Bug 1409226 - When opening a link into a new private window, remove Referer.
Always set aNoReferrer = true in openLinkIn when where == 'window' and aIsPrivate
MozReview-Commit-ID: 7szUyO6w6d4
--- a/browser/base/content/test/referrer/browser_referrer_open_link_in_container_tab3.js
+++ b/browser/base/content/test/referrer/browser_referrer_open_link_in_container_tab3.js
@@ -1,23 +1,15 @@
// Tests referrer on context menu navigation - open link in new container tab.
// Selects "open link in new container tab" from the context menu.
// The test runs from a container ID 2.
// Output: we have no referrer.
-function getReferrerTest(aTestNumber) {
- let testCase = _referrerTests[aTestNumber];
- if (testCase) {
- // We want all the referrer tests to fail!
- testCase.result = "";
- }
-
- return testCase;
-}
+getReferrerTest = getRemovedReferrerTest;
function startNewTabTestCase(aTestNumber) {
info("browser_referrer_open_link_in_container_tab: " +
getReferrerTestDescription(aTestNumber));
contextMenuOpened(gTestWindow, "testlink").then(function(aContextMenu) {
someTabLoaded(gTestWindow).then(function(aNewTab) {
gTestWindow.gBrowser.selectedTab = aNewTab;
--- a/browser/base/content/test/referrer/browser_referrer_open_link_in_private.js
+++ b/browser/base/content/test/referrer/browser_referrer_open_link_in_private.js
@@ -1,11 +1,16 @@
// Tests referrer on context menu navigation - open link in new private window.
// Selects "open link in new private window" from the context menu.
+// The test runs from a regular browsing window.
+// Output: we have no referrer.
+
+getReferrerTest = getRemovedReferrerTest;
+
function startNewPrivateWindowTestCase(aTestNumber) {
info("browser_referrer_open_link_in_private: " +
getReferrerTestDescription(aTestNumber));
contextMenuOpened(gTestWindow, "testlink").then(function(aContextMenu) {
newWindowOpened().then(function(aNewWindow) {
BrowserTestUtils.firstBrowserLoaded(aNewWindow, false).then(function() {
checkReferrerAndStartNextTest(aTestNumber, aNewWindow, null,
startNewPrivateWindowTestCase);
--- a/browser/base/content/test/referrer/head.js
+++ b/browser/base/content/test/referrer/head.js
@@ -73,16 +73,33 @@ var _referrerTests = [
* @param aTestNumber The test number - 0, 1, 2, ...
* @return The test object, or undefined if the number is out of range.
*/
function getReferrerTest(aTestNumber) {
return _referrerTests[aTestNumber];
}
/**
+ * Returns shimmed test object for a given test number.
+ *
+ * @param aTestNumber The test number - 0, 1, 2, ...
+ * @return The test object with result hard-coded to "",
+ * or undefined if the number is out of range.
+ */
+function getRemovedReferrerTest(aTestNumber) {
+ let testCase = _referrerTests[aTestNumber];
+ if (testCase) {
+ // We want all the referrer tests to fail!
+ testCase.result = "";
+ }
+
+ return testCase;
+}
+
+/**
* Returns a brief summary of the test, for logging.
* @param aTestNumber The test number - 0, 1, 2...
* @return The test description.
*/
function getReferrerTestDescription(aTestNumber) {
let test = getReferrerTest(aTestNumber);
return "policy=[" + test.policy + "] " +
"rel=[" + test.rel + "] " +
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -283,16 +283,24 @@ function openLinkIn(url, where, params)
return Services.scriptSecurityManager.createCodebasePrincipal(principal.URI, attrs);
}
return principal;
}
aPrincipal = useOAForPrincipal(aPrincipal);
aTriggeringPrincipal = useOAForPrincipal(aTriggeringPrincipal);
if (!w || where == "window") {
+ let features = "chrome,dialog=no,all";
+ if (aIsPrivate) {
+ features += ",private";
+ // To prevent regular browsing data from leaking to private browsing sites,
+ // strip the referrer when opening a new private window. (See Bug: 1409226)
+ aNoReferrer = true;
+ }
+
// This propagates to window.arguments.
var sa = Cc["@mozilla.org/array;1"].
createInstance(Ci.nsIMutableArray);
var wuri = Cc["@mozilla.org/supports-string;1"].
createInstance(Ci.nsISupportsString);
wuri.data = url;
@@ -327,21 +335,16 @@ function openLinkIn(url, where, params)
sa.appendElement(referrerURISupports);
sa.appendElement(aPostData);
sa.appendElement(allowThirdPartyFixupSupports);
sa.appendElement(referrerPolicySupports);
sa.appendElement(userContextIdSupports);
sa.appendElement(aPrincipal);
sa.appendElement(aTriggeringPrincipal);
- let features = "chrome,dialog=no,all";
- if (aIsPrivate) {
- features += ",private";
- }
-
const sourceWindow = (w || window);
let win;
if (params.frameOuterWindowID != undefined && sourceWindow) {
// Only notify it as a WebExtensions' webNavigation.onCreatedNavigationTarget
// event if it contains the expected frameOuterWindowID params.
// (e.g. we should not notify it as a onCreatedNavigationTarget if the user is
// opening a new window using the keyboard shortcut).
const sourceTabBrowser = sourceWindow.gBrowser.selectedBrowser;