fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.

Bug 40175: Use first-party isolation on reader view

fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
255203a3 · cypherpunks1 · ma1 · 968d3923 · 255203a3
Commit 255203a3 authored Aug 21, 2023 by cypherpunks1 Committed by ma1 Aug 21, 2023
--- a/toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs
+++ b/toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs
@@ -300,6 +300,17 @@ class TorDomainIsolatorImpl {
      const channel = aChannel.QueryInterface(Ci.nsIChannel);
      let firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;
      const userContextId = channel.loadInfo.originAttributes.userContextId;
+      const loadingPrincipalURI = channel.loadInfo.loadingPrincipal?.URI;
+      if (loadingPrincipalURI?.spec.startsWith("about:reader")) {
+        try {
+          const searchParams = new URLSearchParams(loadingPrincipalURI.query);
+          if (searchParams.has("url")) {
+            firstPartyDomain = Services.eTLD.getSchemelessSite(Services.io.newURI(searchParams.get("url")));
+          }
+        } catch (e) {
+          logger.error("Failed to get first party domain for about:reader", e);
+        }
+      }
      if (!firstPartyDomain) {
        firstPartyDomain = CATCHALL_DOMAIN;
        if (Date.now() - this.#catchallDirtySince > CATCHALL_MAX_LIFETIME) {
@@ -629,6 +640,8 @@ class TorDomainIsolatorImpl {
 function getDomainForBrowser(browser) {
  let fpd = browser.contentPrincipal.originAttributes.firstPartyDomain;

+  const { documentURI } = browser;
+  if (documentURI && documentURI.schemeIs("about")) {
    // Bug 31562: For neterror or certerror, get the original URL from
    // browser.currentURI and use it to calculate the firstPartyDomain.
    const knownErrors = [
@@ -636,12 +649,7 @@ function getDomainForBrowser(browser) {
      "about:certerror",
      "about:httpsonlyerror",
    ];
-  const { documentURI } = browser;
-  if (
-    documentURI &&
-    documentURI.schemeIs("about") &&
-    knownErrors.some(x => documentURI.spec.startsWith(x))
-  ) {
+    if (knownErrors.some(x => documentURI.spec.startsWith(x))) {
      const knownSchemes = ["http", "https"];
      const currentURI = browser.currentURI;
      if (currentURI && knownSchemes.some(x => currentURI.schemeIs(x))) {
@@ -661,6 +669,16 @@ function getDomainForBrowser(browser) {
          }
        }
      }
+    } else if (documentURI.spec.startsWith("about:reader")) {
+      try {
+        const searchParams = new URLSearchParams(documentURI.query);
+        if (searchParams.has("url")) {
+          fpd = Services.eTLD.getSchemelessSite(Services.io.newURI(searchParams.get("url")));
+        }
+      } catch (e) {
+        logger.error("Failed to get first party domain for about:reader", e);
+      }
+    }
  }

  return fpd;