Bug 1697151 - Remove permissions.delegation.enabled pref r=pbz

Differential Revision: https://phabricator.services.mozilla.com/D185342

browser/actors/WebRTCChild.sys.mjs

@@ -392,14 +392,8 @@ function prompt(
       Ci.nsIPermissionDelegateHandler
     );
 
-  const shouldDelegatePermission =
-    permDelegateHandler.permissionDelegateFPEnabled;
-
   let secondOrigin = undefined;
-  if (
-    shouldDelegatePermission &&
-    permDelegateHandler.maybeUnsafePermissionDelegate(requestTypes)
-  ) {
+  if (permDelegateHandler.maybeUnsafePermissionDelegate(requestTypes)) {
     // We are going to prompt both first party and third party origin.
     // SecondOrigin should be third party
     secondOrigin = aContentWindow.document.nodePrincipal.origin;
@@ -412,7 +406,6 @@ function prompt(
     documentURI: aContentWindow.document.documentURI,
     secure: aSecure,
     isHandlingUserInput: aIsHandlingUserInput,
-    shouldDelegatePermission,
     requestTypes,
     sharingScreen,
     sharingAudio,

browser/actors/WebRTCParent.sys.mjs

@@ -95,9 +95,7 @@ export class WebRTCParent extends JSWindowActorParent {
           this.manager.topWindowContext.documentPrincipal.origin;
         data.isThirdPartyOrigin = isThirdPartyOrigin;
 
-        data.origin = data.shouldDelegatePermission
-          ? this.manager.topWindowContext.documentPrincipal.origin
-          : this.manager.documentPrincipal.origin;
+        data.origin = this.manager.topWindowContext.documentPrincipal.origin;
 
         let browser = this.getBrowser();
         if (browser.fxrPermissionPrompt) {
@@ -397,12 +395,9 @@ export class WebRTCParent extends JSWindowActorParent {
     }
 
     // Don't use persistent permissions from the top-level principal
-    // if we're in a cross-origin iframe and permission delegation is not
-    // allowed, or when we're handling a potentially insecure third party
+    // if we're handling a potentially insecure third party
     // through a wildcard ("*") allow attribute.
-    let limited =
-      (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) ||
-      aRequest.secondOrigin;
+    let limited = aRequest.secondOrigin;
 
     let map = lazy.webrtcUI.activePerms.get(this.manager.outerWindowId);
     // We consider a camera or mic active if it is active or was active within a
@@ -1221,15 +1216,9 @@ function prompt(aActor, aBrowser, aRequest) {
       return false;
     }
 
-    // Don't offer "always remember" action in third party with no permission
-    // delegation
-    if (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) {
-      return false;
-    }
-
     // Don't offer "always remember" action in maybe unsafe permission
     // delegation
-    if (aRequest.shouldDelegatePermission && aRequest.secondOrigin) {
+    if (aRequest.secondOrigin) {
       return false;
     }
 

browser/base/content/test/permissions/browser_permission_delegate_geo.js

@@ -119,7 +119,6 @@ add_setup(async function () {
         set: [
           ["dom.security.featurePolicy.header.enabled", true],
           ["dom.security.featurePolicy.webidl.enabled", true],
-          ["permissions.delegation.enabled", true],
           // This is the amount of time before the repeating
           // NetworkGeolocationProvider timer is stopped.
           // It needs to be less than 5000ms, or the timer will be

browser/base/content/test/permissions/browser_permissions_delegate_vibrate.js

@@ -13,7 +13,6 @@ add_task(async function testNoPermissionPrompt() {
       SpecialPowers.pushPrefEnv(
         {
           set: [
-            ["permissions.delegation.enabled", true],
             ["dom.vibrator.enabled", true],
             ["dom.security.featurePolicy.header.enabled", true],
             ["dom.security.featurePolicy.webidl.enabled", true],

browser/base/content/test/webrtc/browser_devices_get_user_media_in_frame.js

@@ -2,10 +2,6 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-SpecialPowers.pushPrefEnv({
-  set: [["permissions.delegation.enabled", true]],
-});
-
 // This test has been seen timing out locally in non-opt debug builds.
 requestLongerTimeout(2);
 

browser/base/content/test/webrtc/browser_devices_get_user_media_in_xorigin_frame.js

@@ -786,7 +786,6 @@ var gTests = [
 add_task(async function test() {
   await SpecialPowers.pushPrefEnv({
     set: [
-      ["permissions.delegation.enabled", true],
       ["dom.security.featurePolicy.header.enabled", true],
       ["dom.security.featurePolicy.webidl.enabled", true],
     ],

browser/base/content/test/webrtc/browser_devices_get_user_media_in_xorigin_frame_chain.js

@@ -239,7 +239,6 @@ var gTests = [
 add_task(async function test() {
   await SpecialPowers.pushPrefEnv({
     set: [
-      ["permissions.delegation.enabled", true],
       ["dom.security.featurePolicy.header.enabled", true],
       ["dom.security.featurePolicy.webidl.enabled", true],
     ],

dom/interfaces/base/nsIPermissionDelegateHandler.idl

@@ -23,9 +23,4 @@ interface nsIPermissionDelegateHandler : nsISupports
    * @param aTypes the permission types to check
    */
   boolean maybeUnsafePermissionDelegate(in Array<ACString> aTypes);
-
-  /*
-   * Return true if permissions.delegation.enabled is true.
-   */
-  readonly attribute boolean permissionDelegateFPEnabled;
 };

dom/media/systemservices/CamerasParent.cpp

@@ -706,12 +706,10 @@ static bool HasCameraPermission(const uint64_t& aWindowId) {
     return false;
   }
 
-  // If we delegate permission from first party, we should use the top level
+  // when we delegate permission from first party, we should use the top level
   // window
-  if (StaticPrefs::permissions_delegation_enabled()) {
-    RefPtr<dom::BrowsingContext> topBC = window->BrowsingContext()->Top();
-    window = topBC->Canonical()->GetCurrentWindowGlobal();
-  }
+  RefPtr<dom::BrowsingContext> topBC = window->BrowsingContext()->Top();
+  window = topBC->Canonical()->GetCurrentWindowGlobal();
 
   // Return false if the window is not the currently-active window for its
   // BrowsingContext.

dom/notification/test/mochitest/test_notification_permissions.html

@@ -21,8 +21,6 @@
   await SpecialPowers.clearUserPref("notification.prompt.testing");
   await SpecialPowers.pushPrefEnv({
     set: [
-      // Set pref to exercise relevant code path for regression test.
-      ["permissions.delegation.enabled", true],
       // Automatically dismiss the permission request when it appears.
       ["dom.webnotifications.requireuserinteraction", true],
     ],

dom/permission/tests/test_cross_origin_iframe.html

@@ -301,9 +301,7 @@
     SimpleTest.executeSoon(nextTest);
   }
 
-  SpecialPowers.pushPrefEnv({"set": [
-    ["permissions.delegation.enabled", true],
-  ]}).then(nextTest);
+  nextTest()
   </script>
 </body>
 

dom/quota/test/browser/browser_permissionsCrossOrigin.js

@@ -24,7 +24,6 @@ addTest(async function testNoPermissionPrompt() {
       SpecialPowers.pushPrefEnv(
         {
           set: [
-            ["permissions.delegation.enabled", true],
             ["dom.security.featurePolicy.header.enabled", true],
             ["dom.security.featurePolicy.webidl.enabled", true],
           ],

extensions/permissions/PermissionDelegateHandler.cpp

@@ -86,10 +86,6 @@ NS_IMETHODIMP
 PermissionDelegateHandler::MaybeUnsafePermissionDelegate(
     const nsTArray<nsCString>& aTypes, bool* aMaybeUnsafe) {
   *aMaybeUnsafe = false;
-  if (!StaticPrefs::permissions_delegation_enabled()) {
-    return NS_OK;
-  }
-
   for (auto& type : aTypes) {
     const DelegateInfo* info =
         GetPermissionDelegateInfo(NS_ConvertUTF8toUTF16(type));
@@ -107,23 +103,12 @@ PermissionDelegateHandler::MaybeUnsafePermissionDelegate(
   return NS_OK;
 }
 
-NS_IMETHODIMP
-PermissionDelegateHandler::GetPermissionDelegateFPEnabled(bool* aEnabled) {
-  MOZ_ASSERT(NS_IsMainThread());
-  *aEnabled = StaticPrefs::permissions_delegation_enabled();
-  return NS_OK;
-}
-
 /* static */
 nsresult PermissionDelegateHandler::GetDelegatePrincipal(
     const nsACString& aType, nsIContentPermissionRequest* aRequest,
     nsIPrincipal** aResult) {
   MOZ_ASSERT(aRequest);
 
-  if (!StaticPrefs::permissions_delegation_enabled()) {
-    return aRequest->GetPrincipal(aResult);
-  }
-
   const DelegateInfo* info =
       GetPermissionDelegateInfo(NS_ConvertUTF8toUTF16(aType));
   if (!info) {
@@ -203,10 +188,6 @@ bool PermissionDelegateHandler::HasPermissionDelegated(
     return false;
   }
 
-  if (!StaticPrefs::permissions_delegation_enabled()) {
-    return true;
-  }
-
   if (info->mPolicy == DelegatePolicy::ePersistDeniedCrossOrigin &&
       !mDocument->IsTopLevelContentDocument() &&
       IsCrossOriginContentToTop(mDocument)) {
@@ -239,11 +220,6 @@ nsresult PermissionDelegateHandler::GetPermission(const nsACString& aType,
       aExactHostMatch ? &nsIPermissionManager::TestExactPermissionFromPrincipal
                       : &nsIPermissionManager::TestPermissionFromPrincipal;
 
-  if (!StaticPrefs::permissions_delegation_enabled()) {
-    return (mPermissionManager->*testPermission)(mPrincipal, aType,
-                                                 aPermission);
-  }
-
   if (info->mPolicy == DelegatePolicy::ePersistDeniedCrossOrigin &&
       !mDocument->IsTopLevelContentDocument() &&
       IsCrossOriginContentToTop(mDocument)) {

modules/libpref/init/StaticPrefList.yaml

@@ -12778,11 +12778,6 @@
   value: 1
   mirror: always
 
-- name: permissions.delegation.enabled
-  type: bool
-  value: true
-  mirror: always
-
 - name: permissions.isolateBy.userContext
   type: RelaxedAtomicBool
   value: false

testing/web-platform/meta/permissions/permissions-query-feature-policy-attribute.https.sub.html.ini

@@ -1,4 +1,4 @@
-prefs: [permissions.delegation.enabled:true, dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]
+prefs: [dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]
 [permissions-query-feature-policy-attribute.https.sub.html]
   expected:
     if (os == "android") and fission: [OK, TIMEOUT]