Bug 1372069 - Part 1: Disable Geolocation when 'privacy.resistFingerprinting' is true. r?smaug, arthuredelstein
This patch disables Geolocation API when fingerprinting resistance is enabled.
The way we disable it is the same as how we disable this API for non-secure
origins that we will reject the request from this API and still keep this API
around.
MozReview-Commit-ID: 5D7Bf6Rplm8
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -1245,17 +1245,18 @@ Geolocation::GetCurrentPosition(GeoPosit
Telemetry::Accumulate(Telemetry::GEOLOCATION_GETCURRENTPOSITION_SECURE_ORIGIN,
static_cast<uint8_t>(mProtocolType));
RefPtr<nsGeolocationRequest> request =
new nsGeolocationRequest(this, Move(callback), Move(errorCallback),
Move(options), static_cast<uint8_t>(mProtocolType),
false);
- if (!sGeoEnabled || ShouldBlockInsecureRequests()) {
+ if (!sGeoEnabled || ShouldBlockInsecureRequests() ||
+ nsContentUtils::ResistFingerprinting(aCallerType)) {
nsCOMPtr<nsIRunnable> ev = new RequestAllowEvent(false, request);
NS_DispatchToMainThread(ev);
return NS_OK;
}
if (!mOwner && aCallerType != CallerType::System) {
return NS_ERROR_FAILURE;
}
@@ -1331,17 +1332,18 @@ Geolocation::WatchPosition(GeoPositionCa
// The watch ID:
*aRv = mLastWatchId++;
RefPtr<nsGeolocationRequest> request =
new nsGeolocationRequest(this, Move(aCallback), Move(aErrorCallback),
Move(aOptions),
static_cast<uint8_t>(mProtocolType), true, *aRv);
- if (!sGeoEnabled || ShouldBlockInsecureRequests()) {
+ if (!sGeoEnabled || ShouldBlockInsecureRequests() ||
+ nsContentUtils::ResistFingerprinting(aCallerType)) {
nsCOMPtr<nsIRunnable> ev = new RequestAllowEvent(false, request);
NS_DispatchToMainThread(ev);
return NS_OK;
}
if (!mOwner && aCallerType != CallerType::System) {
return NS_ERROR_FAILURE;
}