From 6b0c2a089eff38548af6e024a99172d2676c7cba Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Tue, 1 May 2018 00:15:28 +0200 Subject: Bug 1331686 - Pass correct triggeringPrincipal for tabs openen through ctrl-click and open link in new tab --- browser/base/content/browser.js | 23 ++++++++++++++++++----- browser/base/content/content.js | 1 + browser/base/content/tabbrowser.xml | 6 ++++++ browser/base/content/utilityOverlay.js | 2 ++ toolkit/content/widgets/browser.xml | 6 +++++- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 18f9990d0..5a00a4737 100755 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -71,6 +71,10 @@ XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing", ["gDNSService", "@mozilla.org/network/dns-service;1", "nsIDNSService"], ].forEach(([name, cc, ci]) => XPCOMUtils.defineLazyServiceGetter(this, name, cc, ci)); +XPCOMUtils.defineLazyServiceGetter(this, "gSerializationHelper", + "@mozilla.org/network/serialization-helper;1", + "nsISerializationHelper"); + XPCOMUtils.defineLazyGetter(this, "BrowserToolboxProcess", function() { let tmp = {}; Cu.import("resource://devtools/client/framework/ToolboxProcess.jsm", tmp); @@ -807,6 +811,7 @@ function _loadURIWithFlags(browser, uri, params) { if (!uri) { uri = "about:blank"; } + let triggeringPrincipal = params.triggeringPrincipal || null; let flags = params.flags || 0; let referrer = params.referrerURI; let referrerPolicy = ('referrerPolicy' in params ? params.referrerPolicy : @@ -831,7 +836,7 @@ function _loadURIWithFlags(browser, uri, params) { browser.webNavigation.loadURIWithOptions(uri, flags, referrer, referrerPolicy, - postData, null, null); + postData, null, null, triggeringPrincipal); } else { // Check if the current browser is allowed to unload. let {permitUnload, timedOut} = browser.permitUnload(); @@ -845,6 +850,9 @@ function _loadURIWithFlags(browser, uri, params) { let loadParams = { uri: uri, + triggeringPrincipal: triggeringPrincipal + ? gSerializationHelper.serializePrincipal(triggeringPrincipal) + : null, flags: flags, referrer: referrer ? referrer.spec : null, referrerPolicy: referrerPolicy, @@ -872,7 +880,7 @@ function _loadURIWithFlags(browser, uri, params) { } browser.webNavigation.loadURIWithOptions(uri, flags, referrer, referrerPolicy, - postData, null, null); + postData, null, null, triggeringPrincipal); } else { throw e; } @@ -4837,7 +4845,7 @@ nsBrowserAccess.prototype = { _openURIInNewTab: function(aURI, aReferrer, aReferrerPolicy, aIsPrivate, aIsExternal, aForceNotRemote=false, aUserContextId=Ci.nsIScriptSecurityManager.DEFAULT_USER_CONTEXT_ID, - aOpener=null) { + aOpener = null, aTriggeringPrincipal = null) { let win, needToFocusWin; // try the current window. if we're in a popup, fall back on the most recent browser window @@ -4862,6 +4870,7 @@ nsBrowserAccess.prototype = { let loadInBackground = gPrefService.getBoolPref("browser.tabs.loadDivertedInBackground"); let tab = win.gBrowser.loadOneTab(aURI ? aURI.spec : "about:blank", { + triggeringPrincipal: aTriggeringPrincipal, referrerURI: aReferrer, referrerPolicy: aReferrerPolicy, userContextId: aUserContextId, @@ -4910,9 +4919,11 @@ nsBrowserAccess.prototype = { } let referrer = aOpener ? makeURI(aOpener.location.href) : null; + let triggeringPrincipal = null; let referrerPolicy = Ci.nsIHttpChannel.REFERRER_POLICY_DEFAULT; if (aOpener && aOpener.document) { referrerPolicy = aOpener.document.referrerPolicy; + triggeringPrincipal = aOpener.document.nodePrincipal; } let isPrivate = aOpener ? PrivateBrowsingUtils.isContentWindowPrivate(aOpener) @@ -4946,7 +4957,7 @@ nsBrowserAccess.prototype = { let browser = this._openURIInNewTab(aURI, referrer, referrerPolicy, isPrivate, isExternal, forceNotRemote, userContextId, - openerWindow); + openerWindow, triggeringPrincipal); if (browser) newWindow = browser.contentWindow; break; @@ -4957,6 +4968,7 @@ nsBrowserAccess.prototype = { Ci.nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL : Ci.nsIWebNavigation.LOAD_FLAGS_NONE; gBrowser.loadURIWithFlags(aURI.spec, { + triggeringPrincipal, flags: loadflags, referrerURI: referrer, referrerPolicy: referrerPolicy, @@ -4985,7 +4997,8 @@ nsBrowserAccess.prototype = { aParams.referrerPolicy, aParams.isPrivate, isExternal, false, - userContextId); + userContextId, null, + aParams.triggeringPrincipal); if (browser) return browser.QueryInterface(Ci.nsIFrameLoaderOwner); diff --git a/browser/base/content/content.js b/browser/base/content/content.js index 8d6f0745e..2298d29c7 100644 --- a/browser/base/content/content.js +++ b/browser/base/content/content.js @@ -482,6 +482,7 @@ var ClickEventHandler = { ctrlKey: event.ctrlKey, metaKey: event.metaKey, altKey: event.altKey, href: null, title: null, bookmark: false, referrerPolicy: referrerPolicy, + triggeringPrincipal: principal, originAttributes: principal ? principal.originAttributes : {}, isContentWindowPrivate: PrivateBrowsingUtils.isContentWindowPrivate(ownerDoc.defaultView)}; diff --git a/browser/base/content/tabbrowser.xml b/browser/base/content/tabbrowser.xml index b27846835..463e74a52 100644 --- a/browser/base/content/tabbrowser.xml +++ b/browser/base/content/tabbrowser.xml @@ -1513,6 +1513,7 @@ this.webNavigation.loadURIWithOptions( aURI, aFlags, aReferrerURI, aReferrerPolicy, - aPostData, null, null)); + aPostData, null, null, aTriggeringPrincipal)); ]]> -- cgit v1.2.3