrivateBrowsing);
// check if "privacy.firstparty.isolate" is enabled.
static bool IsFirstPartyEnabled();
+ // check if the access of window.opener across different FPDs is restricted.
+ // We only restrict the access of window.opener when first party isolation
+ // is enabled and "privacy.firstparty.isolate.restrict_opener_access" is on.
+ static bool IsRestrictOpenerAccessForFPI();
+
// returns true if the originAttributes suffix has mPrivateBrowsingId value
// different than 0.
static bool IsPrivateBrowsing(const nsACString& aOrigin);
};
class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary
{
public: