From 9d6e28d3d0de8ddf5e482f7938822214f4da22ba Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Thu, 13 Aug 2020 17:13:23 +0000
Subject: Issue #618: Pass down referrer and referrer policy when fetching
 modules.

Because the spec says so.
---
 dom/script/ModuleLoadRequest.cpp | 11 ++++++++---
 dom/script/ModuleLoadRequest.h   |  2 ++
 dom/script/ScriptLoader.cpp      | 30 ++++++++++++++++++------------
 dom/script/ScriptLoader.h        | 24 ++++++++++++++----------
 4 files changed, 42 insertions(+), 25 deletions(-)

(limited to 'dom/script')

diff --git a/dom/script/ModuleLoadRequest.cpp b/dom/script/ModuleLoadRequest.cpp
index a75a922e2..5b0e0bdba 100644
--- a/dom/script/ModuleLoadRequest.cpp
+++ b/dom/script/ModuleLoadRequest.cpp
@@ -28,13 +28,17 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI,
                                      uint32_t aVersion,
                                      CORSMode aCORSMode,
                                      const SRIMetadata &aIntegrity,
+                                     nsIURI* aReferrer,
+                                     mozilla::net::ReferrerPolicy aReferrerPolicy,
                                      ScriptLoader* aLoader)
   : ScriptLoadRequest(ScriptKind::Module,
                       aURI,
                       aElement,
                       aVersion,
                       aCORSMode,
-                      aIntegrity),
+                      aIntegrity,
+                      aReferrer,
+                      aReferrerPolicy),
     mIsTopLevel(true),
     mLoader(aLoader),
     mVisitedSet(new VisitedURLSet())
@@ -49,7 +53,9 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI,
                       aParent->mElement,
                       aParent->mJSVersion,
                       aParent->mCORSMode,
-                      aParent->mIntegrity),
+                      aParent->mIntegrity,
+                      aParent->mURI,
+                      aParent->mReferrerPolicy),
     mIsTopLevel(false),
     mLoader(aParent->mLoader),
     mVisitedSet(aParent->mVisitedSet)
@@ -57,7 +63,6 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI,
   MOZ_ASSERT(mVisitedSet->Contains(aURI));
 
   mIsInline = false;
-  mReferrerPolicy = aParent->mReferrerPolicy;
 }
 
 void ModuleLoadRequest::Cancel()
diff --git a/dom/script/ModuleLoadRequest.h b/dom/script/ModuleLoadRequest.h
index 2e9652881..eefb7dad5 100644
--- a/dom/script/ModuleLoadRequest.h
+++ b/dom/script/ModuleLoadRequest.h
@@ -48,6 +48,8 @@ public:
                     uint32_t aVersion,
                     CORSMode aCORSMode,
                     const SRIMetadata& aIntegrity,
+                    nsIURI* aReferrer,
+                    mozilla::net::ReferrerPolicy,
                     ScriptLoader* aLoader);
 
   // Create a module load request for an imported module.
diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
index 903822ef5..38649e1dd 100644
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -1043,7 +1043,7 @@ ScriptLoader::StartLoad(ScriptLoadRequest *aRequest, const nsAString &aType,
     httpChannel->SetRequestHeader(NS_LITERAL_CSTRING("Accept"),
                                   NS_LITERAL_CSTRING("*/*"),
                                   false);
-    httpChannel->SetReferrerWithPolicy(mDocument->GetDocumentURI(),
+    httpChannel->SetReferrerWithPolicy(aRequest->mReferrer,
                                        aRequest->mReferrerPolicy);
 
     nsCOMPtr<nsIHttpChannelInternal> internalChannel(do_QueryInterface(httpChannel));
@@ -1175,16 +1175,21 @@ ScriptLoader::CreateLoadRequest(ScriptKind aKind,
                                 nsIURI* aURI,
                                 nsIScriptElement* aElement,
                                 uint32_t aVersion, CORSMode aCORSMode,
-                                const SRIMetadata &aIntegrity)
+                                const SRIMetadata& aIntegrity,
+                                mozilla::net::ReferrerPolicy aReferrerPolicy)
 {
+  nsIURI* referrer = mDocument->GetDocumentURI();
+
   if (aKind == ScriptKind::Classic) {
     return new ScriptLoadRequest(aKind, aURI, aElement,
-                                 aVersion,aCORSMode,
-                                 aIntegrity);
+                                 aVersion, aCORSMode,
+                                 aIntegrity,
+                                 referrer, aReferrerPolicy);
   }
 
   MOZ_ASSERT(aKind == ScriptKind::Module);
-  return new ModuleLoadRequest(aURI, aElement, aVersion, aCORSMode, aIntegrity, this);
+  return new ModuleLoadRequest(aURI, aElement, aVersion, aCORSMode,
+                               aIntegrity, referrer, aReferrerPolicy, this);
 }
 
 bool
@@ -1253,6 +1258,7 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
   // Step 15. and later in the HTML5 spec
   nsresult rv = NS_OK;
   RefPtr<ScriptLoadRequest> request;
+  mozilla::net::ReferrerPolicy ourRefPolicy = mDocument->GetReferrerPolicy();
   if (aElement->GetScriptExternal()) {
     // external script
     nsCOMPtr<nsIURI> scriptURI = aElement->GetScriptURI();
@@ -1265,7 +1271,6 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
     }
 
     // Double-check that the preload matches what we're asked to load now.
-    mozilla::net::ReferrerPolicy ourRefPolicy = mDocument->GetReferrerPolicy();
     CORSMode ourCORSMode = aElement->GetCORSMode();
     nsTArray<PreloadInfo>::index_type i =
       mPreloads.IndexOf(scriptURI.get(), 0, PreloadURIComparator());
@@ -1320,9 +1325,9 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
       }
 
       request = CreateLoadRequest(scriptKind, scriptURI, aElement,
-                                  version, ourCORSMode, sriMetadata);
+                                  version, ourCORSMode, sriMetadata,
+                                  ourRefPolicy);
       request->mIsInline = false;
-      request->mReferrerPolicy = ourRefPolicy;
 
       // set aScriptFromHead to false so we don't treat non preloaded scripts as
       // blockers for full page load. See bug 792438.
@@ -1440,10 +1445,11 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
     return false;
   }
 
-  // Inline scripts ignore ther CORS mode and are always CORS_NONE
+  // Inline scripts ignore ther CORS mode and are always CORS_NONE.
   request = CreateLoadRequest(scriptKind, mDocument->GetDocumentURI(), aElement,
                               version, CORS_NONE,
-                              SRIMetadata()); // SRI doesn't apply
+                              SRIMetadata(), // SRI doesn't apply
+                              ourRefPolicy);
   request->mJSVersion = version;
   request->mIsInline = true;
   request->mLineNo = aElement->GetScriptLineNumber();
@@ -2578,9 +2584,9 @@ ScriptLoader::PreloadURI(nsIURI *aURI, const nsAString &aCharset,
 
   RefPtr<ScriptLoadRequest> request =
     CreateLoadRequest(ScriptKind::Classic, aURI, nullptr, 0,
-                      Element::StringToCORSMode(aCrossOrigin), sriMetadata);
+                      Element::StringToCORSMode(aCrossOrigin), sriMetadata,
+                      aReferrerPolicy);
   request->mIsInline = false;
-  request->mReferrerPolicy = aReferrerPolicy;
 
   nsresult rv = StartLoad(request, aType, aScriptFromHead);
   if (NS_FAILED(rv)) {
diff --git a/dom/script/ScriptLoader.h b/dom/script/ScriptLoader.h
index 4155f08f8..2a14b53ae 100644
--- a/dom/script/ScriptLoader.h
+++ b/dom/script/ScriptLoader.h
@@ -66,7 +66,9 @@ public:
                     nsIScriptElement* aElement,
                     uint32_t aVersion,
                     mozilla::CORSMode aCORSMode,
-                    const mozilla::dom::SRIMetadata &aIntegrity)
+                    const mozilla::dom::SRIMetadata& aIntegrity,
+                    nsIURI* aReferrer,
+                    mozilla::net::ReferrerPolicy aReferrerPolicy)
     : mKind(aKind),
       mElement(aElement),
       mProgress(Progress::Loading),
@@ -86,7 +88,8 @@ public:
       mLineNo(1),
       mCORSMode(aCORSMode),
       mIntegrity(aIntegrity),
-      mReferrerPolicy(mozilla::net::RP_Default)
+      mReferrer(aReferrer),
+      mReferrerPolicy(aReferrerPolicy)
   {
   }
 
@@ -173,7 +176,8 @@ public:
   int32_t mLineNo;
   const mozilla::CORSMode mCORSMode;
   const mozilla::dom::SRIMetadata mIntegrity;
-  mozilla::net::ReferrerPolicy mReferrerPolicy;
+  const nsCOMPtr<nsIURI> mReferrer;
+  const mozilla::net::ReferrerPolicy mReferrerPolicy;
 };
 
 class ScriptLoadRequestList : private mozilla::LinkedList<ScriptLoadRequest>
@@ -470,13 +474,13 @@ public:
 private:
   virtual ~ScriptLoader();
 
-  ScriptLoadRequest* CreateLoadRequest(
-    ScriptKind aKind,
-    nsIURI* aURI,
-    nsIScriptElement* aElement,
-    uint32_t aVersion,
-    mozilla::CORSMode aCORSMode,
-    const mozilla::dom::SRIMetadata &aIntegrity);
+  ScriptLoadRequest* CreateLoadRequest(ScriptKind aKind,
+                                       nsIURI* aURI,
+                                       nsIScriptElement* aElement,
+                                       uint32_t aVersion,
+                                       mozilla::CORSMode aCORSMode,
+                                       const mozilla::dom::SRIMetadata& aIntegrity,
+                                       mozilla::net::ReferrerPolicy aReferrerPolicy);
 
   /**
    * Unblocks the creator parser of the parser-blocking scripts.
-- 
cgit v1.2.3