Merge branch 'ported-upstream'

6 files changed, 73 insertions, 13 deletions

diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp
index 3d6f069d2..85b3d07bf 100644
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
   mDocument->SetHeaderData(aHeader, aValue);
 
   if (aHeader == nsGkAtoms::setcookie) {
+    // Don't allow setting cookies in cookie-averse documents.
+    if (mDocument->IsCookieAverse()) {
+      return NS_OK;
+    }
+
     // Note: Necko already handles cookies set via the channel.  We can't just
     // call SetCookie on the channel because we want to do some security checks
     // here.
diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h
index 5b10c9914..8f35e9ba5 100644
--- a/dom/base/nsIDocument.h
+++ b/dom/base/nsIDocument.h
@@ -1923,6 +1923,34 @@ public:
     return mMarkedCCGeneration;
   }
 
+  /**
+   * Returns whether this document is cookie-averse. See
+   * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object
+   */
+  bool IsCookieAverse() const
+  {
+    // If we are a document that "has no browsing context."
+    if (!GetInnerWindow()) {
+      return true;
+    }
+
+    // If we are a document "whose URL's scheme is not a network scheme."
+    // NB: Explicitly allow file: URIs to store cookies.
+    nsCOMPtr<nsIURI> codebaseURI;
+    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
+
+    if (!codebaseURI) {
+      return true;
+    }
+
+    nsAutoCString scheme;
+    codebaseURI->GetScheme(scheme);
+    return !scheme.EqualsLiteral("http") &&
+           !scheme.EqualsLiteral("https") &&
+           !scheme.EqualsLiteral("ftp") &&
+           !scheme.EqualsLiteral("file");
+  }
+
   bool IsLoadedAsData()
   {
     return mLoadedAsData;
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp
index dc53ea5fa..323c851c1 100644
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -169,6 +169,7 @@ nsIAtom** const kAttributesHTML[] = {
   &nsGkAtoms::contextmenu,
   &nsGkAtoms::controls,
   &nsGkAtoms::coords,
+  &nsGkAtoms::crossorigin,
   &nsGkAtoms::datetime,
   &nsGkAtoms::dir,
   &nsGkAtoms::disabled,
@@ -185,6 +186,7 @@ nsIAtom** const kAttributesHTML[] = {
   &nsGkAtoms::hreflang,
   &nsGkAtoms::icon,
   &nsGkAtoms::id,
+  &nsGkAtoms::integrity,
   &nsGkAtoms::ismap,
   &nsGkAtoms::itemid,
   &nsGkAtoms::itemprop,
diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp
index 5e6302941..7d66aab04 100644
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@@ -1255,6 +1255,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv)
     rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
+
+  // If the document is a cookie-averse document, return an empty string.
+  if (IsCookieAverse()) {
+    return;
+  }
   
   // not having a cookie service isn't an error
   nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID);
@@ -1310,6 +1315,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv)
     return;
   }
 
+  // If the document is a cookie-averse document, do nothing.
+  if (IsCookieAverse()) {
+    return;
+  }
+
   // not having a cookie service isn't an error
   nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID);
   if (service && mDocumentURI) {
diff --git a/dom/media/systemservices/MediaParent.cpp b/dom/media/systemservices/MediaParent.cpp
index 109a44a28..89a495f6a 100644
--- a/dom/media/systemservices/MediaParent.cpp
+++ b/dom/media/systemservices/MediaParent.cpp
@@ -37,6 +37,7 @@ mozilla::LazyLogModule gMediaParentLog("MediaParent");
 namespace mozilla {
 namespace media {
 
+StaticMutex sOriginKeyStoreMutex;
 static OriginKeyStore* sOriginKeyStore = nullptr;
 
 class OriginKeyStore : public nsISupports
@@ -332,6 +333,7 @@ class OriginKeyStore : public nsISupports
 private:
   virtual ~OriginKeyStore()
   {
+    StaticMutexAutoLock lock(sOriginKeyStoreMutex);
     sOriginKeyStore = nullptr;
     LOG((__FUNCTION__));
   }
@@ -340,6 +342,7 @@ public:
   static OriginKeyStore* Get()
   {
     MOZ_ASSERT(NS_IsMainThread());
+    StaticMutexAutoLock lock(sOriginKeyStoreMutex);
     if (!sOriginKeyStore) {
       sOriginKeyStore = new OriginKeyStore();
     }
@@ -384,8 +387,8 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId,
     return false;
   }
 
-  // Then over to stream-transport thread to do the actual file io.
-  // Stash a pledge to hold the answer and get an id for this request.
+  // Then over to stream-transport thread (a thread pool) to do the actual
+  // file io. Stash a pledge to hold the answer and get an id for this request.
 
   RefPtr<Pledge<nsCString>> p = new Pledge<nsCString>();
   uint32_t id = mOutstandingPledges.Append(*p);
@@ -397,12 +400,17 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId,
   rv = sts->Dispatch(NewRunnableFrom([this, that, id, profileDir, aOrigin,
                                       aPrivateBrowsing, aPersist]() -> nsresult {
     MOZ_ASSERT(!NS_IsMainThread());
-    mOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+    StaticMutexAutoLock lock(sOriginKeyStoreMutex);
+    if (!sOriginKeyStore) {
+      return NS_ERROR_FAILURE;
+    }
+    sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+
     nsCString result;
     if (aPrivateBrowsing) {
-      mOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result);
+      sOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result);
     } else {
-      mOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist);
+      sOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist);
     }
 
     // Pass result back to main thread.
@@ -450,19 +458,21 @@ Parent<Super>::RecvSanitizeOriginKeys(const uint64_t& aSinceWhen,
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return false;
   }
-  // Over to stream-transport thread to do the file io.
+  // Over to stream-transport thread (a thread pool) to do the file io.
 
   nsCOMPtr<nsIEventTarget> sts = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
   MOZ_ASSERT(sts);
-  RefPtr<OriginKeyStore> store(mOriginKeyStore);
-
-  rv = sts->Dispatch(NewRunnableFrom([profileDir, store, aSinceWhen,
+  rv = sts->Dispatch(NewRunnableFrom([profileDir, aSinceWhen,
                                       aOnlyPrivateBrowsing]() -> nsresult {
     MOZ_ASSERT(!NS_IsMainThread());
-    store->mPrivateBrowsingOriginKeys.Clear(aSinceWhen);
+    StaticMutexAutoLock lock(sOriginKeyStoreMutex);
+    if (!sOriginKeyStore) {
+      return NS_ERROR_FAILURE;
+    }
+    sOriginKeyStore->mPrivateBrowsingOriginKeys.Clear(aSinceWhen);
     if (!aOnlyPrivateBrowsing) {
-      store->mOriginKeys.SetProfileDir(profileDir);
-      store->mOriginKeys.Clear(aSinceWhen);
+      sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+      sOriginKeyStore->mOriginKeys.Clear(aSinceWhen);
     }
     return NS_OK;
   }), NS_DISPATCH_NORMAL);
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index a9aca5333..4e80dce3f 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -337,7 +337,11 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
                   nullptr,              // aExtra
                   requestingPrincipal,
                   &decision);
-  NS_ENSURE_SUCCESS(rv, rv);
+  if (NS_FAILED(rv)) {
+    autoCallback.DontCallback();
+    aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+    return NS_BINDING_FAILED;
+  }
 
   if (nsMixedContentBlocker::sSendHSTSPriming) {
     // The LoadInfo passed in is for the original channel, HSTS priming needs to
@@ -358,6 +362,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
   // If the channel is about to load mixed content, abort the channel
   if (!NS_CP_ACCEPTED(decision)) {
     autoCallback.DontCallback();
+    aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
     return NS_BINDING_FAILED;
   }