diff options
| author | Moonchild <moonchild@palemoon.org> | 2021-10-22 07:49:59 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-04-01 16:05:02 +0200 |
| commit | 7c90c0205cd9fda52caf0d6b2a42f8a53c6fba37 (patch) | |
| tree | c0034e58dac5a1c42be6124f22b314a0e999922d | |
| parent | a95439db61c4530afae3967e2912d6ca38f1bbda (diff) | |
| download | uxp-7c90c0205cd9fda52caf0d6b2a42f8a53c6fba37.tar.gz | |
Issue #1822 - Part 4: Remove URL classifier and internal blocklist errors.
This removes NS_ERROR_{TRACKING|MALWARE|PHISHING|UNWANTED|BLOCKED}_URI
that are no longer in use.
| -rw-r--r-- | docshell/base/nsDocShell.cpp | 39 | ||||
| -rw-r--r-- | dom/base/nsImageLoadingContent.cpp | 20 | ||||
| -rw-r--r-- | dom/base/nsObjectLoadingContent.cpp | 29 | ||||
| -rw-r--r-- | dom/browser-element/BrowserElementChildPreload.js | 9 | ||||
| -rw-r--r-- | dom/html/HTMLMediaElement.cpp | 9 | ||||
| -rw-r--r-- | dom/script/ScriptLoader.cpp | 10 | ||||
| -rw-r--r-- | layout/style/Loader.cpp | 16 | ||||
| -rw-r--r-- | netwerk/base/nsChannelClassifier.cpp | 81 | ||||
| -rw-r--r-- | netwerk/base/nsChannelClassifier.h | 2 | ||||
| -rw-r--r-- | netwerk/protocol/http/HttpChannelChild.cpp | 7 | ||||
| -rw-r--r-- | xpcom/base/ErrorList.h | 7 |
11 files changed, 2 insertions, 227 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 55f09d35b1..0369657004 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -7630,42 +7630,6 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress, nullptr); // Headers stream } - // Handle iframe document not loading error because source was - // a tracking URL. We make a note of this iframe node by including - // it in a dedicated array of blocked tracking nodes under its parent - // document. (document of parent window of blocked document) - if (isTopFrame == false && aStatus == NS_ERROR_TRACKING_URI) { - // frameElement is our nsIContent to be annotated - nsCOMPtr<nsIDOMElement> frameElement; - nsPIDOMWindowOuter* thisWindow = GetWindow(); - if (!thisWindow) { - return NS_OK; - } - - frameElement = thisWindow->GetFrameElement(); - if (!frameElement) { - return NS_OK; - } - - // Parent window - nsCOMPtr<nsIDocShellTreeItem> parentItem; - GetSameTypeParent(getter_AddRefs(parentItem)); - if (!parentItem) { - return NS_OK; - } - - nsCOMPtr<nsIDocument> parentDoc; - parentDoc = parentItem->GetDocument(); - if (!parentDoc) { - return NS_OK; - } - - nsCOMPtr<nsIContent> cont = do_QueryInterface(frameElement); - parentDoc->AddBlockedTrackingNode(cont); - - return NS_OK; - } - if (sURIFixup) { // // Try and make an alternative URI from the old one @@ -7840,9 +7804,6 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress, aStatus == NS_ERROR_NET_INTERRUPT || aStatus == NS_ERROR_NET_RESET || aStatus == NS_ERROR_OFFLINE || - aStatus == NS_ERROR_MALWARE_URI || - aStatus == NS_ERROR_PHISHING_URI || - aStatus == NS_ERROR_UNWANTED_URI || aStatus == NS_ERROR_UNSAFE_CONTENT_TYPE || aStatus == NS_ERROR_REMOTE_XUL || aStatus == NS_ERROR_INTERCEPTION_FAILED || diff --git a/dom/base/nsImageLoadingContent.cpp b/dom/base/nsImageLoadingContent.cpp index 1226ef22e1..fecd995d72 100644 --- a/dom/base/nsImageLoadingContent.cpp +++ b/dom/base/nsImageLoadingContent.cpp @@ -175,25 +175,7 @@ nsImageLoadingContent::Notify(imgIRequest* aRequest, if (aType == imgINotificationObserver::LOAD_COMPLETE) { uint32_t reqStatus; aRequest->GetImageStatus(&reqStatus); - /* triage STATUS_ERROR */ - if (reqStatus & imgIRequest::STATUS_ERROR) { - nsresult errorCode = NS_OK; - aRequest->GetImageErrorCode(&errorCode); - - /* Handle image not loading error because source was a tracking URL. - * We make a note of this image node by including it in a dedicated - * array of blocked tracking nodes under its parent document. - */ - if (errorCode == NS_ERROR_TRACKING_URI) { - nsCOMPtr<nsIContent> thisNode - = do_QueryInterface(static_cast<nsIImageLoadingContent*>(this)); - - nsIDocument *doc = GetOurOwnerDoc(); - doc->AddBlockedTrackingNode(thisNode); - } - } - nsresult status = - reqStatus & imgIRequest::STATUS_ERROR ? NS_ERROR_FAILURE : NS_OK; + nsresult status = reqStatus & imgIRequest::STATUS_ERROR ? NS_ERROR_FAILURE : NS_OK; return OnLoadComplete(aRequest, status); } diff --git a/dom/base/nsObjectLoadingContent.cpp b/dom/base/nsObjectLoadingContent.cpp index 525ece9296..128ec2a95d 100644 --- a/dom/base/nsObjectLoadingContent.cpp +++ b/dom/base/nsObjectLoadingContent.cpp @@ -1127,24 +1127,6 @@ nsObjectLoadingContent::OnStartRequest(nsIRequest *aRequest, nsresult status = NS_OK; bool success = IsSuccessfulRequest(aRequest, &status); - if (status == NS_ERROR_BLOCKED_URI) { - nsCOMPtr<nsIConsoleService> console( - do_GetService("@mozilla.org/consoleservice;1")); - if (console) { - nsCOMPtr<nsIURI> uri; - chan->GetURI(getter_AddRefs(uri)); - nsString message = NS_LITERAL_STRING("Blocking ") + - NS_ConvertASCIItoUTF16(uri->GetSpecOrDefault().get()) + - NS_LITERAL_STRING(" since it was found on an internal Firefox blocklist."); - console->LogStringMessage(message.get()); - } - mContentBlockingEnabled = true; - return NS_ERROR_FAILURE; - } else if (status == NS_ERROR_TRACKING_URI) { - mContentBlockingEnabled = true; - return NS_ERROR_FAILURE; - } - if (!success) { LOG(("OBJLC [%p]: OnStartRequest: Request failed\n", this)); // If the request fails, we still call LoadObject() to handle fallback @@ -1166,17 +1148,6 @@ nsObjectLoadingContent::OnStopRequest(nsIRequest *aRequest, PROFILER_LABEL("nsObjectLoadingContent", "OnStopRequest", js::ProfileEntry::Category::NETWORK); - // Handle object not loading error because source was a tracking URL. - // We make a note of this object node by including it in a dedicated - // array of blocked tracking nodes under its parent document. - if (aStatusCode == NS_ERROR_TRACKING_URI) { - nsCOMPtr<nsIContent> thisNode = - do_QueryInterface(static_cast<nsIObjectLoadingContent*>(this)); - if (thisNode && thisNode->IsInComposedDoc()) { - thisNode->GetComposedDoc()->AddBlockedTrackingNode(thisNode); - } - } - NS_ENSURE_TRUE(nsContentUtils::LegacyIsCallerChromeOrNativeCode(), NS_ERROR_NOT_AVAILABLE); if (aRequest != mChannel) { diff --git a/dom/browser-element/BrowserElementChildPreload.js b/dom/browser-element/BrowserElementChildPreload.js index 5adff2caca..f6c224b391 100644 --- a/dom/browser-element/BrowserElementChildPreload.js +++ b/dom/browser-element/BrowserElementChildPreload.js @@ -1648,15 +1648,6 @@ BrowserElementChild.prototype = { case Cr.NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION : sendAsyncMsg('error', { type: 'cspBlocked' }); return; - case Cr.NS_ERROR_PHISHING_URI : - sendAsyncMsg('error', { type: 'deceptiveBlocked' }); - return; - case Cr.NS_ERROR_MALWARE_URI : - sendAsyncMsg('error', { type: 'malwareBlocked' }); - return; - case Cr.NS_ERROR_UNWANTED_URI : - sendAsyncMsg('error', { type: 'unwantedBlocked' }); - return; case Cr.NS_ERROR_FORBIDDEN_URI : sendAsyncMsg('error', { type: 'forbiddenBlocked' }); return; diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp index 21f62b0e32..6774504a43 100644 --- a/dom/html/HTMLMediaElement.cpp +++ b/dom/html/HTMLMediaElement.cpp @@ -516,15 +516,6 @@ HTMLMediaElement::MediaLoadListener::OnStartRequest(nsIRequest* aRequest, NS_ENSURE_SUCCESS(rv, rv); if (NS_FAILED(status)) { if (element) { - // Handle media not loading error because source was a tracking URL. - // We make a note of this media node by including it in a dedicated - // array of blocked tracking nodes under its parent document. - if (status == NS_ERROR_TRACKING_URI) { - nsIDocument* ownerDoc = element->OwnerDoc(); - if (ownerDoc) { - ownerDoc->AddBlockedTrackingNode(element); - } - } element->NotifyLoadError(); } return status; diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp index 3e1c13af5c..f669690ce7 100644 --- a/dom/script/ScriptLoader.cpp +++ b/dom/script/ScriptLoader.cpp @@ -2347,16 +2347,6 @@ ScriptLoader::VerifySRI(ScriptLoadRequest* aRequest, void ScriptLoader::HandleLoadError(ScriptLoadRequest *aRequest, nsresult aResult) { - /* - * Handle script not loading error because source was a tracking URL. - * We make a note of this script node by including it in a dedicated - * array of blocked tracking nodes under its parent document. - */ - if (aResult == NS_ERROR_TRACKING_URI) { - nsCOMPtr<nsIContent> cont = do_QueryInterface(aRequest->mElement); - mDocument->AddBlockedTrackingNode(cont); - } - if (aRequest->IsModuleRequest() && !aRequest->mIsInline) { auto request = aRequest->AsModuleRequest(); SetModuleFetchFinishedAndResumeWaitingRequests(request, aResult); diff --git a/layout/style/Loader.cpp b/layout/style/Loader.cpp index e3a49b3b6a..2103aaf351 100644 --- a/layout/style/Loader.cpp +++ b/layout/style/Loader.cpp @@ -792,22 +792,6 @@ SheetLoadData::OnStreamComplete(nsIUnicharStreamLoader* aLoader, if (NS_FAILED(aStatus)) { LOG_WARN((" Load failed: status 0x%x", aStatus)); - // Handle sheet not loading error because source was a tracking URL. - // We make a note of this sheet node by including it in a dedicated - // array of blocked tracking nodes under its parent document. - // - // Multiple sheet load instances might be tied to this request, - // we annotate each one linked to a valid owning element (node). - if (aStatus == NS_ERROR_TRACKING_URI) { - nsIDocument* doc = mLoader->GetDocument(); - if (doc) { - for (SheetLoadData* data = this; data; data = data->mNext) { - // mOwningElement may be null but AddBlockTrackingNode can cope - nsCOMPtr<nsIContent> content = do_QueryInterface(data->mOwningElement); - doc->AddBlockedTrackingNode(content); - } - } - } mLoader->SheetComplete(this, aStatus); return NS_OK; } diff --git a/netwerk/base/nsChannelClassifier.cpp b/netwerk/base/nsChannelClassifier.cpp index 1c23271af7..5df60e9516 100644 --- a/netwerk/base/nsChannelClassifier.cpp +++ b/netwerk/base/nsChannelClassifier.cpp @@ -411,8 +411,7 @@ nsChannelClassifier::MarkEntryClassified(nsresult status) // Should only be called in the parent process. MOZ_ASSERT(XRE_IsParentProcess()); - // Don't cache tracking classifications because we support allowlisting. - if (status == NS_ERROR_TRACKING_URI || mIsAllowListed) { + if (mIsAllowListed) { return; } @@ -578,83 +577,12 @@ nsChannelClassifier::SetBlockedTrackingContent(nsIChannel *channel) return NS_OK; } -nsresult -nsChannelClassifier::IsTrackerWhitelisted() -{ - nsresult rv; - nsCOMPtr<nsIURIClassifier> uriClassifier = - do_GetService(NS_URICLASSIFIERSERVICE_CONTRACTID, &rv); - NS_ENSURE_SUCCESS(rv, rv); - - nsAutoCString tables; - Preferences::GetCString("urlclassifier.trackingWhitelistTable", &tables); - - if (tables.IsEmpty()) { - LOG(("nsChannelClassifier[%p]:IsTrackerWhitelisted whitelist disabled", - this)); - return NS_ERROR_TRACKING_URI; - } - - nsCOMPtr<nsIHttpChannelInternal> chan = do_QueryInterface(mChannel, &rv); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIURI> topWinURI; - rv = chan->GetTopWindowURI(getter_AddRefs(topWinURI)); - NS_ENSURE_SUCCESS(rv, rv); - if (!topWinURI) { - LOG(("nsChannelClassifier[%p]: No window URI", this)); - return NS_ERROR_TRACKING_URI; - } - - nsCOMPtr<nsIScriptSecurityManager> securityManager = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); - NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr<nsIPrincipal> chanPrincipal; - rv = securityManager->GetChannelURIPrincipal(mChannel, - getter_AddRefs(chanPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); - - // Craft a whitelist URL like "toplevel.page/?resource=third.party.domain" - nsAutoCString pageHostname, resourceDomain; - rv = topWinURI->GetHost(pageHostname); - NS_ENSURE_SUCCESS(rv, rv); - rv = chanPrincipal->GetBaseDomain(resourceDomain); - NS_ENSURE_SUCCESS(rv, rv); - nsAutoCString whitelistEntry = NS_LITERAL_CSTRING("http://") + - pageHostname + NS_LITERAL_CSTRING("/?resource=") + resourceDomain; - LOG(("nsChannelClassifier[%p]: Looking for %s in the whitelist", - this, whitelistEntry.get())); - - nsCOMPtr<nsIURI> whitelistURI; - rv = NS_NewURI(getter_AddRefs(whitelistURI), whitelistEntry); - NS_ENSURE_SUCCESS(rv, rv); - - // Check whether or not the tracker is in the entity whitelist - nsAutoCString results; - rv = uriClassifier->ClassifyLocalWithTables(whitelistURI, tables, results); - NS_ENSURE_SUCCESS(rv, rv); - if (!results.IsEmpty()) { - return NS_OK; // found it on the whitelist, must not be blocked - } - - LOG(("nsChannelClassifier[%p]: %s is not in the whitelist", - this, whitelistEntry.get())); - return NS_ERROR_TRACKING_URI; -} - NS_IMETHODIMP nsChannelClassifier::OnClassifyComplete(nsresult aErrorCode) { // Should only be called in the parent process. MOZ_ASSERT(XRE_IsParentProcess()); - if (aErrorCode == NS_ERROR_TRACKING_URI && - NS_SUCCEEDED(IsTrackerWhitelisted())) { - LOG(("nsChannelClassifier[%p]:OnClassifyComplete tracker found " - "in whitelist so we won't block it", this)); - aErrorCode = NS_OK; - } - if (mSuspendedChannel) { nsAutoCString errorName; if (LOG_ENABLED()) { @@ -673,13 +601,6 @@ nsChannelClassifier::OnClassifyComplete(nsresult aErrorCode) uri->GetSpecOrDefault().get(), errorName.get())); } - // Channel will be cancelled (page element blocked) due to tracking. - // Do update the security state of the document and fire a security - // change event. - if (aErrorCode == NS_ERROR_TRACKING_URI) { - SetBlockedTrackingContent(mChannel); - } - mChannel->Cancel(aErrorCode); } LOG(("nsChannelClassifier[%p]: resuming channel %p from " diff --git a/netwerk/base/nsChannelClassifier.h b/netwerk/base/nsChannelClassifier.h index 20575f3c12..c21c1a0e0d 100644 --- a/netwerk/base/nsChannelClassifier.h +++ b/netwerk/base/nsChannelClassifier.h @@ -45,8 +45,6 @@ private: // Start is called. Returns NS_OK if and only if we will get a callback // from the classifier service. nsresult StartInternal(); - // Helper function to check a tracking URI against the whitelist - nsresult IsTrackerWhitelisted(); // Helper function to check a URI against the hostname whitelist bool IsHostnameWhitelisted(nsIURI *aUri, const nsACString &aWhitelisted); // Checks that the channel was loaded by the URI currently loaded in aDoc diff --git a/netwerk/protocol/http/HttpChannelChild.cpp b/netwerk/protocol/http/HttpChannelChild.cpp index 8fcc0d203b..8594f17a2f 100644 --- a/netwerk/protocol/http/HttpChannelChild.cpp +++ b/netwerk/protocol/http/HttpChannelChild.cpp @@ -961,13 +961,6 @@ HttpChannelChild::DoOnStopRequest(nsIRequest* aRequest, nsresult aChannelStatus, LOG(("HttpChannelChild::DoOnStopRequest [this=%p]\n", this)); MOZ_ASSERT(!mIsPending); - // NB: We use aChannelStatus here instead of mStatus because if there was an - // nsCORSListenerProxy on this request, it will override the tracking - // protection's return value. - if (aChannelStatus == NS_ERROR_TRACKING_URI) { - nsChannelClassifier::SetBlockedTrackingContent(this); - } - MOZ_ASSERT(!mOnStopRequestCalled, "We should not call OnStopRequest twice"); diff --git a/xpcom/base/ErrorList.h b/xpcom/base/ErrorList.h index 5ab4bfa297..980171cb92 100644 --- a/xpcom/base/ErrorList.h +++ b/xpcom/base/ErrorList.h @@ -735,13 +735,6 @@ /* ======================================================================= */ #define MODULE NS_ERROR_MODULE_URILOADER ERROR(NS_ERROR_WONT_HANDLE_CONTENT, FAILURE(1)), - /* The load has been cancelled because it was found on a malware or phishing - * blacklist. */ - ERROR(NS_ERROR_MALWARE_URI, FAILURE(30)), - ERROR(NS_ERROR_PHISHING_URI, FAILURE(31)), - ERROR(NS_ERROR_TRACKING_URI, FAILURE(34)), - ERROR(NS_ERROR_UNWANTED_URI, FAILURE(35)), - ERROR(NS_ERROR_BLOCKED_URI, FAILURE(37)), /* Used when "Save Link As..." doesn't see the headers quickly enough to * choose a filename. See nsContextMenu.js. */ ERROR(NS_ERROR_SAVE_LINK_AS_TIMEOUT, FAILURE(32)), |