Commit af4663d1 authored by Arthur Edelstein's avatar Arthur Edelstein Committed by Mike Perry
Browse files

Bug #10819: Add a pref, "privacy.thirdparty.isolate", to allow the activation... 

Bug #10819: Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
parent f9dc66d1

browser/app/profile/firefox.js

+8 −0
Original line number Diff line number Diff line
@@ -517,6 +517,14 @@ pref("privacy.sanitize.migrateFx3Prefs", false); 


pref("network.proxy.share_proxy_settings",  false); // use the same proxy settings for all protocols



// The privacy.thirdparty.isolate pref determines whether

// an isolated DOM Storage map and image cache are

// maintained for each URL bar domain.

// 0 - No isolation

// 1 - Enable isolation in private windows

// 2 - Enable isolation everywhere

pref("privacy.thirdparty.isolate",          1);



// simple gestures support

pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate");

pref("browser.gesture.swipe.right", "Browser:ForwardOrForwardDuplicate");

content/base/src/ThirdPartyUtil.cpp

+34 −0
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */



#include "ThirdPartyUtil.h"

#include "mozilla/Preferences.h"

#include "nsNetUtil.h"

#include "nsIServiceManager.h"

#include "nsIHttpChannelInternal.h"
@@ -411,6 +412,39 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI, 
  return NS_OK;

}



// Returns true if First Party Isolation is currently active for the given nsIChannel.

// Depends on Preference setting and possibly the state of Private Browsing mode.

bool ThirdPartyUtil::IsFirstPartyIsolationActive(nsIChannel *aChannel, nsIDocument *aDoc)

{

  int32_t isolationState = mozilla::Preferences::GetInt("privacy.thirdparty.isolate");

  if (isolationState == 1) {

    if (!aChannel && aDoc) {

      // No channel passed directly. Can we get a channel from aDoc?

      aChannel = aDoc->GetChannel();

    }

    return aChannel && NS_UsePrivateBrowsing(aChannel);

  } else { // (isolationState == 0) || (isolationState == 2)

    return (isolationState == 2);

  }

}



// Produces a URI that uniquely identifies the first party to which

// image cache and dom storage objects should be isolated. If isolation

// is deactivated, then aOutput will return null.

// Not scriptable due to the use of an nsIDocument parameter.

NS_IMETHODIMP

ThirdPartyUtil::GetFirstPartyIsolationURI(nsIChannel *aChannel, nsIDocument *aDoc, nsIURI **aOutput)

{

  bool isolationActive = IsFirstPartyIsolationActive(aChannel, aDoc);

  if (isolationActive) {

    return GetFirstPartyURI(aChannel, aDoc, aOutput);

  } else {

    // We return a null pointer when isolation is off.

    *aOutput = nullptr;

    return NS_OK;

  }

}



// Not scriptable due to the use of an nsIDocument parameter.

NS_IMETHODIMP

ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,

content/base/src/ThirdPartyUtil.h

+1 −0
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ public: 
private:

  nsresult IsThirdPartyInternal(const nsCString& aFirstDomain,

    nsIURI* aSecondURI, bool* aResult);

  bool IsFirstPartyIsolationActive(nsIChannel* aChannel, nsIDocument* aDoc);

  bool SchemeIsWhiteListed(nsIURI *aURI);

  static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);

  static nsresult GetOriginatingURI(nsIChannel  *aChannel, nsIURI **aURI);

content/base/src/nsContentUtils.cpp

+14 −14
Original line number Diff line number Diff line
@@ -2693,14 +2693,14 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument, 
  // Make the URI immutable so people won't change it under us

  NS_TryToSetImmutable(aURI);

 

  nsCOMPtr<nsIURI> firstPartyURI;

  nsCOMPtr<nsIURI> firstPartyIsolationURI;

  nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc

                               = do_GetService(THIRDPARTYUTIL_CONTRACTID);

  thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument,

                                  getter_AddRefs(firstPartyURI));

  thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aLoadingDocument,

                                           getter_AddRefs(firstPartyIsolationURI));



  return imgLoader->LoadImage(aURI,                   /* uri to load */

                              firstPartyURI,        /* firstPartyURI */

                              firstPartyIsolationURI, /* firstPartyIsolationURI, NULL if isolation is not active */

                              aReferrer,              /* referrer */

                              aLoadingPrincipal,      /* loading principal */

                              loadGroup,              /* loadgroup */

docshell/base/nsDocShell.cpp

+5 −5
Original line number Diff line number Diff line
@@ -2698,18 +2698,18 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal, 
      return NS_ERROR_FAILURE;



    nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));

    nsCOMPtr<nsIURI> firstPartyURI;

    nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc,

                                           getter_AddRefs(firstPartyURI));

    nsCOMPtr<nsIURI> firstPartyIsolationURI;

    nsresult rv = thirdPartyUtil->GetFirstPartyIsolationURI(nullptr, doc,

                                           getter_AddRefs(firstPartyIsolationURI));

    NS_ENSURE_SUCCESS(rv, rv);



    if (aCreate) {

        return manager->CreateStorageForFirstParty(firstPartyURI,

        return manager->CreateStorageForFirstParty(firstPartyIsolationURI,

                                      aPrincipal, aDocumentURI,

                                      mInPrivateBrowsing, aStorage);

    }



    return manager->GetStorageForFirstParty(firstPartyURI, aPrincipal,

    return manager->GetStorageForFirstParty(firstPartyIsolationURI, aPrincipal,

                                            mInPrivateBrowsing, aStorage);

}