Commit b5a27709 authored by Tim Huang's avatar Tim Huang
Browse files

Bug 1641153 - Part 2: Add checking nested iframe in the... 

Bug 1641153 - Part 2: Add checking nested iframe in the ContentBlocking::ShouldAllowAccessFor(channel). r=dimi

We should check the nested iframe in the
ContentBlocking::ShouldAllowAccessFor(channel) as well. This patch
implements this.

Differential Revision: https://phabricator.services.mozilla.com/D77075
parent 6001a77e

toolkit/components/antitracking/AntiTrackingUtils.h

+4 −1
Original line number Diff line number Diff line
@@ -58,7 +58,10 @@ class AntiTrackingUtils final { 
                                     uint32_t aBlockedReason);



  // Returns true if the storage permission is granted for the given channel.

  // And this is meant to be called in the parent process.

  // And this is meant to be called in the parent process. This only reflects

  // the fact that whether the channel has the storage permission. It doesn't

  // take the window hierarchy into account. i.e. this will return true even

  // for a nested iframe that has storage permission.

  static bool HasStoragePermissionInParent(nsIChannel* aChannel);



  // Returns the toplevel inner window id, returns 0 if this is a toplevel

toolkit/components/antitracking/ContentBlocking.cpp

+13 −3
Original line number Diff line number Diff line
@@ -1111,10 +1111,20 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI, 
  rv = loadInfo->GetTargetBrowsingContext(getter_AddRefs(targetBC));

  if (!targetBC || NS_WARN_IF(NS_FAILED(rv))) {

    LOG(("Failed to get the channel's target browsing context"));

    return false;

  }



  // We will only allow the storage access for the channel of the first-level

  // iframe or top-level sub-resource in cookie behavior

  // BEHAVIOR_REJECT_TRACKER.

  if (behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER &&

      !targetBC->IsTopContent() &&

      !AntiTrackingUtils::IsFirstLevelSubContext(targetBC)) {

    *aRejectedReason = blockedReason;

    return false;

  }



  if (targetBC && thirdParty &&

      Document::StorageAccessSandboxed(targetBC->GetSandboxFlags())) {

  if (Document::StorageAccessSandboxed(targetBC->GetSandboxFlags())) {

    LOG(("Our document is sandboxed"));

    return false;

  }
@@ -1140,7 +1150,7 @@ bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI, 
  bool isDocument = false;

  aChannel->GetIsDocument(&isDocument);



  if (isDocument && targetBC) {

  if (isDocument) {

    nsCOMPtr<nsPIDOMWindowInner> inner =

        AntiTrackingUtils::GetInnerWindow(targetBC);

    if (inner && inner->HasStorageAccessGranted()) {