Bug 1543911 - Move BasePrincipal::CloneStrippingUserContextIdAndFirst…

… into nsPermission to avoid misuses, r=johannh Differential Revision: https://phabricator.services.mozilla.com/D27235 --HG-- extra : moz-landing-system : lando
dothq · Apr 15, 2019 · 123be5d · 123be5d
1 parent d640f89
commit 123be5d
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 28 deletions.
diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp
@@ -438,23 +438,6 @@ already_AddRefed<BasePrincipal> BasePrincipal::CreateCodebasePrincipal(
   return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
 }
 
-already_AddRefed<BasePrincipal>
-BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain() {
-  OriginAttributes attrs = OriginAttributesRef();
-  attrs.StripAttributes(OriginAttributes::STRIP_USER_CONTEXT_ID |
-                        OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
-
-  nsAutoCString originNoSuffix;
-  nsresult rv = GetOriginNoSuffix(originNoSuffix);
-  NS_ENSURE_SUCCESS(rv, nullptr);
-
-  nsCOMPtr<nsIURI> uri;
-  rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
-  NS_ENSURE_SUCCESS(rv, nullptr);
-
-  return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-}
-
 already_AddRefed<BasePrincipal> BasePrincipal::CloneForcingFirstPartyDomain(
     nsIURI* aURI) {
   if (NS_WARN_IF(!IsCodebasePrincipal())) {

diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h
@@ -166,9 +166,6 @@ class BasePrincipal : public nsJSPrincipals {
 
   PrincipalKind Kind() const { return mKind; }
 
-  already_AddRefed<BasePrincipal>
-  CloneStrippingUserContextIdAndFirstPartyDomain();
-
   already_AddRefed<BasePrincipal> CloneForcingFirstPartyDomain(nsIURI* aURI);
 
   already_AddRefed<BasePrincipal> CloneForcingOriginAttributes(

diff --git a/dom/permission/PermissionStatus.cpp b/dom/permission/PermissionStatus.cpp
@@ -11,6 +11,7 @@
 #include "nsIPermissionManager.h"
 #include "PermissionObserver.h"
 #include "PermissionUtils.h"
+#include "nsPermission.h"
 
 namespace mozilla {
 namespace dom {
@@ -96,8 +97,7 @@ already_AddRefed<nsIPrincipal> PermissionStatus::GetPrincipal() const {
   }
 
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::Cast(doc->NodePrincipal())
-          ->CloneStrippingUserContextIdAndFirstPartyDomain();
+      nsPermission::ClonePrincipalForPermission(doc->NodePrincipal());
   NS_ENSURE_TRUE(principal, nullptr);
 
   return principal.forget();

diff --git a/dom/permission/moz.build b/dom/permission/moz.build
@@ -19,6 +19,10 @@ UNIFIED_SOURCES += [
     'PermissionUtils.cpp',
 ]
 
+LOCAL_INCLUDES += [
+    '/extensions/cookie',
+]
+
 MOCHITEST_MANIFESTS += ['tests/mochitest.ini']
 
 FINAL_LIBRARY = 'xul'

diff --git a/extensions/cookie/nsPermission.cpp b/extensions/cookie/nsPermission.cpp
@@ -23,16 +23,34 @@ nsPermission::nsPermission(nsIPrincipal* aPrincipal, const nsACString& aType,
       mExpireType(aExpireType),
       mExpireTime(aExpireTime) {}
 
+already_AddRefed<nsIPrincipal> nsPermission::ClonePrincipalForPermission(
+    nsIPrincipal* aPrincipal) {
+  MOZ_ASSERT(aPrincipal);
+
+  mozilla::OriginAttributes attrs = aPrincipal->OriginAttributesRef();
+  attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID |
+                        mozilla::OriginAttributes::STRIP_FIRST_PARTY_DOMAIN);
+
+  nsAutoCString originNoSuffix;
+  nsresult rv = aPrincipal->GetOriginNoSuffix(originNoSuffix);
+  NS_ENSURE_SUCCESS(rv, nullptr);
+
+  nsCOMPtr<nsIURI> uri;
+  rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
+  NS_ENSURE_SUCCESS(rv, nullptr);
+
+  return mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+}
+
 already_AddRefed<nsPermission> nsPermission::Create(nsIPrincipal* aPrincipal,
                                                     const nsACString& aType,
                                                     uint32_t aCapability,
                                                     uint32_t aExpireType,
                                                     int64_t aExpireTime) {
   NS_ENSURE_TRUE(aPrincipal, nullptr);
-  nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::Cast(aPrincipal)
-          ->CloneStrippingUserContextIdAndFirstPartyDomain();
 
+  nsCOMPtr<nsIPrincipal> principal =
+      nsPermission::ClonePrincipalForPermission(aPrincipal);
   NS_ENSURE_TRUE(principal, nullptr);
 
   RefPtr<nsPermission> permission =
@@ -80,9 +98,7 @@ nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost,
   *aMatches = false;
 
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::Cast(aPrincipal)
-          ->CloneStrippingUserContextIdAndFirstPartyDomain();
-
+      nsPermission::ClonePrincipalForPermission(aPrincipal);
   if (!principal) {
     *aMatches = false;
     return NS_OK;

diff --git a/extensions/cookie/nsPermission.h b/extensions/cookie/nsPermission.h
@@ -23,6 +23,12 @@ class nsPermission : public nsIPermission {
                                                uint32_t aExpireType,
                                                int64_t aExpireTime);
 
+  // This method creates a new nsIPrincipal with a stripped OriginAttributes (no
+  // userContextId, and no FirstPartyDomain) and a codebase equal to the origin
+  // of 'aPrincipal'.
+  static already_AddRefed<nsIPrincipal> ClonePrincipalForPermission(
+      nsIPrincipal* aPrincipal);
+
  protected:
   nsPermission(nsIPrincipal* aPrincipal, const nsACString& aType,
                uint32_t aCapability, uint32_t aExpireType, int64_t aExpireTime);