import changes from `dev' branch of rmottola/Arctic-Fox:

- partial of Bug 1154325 - Disable all DOM Cache web-platform-tests until the intermittent failures have been fixed (e0672af20)
- Bug 1154325 P3 Re-enable service-workers/cache-storage WPT tests. r=jgraham (e369b1bb7)
- Another followup for bug 1142478, still with a CLOSED TREE (12d097e25)
- And one more followup for bug 1142478. Still a CLOSED TREE (2dd25961c)
- Bug 1146321 - Update web-platform-tests expected data to revision 1defdd7213b52589e4b7a259e53f4fff359c301a, a=testonly (2057d686f)
- Bug 1121099. Make <basefont> be an HTMLElement to match my reading of the spec and Chrome. r=sicking (3f11b8dde)
- partial of Bug 1127468 - Update web-platform-tests expected data to revision 83d9681ecf334f5fbe1c4b076601cf3c50f42176, a=testonly (f187379c5)
- partial of Bug 1135107 - Update web-platform-tests expected data (1e307d251)
- partial of Bug 1159756. Stop forcing the media.mediasource.enabled preference to true and the media.mediasource.whitelist preference to false in the test harness. r=kinetik (416e6fd57)
- Bug 1161535 - Update web-platform-tests expected data to revision 40a9c4e9e4f99a738cd1a7602066c5e84d1b90b5, a=testonly (f7ef60633)
- Bug 1161759 Remove stale wpt ini files for Cache API tests. r=jgraham (491a71c12)
- Bug 1163829 - Set the necessary prefs for web-platform service worker tests; r=jgraham (9b6bd3b2c)
- Bug 1173467 P1.5 Mark wpt sandboxed-iframes.https.html test as expected fail. r=jgraham (a1164a210)
- Bug 1173467 P2 Add nsGlobalWindow utility method to get private browsing boolean. r=ehsan (d3fe4a931)
- Bug 1154494 - patch 2 - Hold a ref to the sandbox. r=baku (783347586)
- Bug 1152899 - Disallow the interception of third-party iframes using service workers when the third-party cookie preference is set. r=smaug,baku (cbd5bcc92)
- Bug 1162344 - Use the exemptFromPerDomainMax pref in test_importscript.html; r=nsm (826325f4b)
- Bug 982726 follow-up: Add exempt from worker limit pref to a test. (a8f64ded9)
- Bug 1157692 - Add dom.caches.enabled pref to test. r=bkelly (1465e999a)
- Remove the remnants of the dom.fetch.enabled pref, no bug (a73c86666)
- Bug 1169210 - Can't call content service worker from chrome. r=nsm (9ca1c4d33)
- Bug 1170822 - Fix controlled documents comparison. r=catalinb (e9ffeb6f5)
- Bug 1173240 - Use the document URI for performing the service worker registration secure origin check; r=baku (01a330597)
- Bug 1173361 Make ServiceWorkerRegisterJob::Start() call Done() async. r=nsm (ff01f64ba)
- Bug 1171555 - Remove overly verbose ServiceWorker warnings. r=bkelly (5d5f6978a)
- Bug 1172948 - Part 1: Refactor the logic for checking for authenticated origins into a helper function; r=nsm (883fef559)
- Bug 1172948 - Part 2: Consider all non-chrome parent documents when checking the authenticity of an origin; r=nsm (ae6388831)
- Bug 1143732 - Add exempt from limit for two service worker tests. r=bkelly (5462a0270)
- Bug 1155987 - Unregister the service workers registered in tests; r=nsm (aefe9b374)
- remaining of Bug 1137984. When parsing attribute selectors, treat EOF as ']' any place ']' is allowed. r=dbaron (d9a35d4c7)
- Bug 1149535 - enable unicode-range for testing. r=heycam (e155d0f72)
- Bug 1161036 part 1. Stop setting the layout.css.font-loading-api.enabled preference to true in the test harness. r=heycam (89e961c0e)
- Bug 1161036 part 2. Only force-enable dom cache in test_serviceworker_interfaces if we're having to force-enable servicewceworkers too. r=bkelly (0fac219b3)
- Bug 1172110 - Re-enable service workers on desktop and mobile for non-release builds; r=jst (43a9c4983)
- Bug 1173389 - Disable ServiceWorker network interception by default. r=ehsan (730dd4da5)
- Bug 1125412 - Add a pref-gated performance.mozMemory for accessing internal memory usage/threshold info, r=smaug, sr=smaug (c16590d7d)
- Bug 1159794 - "fix the comment for dom.workers.websocket.enabled in all.js" . r=bz (fe38a2b94)
- Bug 1159792 - get rid of dom.workers.websocket.enabled pref, r=smaug (a66597c65)
- Bug 1160892 - Url.createObjectURL(blob) should support punycode origins, r=smaug (5f4e92b1a)

docshell/base/nsDocShell.cpp

@@ -199,6 +199,12 @@
 #include "nsIBrowserSearchService.h"
 #endif
 
+#include "mozIThirdPartyUtil.h"
+// Values for the network.cookie.cookieBehavior pref are documented in
+// nsCookieService.cpp
+#define COOKIE_BEHAVIOR_ACCEPT 0 // Allow all cookies.
+#define COOKIE_BEHAVIOR_REJECT_FOREIGN 1 // Reject all third-party cookies.
+
 static NS_DEFINE_CID(kAppShellCID, NS_APPSHELL_CID);
 
 #if defined(DEBUG_bryner) || defined(DEBUG_chb)
@@ -217,10 +223,12 @@ using namespace mozilla;
 using namespace mozilla::dom;
 using mozilla::dom::workers::ServiceWorkerManager;
 
-// True means sUseErrorPages has been added to preferences var cache.
+// True means sUseErrorPages and sInterceptionEnabled has been added to
+// preferences var cache.
 static bool gAddedPreferencesVarCache = false;
 
 bool nsDocShell::sUseErrorPages = false;
+bool nsDocShell::sInterceptionEnabled = false;
 
 // Number of documents currently loading
 static int32_t gNumberOfDocumentsLoading = 0;
@@ -5751,6 +5759,9 @@ nsDocShell::Create()
     Preferences::AddBoolVarCache(&sUseErrorPages,
                                  "browser.xul.error_pages.enabled",
                                  mUseErrorPages);
+    Preferences::AddBoolVarCache(&sInterceptionEnabled,
+                                 "dom.serviceWorkers.interception.enabled",
+                                 false);
     gAddedPreferencesVarCache = true;
   }
 
@@ -14230,6 +14241,11 @@ nsDocShell::ShouldPrepareForIntercept(nsIURI* aURI, bool aIsNavigate,
                                       bool* aShouldIntercept)
 {
   *aShouldIntercept = false;
+  // Preffed off.
+  if (!sInterceptionEnabled) {
+    return NS_OK;
+  }
+
   if (mSandboxFlags) {
     // If we're sandboxed, don't intercept.
     return NS_OK;
@@ -14240,6 +14256,32 @@ nsDocShell::ShouldPrepareForIntercept(nsIURI* aURI, bool aIsNavigate,
     return NS_OK;
   }
 
+  nsresult result;
+  nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
+    do_GetService(THIRDPARTYUTIL_CONTRACTID, &result);
+  NS_ENSURE_SUCCESS(result, result);
+
+  if (mCurrentURI) {
+    nsAutoCString uriSpec;
+    mCurrentURI->GetSpec(uriSpec);
+    if (!(uriSpec.EqualsLiteral("about:blank"))) {
+      // Reject the interception of third-party iframes if the cookie behaviour
+      // is set to reject all third-party cookies (1). In case that this pref
+      // is not set or can't be read, we default to allow all cookies (0) as
+      // this is the default value in all.js.
+      bool isThirdPartyURI = true;
+      result = thirdPartyUtil->IsThirdPartyURI(mCurrentURI, aURI,
+                                               &isThirdPartyURI);
+      NS_ENSURE_SUCCESS(result, result);
+      if (isThirdPartyURI &&
+          (Preferences::GetInt("network.cookie.cookieBehavior",
+                               COOKIE_BEHAVIOR_ACCEPT) ==
+                               COOKIE_BEHAVIOR_REJECT_FOREIGN)) {
+        return NS_OK;
+      }
+    }
+  }
+
   if (aIsNavigate) {
     OriginAttributes attrs(GetAppId(), GetIsInBrowserElement());
     *aShouldIntercept = swm->IsAvailable(attrs, aURI);