Bug 1021667 - Give Activity Stream URI_SAFE_FOR_UNTRUSTED_CONTENT
MozReview-Commit-ID: A7A2ThcpCeR
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -219,17 +219,18 @@ AboutRedirector::GetURIFlags(nsIURI *aUR
// Once ActivityStream is fully rolled out and we've removed Tiles,
// this special case can go away and the flag can just become part
// of the normal about:newtab entry in kRedirMap.
if (name.EqualsLiteral("newtab")) {
if (sActivityStreamEnabled) {
*result = redir.flags |
nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
- nsIAboutModule::ENABLE_INDEXED_DB;
+ nsIAboutModule::ENABLE_INDEXED_DB |
+ nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT;
return NS_OK;
}
}
*result = redir.flags;
return NS_OK;
}
}
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
@@ -151,17 +151,19 @@ add_task(async function test_aboutURL()
let flags = am.getURIFlags(uri);
// We load pages with URI_SAFE_FOR_UNTRUSTED_CONTENT set, this means they
// are not loaded with System Principal but with codebase principal.
// Also we skip pages with HIDE_FROM_ABOUTABOUT, some of them may have
// errors while loading.
if ((flags & Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT) &&
!(flags & Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT) &&
- networkURLs.indexOf(aboutType) == -1) {
+ networkURLs.indexOf(aboutType) == -1 &&
+ // Exclude about:newtab see Bug 1021667
+ aboutType !== "newtab") {
aboutURLs.push(aboutType);
}
} catch (e) {
// getService might have thrown if the component doesn't actually
// implement nsIAboutModule
}
}