From 6cf548b1719d0a92df4fb2da027a18d3994d281d Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Wed, 2 Oct 2019 11:34:30 +0000 Subject: [PATCH] Bug 1410364 - Don't consider opener when calculating IsSecureContext. r=bz, r=dveditz Per https://github.com/w3c/webappsec-secure-contexts/issues/42, the section considering the window opener when calculating secure context is to be dropped. Firefox already uses "isSecureContextIfOpenerIgnored" in most places as this is the actual behavior we want. This patch aligns with the upcoming spec changes by ignoring the window opener. We also no longer have to keep information about whether our opener was secure as that no longer factors in our calculations. UltraBlame original commit: 681fece780aef771f1c6b56cddf4e52c8c800cb2 --- dom/base/nsGlobalWindowInner.cpp | 48 ------ dom/base/nsGlobalWindowInner.h | 16 -- dom/base/nsGlobalWindowOuter.cpp | 81 ---------- dom/base/nsGlobalWindowOuter.h | 10 -- dom/base/nsPIDOMWindow.h | 6 - dom/geolocation/nsGeolocation.cpp | 2 +- dom/webidl/Window.webidl | 109 ------------- .../passwordmgr/InsecurePasswordUtils.jsm | 145 +----------------- .../passwordmgr/LoginManagerContent.jsm | 27 +--- .../passwordmgr/test/browser/browser.ini | 7 + 10 files changed, 11 insertions(+), 440 deletions(-) diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index 23fdd72088c25..498b371efa305 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -2819,10 +2819,6 @@ mHadOriginalOpener ( false ) -mOriginalOpenerWasSecureContext -( -false -) mIsPopupSpam ( false @@ -10583,30 +10579,6 @@ IsSecureContext ) ; } -bool -nsPIDOMWindowInner -: -: -IsSecureContextIfOpenerIgnored -( -) -const -{ -return -nsGlobalWindowInner -: -: -Cast -( -this -) -- -> -IsSecureContextIfOpenerIgnored -( -) -; -} void nsPIDOMWindowInner : @@ -38699,26 +38671,6 @@ GetWrapperPreserveColor ) ; } -bool -nsGlobalWindowInner -: -: -IsSecureContextIfOpenerIgnored -( -) -const -{ -MOZ_RELEASE_ASSERT -( -IsInnerWindow -( -) -) -; -return -mIsSecureContextIfOpenerIgnored -; -} already_AddRefed < External diff --git a/dom/base/nsGlobalWindowInner.h b/dom/base/nsGlobalWindowInner.h index 12851ed5f107b..41379b1eb82e6 100644 --- a/dom/base/nsGlobalWindowInner.h +++ b/dom/base/nsGlobalWindowInner.h @@ -4508,12 +4508,6 @@ IsSecureContext ) const ; -bool -IsSecureContextIfOpenerIgnored -( -) -const -; void GetSidebar ( @@ -8919,16 +8913,6 @@ mHadOriginalOpener 1 ; bool -mOriginalOpenerWasSecureContext -: -1 -; -bool -mIsSecureContextIfOpenerIgnored -: -1 -; -bool mIsPopupSpam : 1 diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index a3802df7854cb..fa27e2f64468b 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -4330,10 +4330,6 @@ mHadOriginalOpener ( false ) -mOriginalOpenerWasSecureContext -( -false -) mIsPopupSpam ( false @@ -9197,17 +9193,6 @@ state " ) ; -if -( -aFlags -! -= -SecureContextFlags -: -: -eIgnoreOpener -) -{ hadNonSecureContextCreator = ! @@ -9219,44 +9204,6 @@ IsSecureContext ) ; } -else -{ -hadNonSecureContextCreator -= -! -parentWin -- -> -IsSecureContextIfOpenerIgnored -( -) -; -} -} -else -if -( -mHadOriginalOpener -) -{ -if -( -aFlags -! -= -SecureContextFlags -: -: -eIgnoreOpener -) -{ -hadNonSecureContextCreator -= -! -mOriginalOpenerWasSecureContext -; -} -} if ( hadNonSecureContextCreator @@ -10675,20 +10622,6 @@ global " ) ; -newInnerWindow -- -> -mIsSecureContextIfOpenerIgnored -= -ComputeIsSecureContext -( -aDocument -SecureContextFlags -: -: -eIgnoreOpener -) -; mCreatingInnerWindow = false @@ -13743,20 +13676,6 @@ mHadOriginalOpener = true ; -mOriginalOpenerWasSecureContext -= -aOpener -- -> -GetCurrentInnerWindow -( -) -- -> -IsSecureContext -( -) -; } # ifdef diff --git a/dom/base/nsGlobalWindowOuter.h b/dom/base/nsGlobalWindowOuter.h index 6149b5de8ad0a..0b0f93a32f49d 100644 --- a/dom/base/nsGlobalWindowOuter.h +++ b/dom/base/nsGlobalWindowOuter.h @@ -7169,16 +7169,6 @@ mHadOriginalOpener 1 ; bool -mOriginalOpenerWasSecureContext -: -1 -; -bool -mIsSecureContextIfOpenerIgnored -: -1 -; -bool mIsPopupSpam : 1 diff --git a/dom/base/nsPIDOMWindow.h b/dom/base/nsPIDOMWindow.h index 2dcacc815ac60..eb508fc460dd3 100644 --- a/dom/base/nsPIDOMWindow.h +++ b/dom/base/nsPIDOMWindow.h @@ -5051,12 +5051,6 @@ IsSecureContext ) const ; -bool -IsSecureContextIfOpenerIgnored -( -) -const -; / / Calling diff --git a/dom/geolocation/nsGeolocation.cpp b/dom/geolocation/nsGeolocation.cpp index 2f64b4be76de6..b53f3c6e10f48 100644 --- a/dom/geolocation/nsGeolocation.cpp +++ b/dom/geolocation/nsGeolocation.cpp @@ -5905,7 +5905,7 @@ win ) - > -IsSecureContextIfOpenerIgnored +IsSecureContext ( ) ) diff --git a/dom/webidl/Window.webidl b/dom/webidl/Window.webidl index c4b917a5eebc8..5adc9ec617391 100644 --- a/dom/webidl/Window.webidl +++ b/dom/webidl/Window.webidl @@ -3724,115 +3724,6 @@ IdleDeadline deadline ) ; -/ -* -* -* -Similar -to -| -isSecureContext -| -but -doesn -' -t -pay -attention -to -whether -the -* -window -' -s -opener -( -if -any -) -is -a -secure -context -or -not -. -* -* -WARNING -: -Do -not -use -this -unless -you -are -familiar -with -the -issues -that -* -taking -opener -state -into -account -is -designed -to -address -( -or -else -you -may -* -introduce -security -issues -) -. -If -in -doubt -use -| -isSecureContext -| -. -In -* -particular -do -not -use -this -to -gate -access -to -JavaScript -APIs -. -* -/ -partial -interface -Window -{ -[ -ChromeOnly -] -readonly -attribute -boolean -isSecureContextIfOpenerIgnored -; -} -; partial interface Window diff --git a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm index a4a8229467d6c..ed8f1885a3e10 100644 --- a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm +++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm @@ -275,125 +275,6 @@ security . * * -Note -: -* -This -module -uses -isSecureContextIfOpenerIgnored -instead -of -isSecureContext -. -* -* -We -don -' -t -want -to -expose -JavaScript -APIs -in -a -non -- -Secure -Context -even -if -* -the -context -is -only -insecure -because -the -windows -has -an -insecure -opener -. -* -Doing -so -prevents -sites -from -implementing -postMessage -workarounds -to -enable -* -an -insecure -opener -to -gain -access -to -Secure -Context -- -only -APIs -. -However -* -in -the -case -of -form -fields -such -as -password -fields -we -don -' -t -need -to -worry -* -about -whether -the -opener -is -secure -or -not -. -In -fact -to -flag -a -password -* -field -as -insecure -in -such -circumstances -would -unnecessarily -confuse -our -* -users -. -* / this . @@ -925,17 +806,6 @@ isFormSecure aForm ) { -/ -/ -Ignores -window -. -opener -see -top -level -documentation -. let isSafePage = @@ -945,7 +815,7 @@ ownerDocument . defaultView . -isSecureContextIfOpenerIgnored +isSecureContext ; / / @@ -1205,17 +1075,6 @@ aForm . ownerDocument ; -/ -/ -Ignores -window -. -opener -see -top -level -documentation -. let isSafePage = @@ -1223,7 +1082,7 @@ domDoc . defaultView . -isSecureContextIfOpenerIgnored +isSecureContext ; let { diff --git a/toolkit/components/passwordmgr/LoginManagerContent.jsm b/toolkit/components/passwordmgr/LoginManagerContent.jsm index 50f4bd50ab626..2807978e02438 100644 --- a/toolkit/components/passwordmgr/LoginManagerContent.jsm +++ b/toolkit/components/passwordmgr/LoginManagerContent.jsm @@ -3164,31 +3164,6 @@ size > 0 ; -/ -/ -Ignores -window -. -opener -because -it -' -s -not -relevant -for -indicating -/ -/ -form -security -. -See -InsecurePasswordUtils -docs -for -details -. return ( hasLoginForm @@ -3197,7 +3172,7 @@ hasLoginForm ! thisWindow . -isSecureContextIfOpenerIgnored +isSecureContext ) | | diff --git a/toolkit/components/passwordmgr/test/browser/browser.ini b/toolkit/components/passwordmgr/test/browser/browser.ini index 93aa5b7e8bb5b..8e7890a806f82 100644 --- a/toolkit/components/passwordmgr/test/browser/browser.ini +++ b/toolkit/components/passwordmgr/test/browser/browser.ini @@ -214,6 +214,13 @@ browser_http_autofill . js ] +support +- +files += +form_cross_origin_insecure_action +. +html [ browser_insecurePasswordConsoleWarning .