From 6f64e487f35986f093dbb002d12554a61021b2c9 Mon Sep 17 00:00:00 2001
From: Ascrod <32915892+Ascrod@users.noreply.github.com>
Date: Thu, 5 Jul 2018 21:00:31 -0400
Subject: Bug 1456652 - SameSite cookie Reader view patch bypass

---
 toolkit/components/reader/ReaderMode.jsm | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'toolkit')

diff --git a/toolkit/components/reader/ReaderMode.jsm b/toolkit/components/reader/ReaderMode.jsm
index e9eb83154..6641e7387 100644
--- a/toolkit/components/reader/ReaderMode.jsm
+++ b/toolkit/components/reader/ReaderMode.jsm
@@ -119,7 +119,18 @@ this.ReaderMode = {
       }
     }
 
-    win.document.location = originalURL;
+    let referrerURI, principal;
+    try {
+      referrerURI = Services.io.newURI(url);
+      principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        referrerURI, win.document.nodePrincipal.originAttributes);
+    } catch (e) {
+      Cu.reportError(e);
+      return;
+    }
+    let flags =  webNav.LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL |
+      webNav.LOAD_FLAGS_DISALLOW_INHERIT_OWNER;
+    webNav.loadURI(originalURL, flags, referrerURI, null, null, principal);
   },
 
   /**
-- 
cgit v1.2.3