Loading browser/base/content/browser.js +12 −9 Original line number Diff line number Diff line Loading @@ -6834,7 +6834,7 @@ var CanvasPermissionPromptHelper = { }, // aSubject is an nsIBrowser (e10s) or an nsIDOMWindow (non-e10s). // aData is an URL string. // aData is an Origin string. observe(aSubject, aTopic, aData) { if (aTopic != this._permissionsPrompt) { return; Loading @@ -6848,7 +6848,6 @@ var CanvasPermissionPromptHelper = { browser = aSubject.QueryInterface(Ci.nsIBrowser); } let uri = Services.io.newURI(aData); if (gBrowser.selectedBrowser !== browser) { // Must belong to some other window. return; Loading @@ -6856,8 +6855,12 @@ var CanvasPermissionPromptHelper = { let message = gNavigatorBundle.getFormattedString("canvas.siteprompt", ["<>"], 1); function setCanvasPermission(aURI, aPerm, aPersistent) { Services.perms.add(aURI, "canvas", aPerm, let principal = Services.scriptSecurityManager .createCodebasePrincipalFromOrigin(aData); function setCanvasPermission(aPerm, aPersistent) { Services.perms.addFromPrincipal( principal, "canvas", aPerm, aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER : Ci.nsIPermissionManager.EXPIRE_SESSION); } Loading @@ -6866,7 +6869,7 @@ var CanvasPermissionPromptHelper = { label: gNavigatorBundle.getString("canvas.allow"), accessKey: gNavigatorBundle.getString("canvas.allow.accesskey"), callback(state) { setCanvasPermission(uri, Ci.nsIPermissionManager.ALLOW_ACTION, setCanvasPermission(Ci.nsIPermissionManager.ALLOW_ACTION, state && state.checkboxChecked); } }; Loading @@ -6875,7 +6878,7 @@ var CanvasPermissionPromptHelper = { label: gNavigatorBundle.getString("canvas.notAllow"), accessKey: gNavigatorBundle.getString("canvas.notAllow.accesskey"), callback(state) { setCanvasPermission(uri, Ci.nsIPermissionManager.DENY_ACTION, setCanvasPermission(Ci.nsIPermissionManager.DENY_ACTION, state && state.checkboxChecked); } }]; Loading @@ -6891,7 +6894,7 @@ var CanvasPermissionPromptHelper = { let options = { checkbox, name: uri.asciiHost, name: principal.URI.host, learnMoreURL: Services.urlFormatter.formatURLPref("app.support.baseURL") + "fingerprint-permission", }; PopupNotifications.show(browser, aTopic, message, this._notificationIcon, Loading dom/canvas/CanvasUtils.cpp +16 −7 Original line number Diff line number Diff line Loading @@ -58,7 +58,12 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Documents with system principal can always extract canvas data. nsPIDOMWindowOuter *win = aDocument->GetWindow(); nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) { if (!sop) { return false; } nsCOMPtr<nsIPrincipal> principal(sop->GetPrincipal()); if (principal && nsContentUtils::IsSystemPrincipal(principal)) { return true; } Loading Loading @@ -127,7 +132,7 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Check if the site has permission to extract canvas data. // Either permit or block extraction if a stored permission setting exists. uint32_t permission; rv = permissionManager->TestPermission(topLevelDocURI, rv = permissionManager->TestPermissionFromPrincipal(principal, PERMISSION_CANVAS_EXTRACT_DATA, &permission); NS_ENSURE_SUCCESS(rv, false); Loading Loading @@ -165,16 +170,20 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) nsContentUtils::LogMessageToConsole(message.get()); // Prompt the user (asynchronous). nsAutoCString origin; rv = principal->GetOrigin(origin); NS_ENSURE_SUCCESS(rv, false); if (XRE_IsContentProcess()) { TabChild* tabChild = TabChild::GetFrom(win); if (tabChild) { tabChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec); tabChild->SendShowCanvasPermissionPrompt(origin); } } else { nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); if (obs) { obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, NS_ConvertUTF8toUTF16(topLevelDocURISpec).get()); NS_ConvertUTF8toUTF16(origin).get()); } } Loading dom/ipc/PBrowser.ipdl +2 −2 Original line number Diff line number Diff line Loading @@ -584,9 +584,9 @@ parent: * This function is used to notify the parent that it should display a * canvas permission prompt. * * @param aFirstPartyURI first party of the tab that is requesting access. * @param aOrigin origin string of the document that is requesting access. */ async ShowCanvasPermissionPrompt(nsCString aFirstPartyURI); async ShowCanvasPermissionPrompt(nsCString aOrigin); child: /** Loading dom/ipc/TabParent.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -3578,7 +3578,7 @@ TabParent::RecvLookUpDictionary(const nsString& aText, } mozilla::ipc::IPCResult TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) { nsCOMPtr<nsIBrowser> browser = do_QueryInterface(mFrameElement); if (!browser) { Loading @@ -3591,7 +3591,7 @@ TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) return IPC_FAIL_NO_REASON(this); } nsresult rv = os->NotifyObservers(browser, "canvas-permissions-prompt", NS_ConvertUTF8toUTF16(aFirstPartyURI).get()); NS_ConvertUTF8toUTF16(aOrigin).get()); if (NS_FAILED(rv)) { return IPC_FAIL_NO_REASON(this); } Loading dom/ipc/TabParent.h +1 −1 Original line number Diff line number Diff line Loading @@ -633,7 +633,7 @@ protected: virtual mozilla::ipc::IPCResult RecvGetTabCount(uint32_t* aValue) override; virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) override; virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) override; ContentCacheInParent mContentCache; Loading Loading
browser/base/content/browser.js +12 −9 Original line number Diff line number Diff line Loading @@ -6834,7 +6834,7 @@ var CanvasPermissionPromptHelper = { }, // aSubject is an nsIBrowser (e10s) or an nsIDOMWindow (non-e10s). // aData is an URL string. // aData is an Origin string. observe(aSubject, aTopic, aData) { if (aTopic != this._permissionsPrompt) { return; Loading @@ -6848,7 +6848,6 @@ var CanvasPermissionPromptHelper = { browser = aSubject.QueryInterface(Ci.nsIBrowser); } let uri = Services.io.newURI(aData); if (gBrowser.selectedBrowser !== browser) { // Must belong to some other window. return; Loading @@ -6856,8 +6855,12 @@ var CanvasPermissionPromptHelper = { let message = gNavigatorBundle.getFormattedString("canvas.siteprompt", ["<>"], 1); function setCanvasPermission(aURI, aPerm, aPersistent) { Services.perms.add(aURI, "canvas", aPerm, let principal = Services.scriptSecurityManager .createCodebasePrincipalFromOrigin(aData); function setCanvasPermission(aPerm, aPersistent) { Services.perms.addFromPrincipal( principal, "canvas", aPerm, aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER : Ci.nsIPermissionManager.EXPIRE_SESSION); } Loading @@ -6866,7 +6869,7 @@ var CanvasPermissionPromptHelper = { label: gNavigatorBundle.getString("canvas.allow"), accessKey: gNavigatorBundle.getString("canvas.allow.accesskey"), callback(state) { setCanvasPermission(uri, Ci.nsIPermissionManager.ALLOW_ACTION, setCanvasPermission(Ci.nsIPermissionManager.ALLOW_ACTION, state && state.checkboxChecked); } }; Loading @@ -6875,7 +6878,7 @@ var CanvasPermissionPromptHelper = { label: gNavigatorBundle.getString("canvas.notAllow"), accessKey: gNavigatorBundle.getString("canvas.notAllow.accesskey"), callback(state) { setCanvasPermission(uri, Ci.nsIPermissionManager.DENY_ACTION, setCanvasPermission(Ci.nsIPermissionManager.DENY_ACTION, state && state.checkboxChecked); } }]; Loading @@ -6891,7 +6894,7 @@ var CanvasPermissionPromptHelper = { let options = { checkbox, name: uri.asciiHost, name: principal.URI.host, learnMoreURL: Services.urlFormatter.formatURLPref("app.support.baseURL") + "fingerprint-permission", }; PopupNotifications.show(browser, aTopic, message, this._notificationIcon, Loading
dom/canvas/CanvasUtils.cpp +16 −7 Original line number Diff line number Diff line Loading @@ -58,7 +58,12 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Documents with system principal can always extract canvas data. nsPIDOMWindowOuter *win = aDocument->GetWindow(); nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) { if (!sop) { return false; } nsCOMPtr<nsIPrincipal> principal(sop->GetPrincipal()); if (principal && nsContentUtils::IsSystemPrincipal(principal)) { return true; } Loading Loading @@ -127,7 +132,7 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Check if the site has permission to extract canvas data. // Either permit or block extraction if a stored permission setting exists. uint32_t permission; rv = permissionManager->TestPermission(topLevelDocURI, rv = permissionManager->TestPermissionFromPrincipal(principal, PERMISSION_CANVAS_EXTRACT_DATA, &permission); NS_ENSURE_SUCCESS(rv, false); Loading Loading @@ -165,16 +170,20 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) nsContentUtils::LogMessageToConsole(message.get()); // Prompt the user (asynchronous). nsAutoCString origin; rv = principal->GetOrigin(origin); NS_ENSURE_SUCCESS(rv, false); if (XRE_IsContentProcess()) { TabChild* tabChild = TabChild::GetFrom(win); if (tabChild) { tabChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec); tabChild->SendShowCanvasPermissionPrompt(origin); } } else { nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); if (obs) { obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, NS_ConvertUTF8toUTF16(topLevelDocURISpec).get()); NS_ConvertUTF8toUTF16(origin).get()); } } Loading
dom/ipc/PBrowser.ipdl +2 −2 Original line number Diff line number Diff line Loading @@ -584,9 +584,9 @@ parent: * This function is used to notify the parent that it should display a * canvas permission prompt. * * @param aFirstPartyURI first party of the tab that is requesting access. * @param aOrigin origin string of the document that is requesting access. */ async ShowCanvasPermissionPrompt(nsCString aFirstPartyURI); async ShowCanvasPermissionPrompt(nsCString aOrigin); child: /** Loading
dom/ipc/TabParent.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -3578,7 +3578,7 @@ TabParent::RecvLookUpDictionary(const nsString& aText, } mozilla::ipc::IPCResult TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) { nsCOMPtr<nsIBrowser> browser = do_QueryInterface(mFrameElement); if (!browser) { Loading @@ -3591,7 +3591,7 @@ TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) return IPC_FAIL_NO_REASON(this); } nsresult rv = os->NotifyObservers(browser, "canvas-permissions-prompt", NS_ConvertUTF8toUTF16(aFirstPartyURI).get()); NS_ConvertUTF8toUTF16(aOrigin).get()); if (NS_FAILED(rv)) { return IPC_FAIL_NO_REASON(this); } Loading
dom/ipc/TabParent.h +1 −1 Original line number Diff line number Diff line Loading @@ -633,7 +633,7 @@ protected: virtual mozilla::ipc::IPCResult RecvGetTabCount(uint32_t* aValue) override; virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) override; virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) override; ContentCacheInParent mContentCache; Loading
