import changes from `dev' branch of rmottola/Arctic-Fox:

- Bug 1233914 - P1. ping doesn't honor the TP list. r=francois (14b9df4e67) - Bug 1233914 - P2. Testcase. r=francois (4aa1142877) - bit of Bug 1178058 (9309410d6d) - Bug 1253538 - Window.open() should not reuse an existing window if it's running a different container - patch 2, r=bz (1c62d48537) - Bug 1254103 - Window.open() should not reuse an existing window if it's running a different container, r=bz (ce5bf89b65) - Bug 1253538 - Window.open() should not reuse an existing window if it's running a different container - patch 1, r=bz (45692fa791) - Bug 682294 - Add an error page for file access denied. r=bz (e94be73e70) - Bug 682294 - Remove redundant trailing spaces. r=bz (f299d7302d) - Bug 1122642 - Have an error page for H2 INADEQUATE_SECURITY r=mcmanus,bz (70e89ed8f0) - Bug 1253792 - Handle another case of re-entrancy through nsDocShell::InternalLoad. r=smaug (87f436cc4b) - Bug 1240246 - Handle re-entrancy in nsDocShell::InternalLoad more gracefully. r=smaug (98985d7233) - Bug 1247810 - Redirect the enum query on Core profiles. - r=jrmuizel (f55c0fb46c) - Bug 1257861 - Test that we send cookies from XHRs in web workers when 3rd party cookies are disabled. r=sicking (2334c6621e) - Bug 1257861 - Default to sending all cookies if we can't compute 3rdpartyness. r=sicking (817fe6fbfc)
2026-05-26 14:18:48 +00:00 · 2024-07-03 12:33:52 +08:00
parent 167ec3b0a2
commit d04fd99cb6
20 changed files with 456 additions and 53 deletions
@@ -273,6 +273,7 @@
        <h1 id="et_generic">&generic.title;</h1>
        <h1 id="et_dnsNotFound">&dnsNotFound.title;</h1>
        <h1 id="et_fileNotFound">&fileNotFound.title;</h1>
+        <h1 id="et_fileAccessDenied">&fileAccessDenied.title;</h1>
        <h1 id="et_malformedURI">&malformedURI.title;</h1>
        <h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1>
        <h1 id="et_connectionFailure">&connectionFailure.title;</h1>
@@ -296,11 +297,13 @@
        <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
        <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
        <h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
+        <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
      </div>
      <div id="errorDescriptionsContainer">
        <div id="ed_generic">&generic.longDesc;</div>
        <div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div>
        <div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
+        <div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div>
        <div id="ed_malformedURI">&malformedURI.longDesc;</div>
        <div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div>
        <div id="ed_connectionFailure">&connectionFailure.longDesc;</div>
@@ -324,6 +327,7 @@
        <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
        <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
        <div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>
+        <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
      </div>
    </div>

@@ -1,7 +1,9 @@
 [DEFAULT]
 skip-if = buildapp == "mulet"
 support-files =
+  empty_file.html
  file_reflect_cookie_into_title.html

 [browser_usercontext.js]
 skip-if = e10s
+[browser_windowName.js]
@@ -0,0 +1,79 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+
+const USER_CONTEXTS = [
+  "default",
+  "personal",
+  "work",
+];
+
+const BASE_URI = "http://mochi.test:8888/browser/browser/components/"
+  + "contextualidentity/test/browser/empty_file.html";
+
+add_task(function* setup() {
+  // make sure userContext is enabled.
+  SpecialPowers.pushPrefEnv({"set": [
+    ["privacy.userContext.enabled", true],
+    ["browser.link.open_newwindow", 3],
+  ]});
+});
+
+add_task(function* cleanup() {
+  // make sure we don't leave any prefs set for the next tests
+  registerCleanupFunction(function() {
+    SpecialPowers.popPrefEnv();
+  });
+});
+
+add_task(function* test() {
+  info("Creating first tab...");
+  let tab1 = gBrowser.addTab(BASE_URI + '?old', {userContextId: 1});
+  let browser1 = gBrowser.getBrowserForTab(tab1);
+  yield BrowserTestUtils.browserLoaded(browser1);
+  yield ContentTask.spawn(browser1, null, function(opts) {
+    content.window.name = 'tab-1';
+  });
+
+  info("Creating second tab...");
+  let tab2 = gBrowser.addTab(BASE_URI + '?old', {userContextId: 2});
+  let browser2 = gBrowser.getBrowserForTab(tab2);
+  yield BrowserTestUtils.browserLoaded(browser2);
+  yield ContentTask.spawn(browser2, null, function(opts) {
+    content.window.name = 'tab-2';
+  });
+
+  // Let's try to open a window from tab1 with a name 'tab-2'.
+  info("Opening a window from the first tab...");
+  yield ContentTask.spawn(browser1, { url: BASE_URI + '?new' }, function(opts) {
+    yield new content.window.wrappedJSObject.Promise(resolve => {
+      let w = content.window.wrappedJSObject.open(opts.url, 'tab-2');
+      w.onload = function() { resolve(); }
+    });
+  });
+
+  is(browser1.contentDocument.title, '?old', "Tab1 title must be 'old'");
+  is(browser1.contentDocument.nodePrincipal.userContextId, 1, "Tab1 UCI must be 1");
+
+  is(browser2.contentDocument.title, '?old', "Tab2 title must be 'old'");
+  is(browser2.contentDocument.nodePrincipal.userContextId, 2, "Tab2 UCI must be 2");
+
+  let found = false;
+  for (let i = 0; i < gBrowser.tabContainer.childNodes.length; ++i) {
+    let tab = gBrowser.tabContainer.childNodes[i];
+    let browser = gBrowser.getBrowserForTab(tab);
+    if (browser.contentDocument.title == '?new') {
+      is(browser.contentDocument.nodePrincipal.userContextId, 1, "Tab3 UCI must be 1");
+      isnot(browser, browser1, "Tab3 is not browser 1");
+      isnot(browser, browser2, "Tab3 is not browser 2");
+      gBrowser.removeTab(tab);
+      found = true;
+      break;
+    }
+  }
+
+  ok(found, "We have tab3");
+
+  gBrowser.removeTab(tab1);
+  gBrowser.removeTab(tab2);
+});
@@ -0,0 +1,5 @@
+<html><body>
+<script>
+document.title = window.location.search;
+</script>
+</body></html>
@@ -4,6 +4,7 @@

 malformedURI=The URL is not valid and cannot be loaded.
 fileNotFound=Pale Moon can't find the file at %S.
+fileAccessDenied=The file at %S is not readable.
 dnsNotFound=Pale Moon can't find the server at %S.
 unknownProtocolFound=Pale Moon doesn't know how to open this address, because the protocol (%S) isn't associated with any program.
 connectionFailure=Pale Moon can't establish a connection to the server at %S.
@@ -39,3 +40,6 @@ corruptedContentError=The page you are trying to view cannot be shown because an
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Pale Moon.
 ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
 sslv3Used=Pale Moon cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
+## LOCALIZATION NOTE (weakCryptoUsed) - Do not translate "%S".
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Pale Moon has not connected to this website.
+inadequateSecurityError=The website tried to negotiate an inadequate level of security.
@@ -37,6 +37,12 @@
 </ul>
 ">

+<!ENTITY fileAccessDenied.title "Access to the file was denied">
+<!ENTITY fileAccessDenied.longDesc "
+<ul>
+  <li>It may have been removed, moved, or file permissions may be preventing access.</li>
+</ul>
+">

 <!ENTITY generic.title "Oops.">
 <!ENTITY generic.longDesc "
@@ -230,3 +236,10 @@ functionality specific to firefox. -->
     "ssl_error_unsupported_version". -->
 <!ENTITY sslv3Used.longDesc "Advanced info: ssl_error_unsupported_version">
 <!ENTITY sslv3Used.learnMore "Learn More…">
+
+<!ENTITY certerror.copyToClipboard.label "Copy text to clipboard">
+
+<!ENTITY inadequateSecurityError.title "Your connection is not secure">
+<!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate
+     "NS_ERROR_NET_INADEQUATE_SECURITY". -->
+<!ENTITY inadequateSecurityError.longDesc "<p><span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.</p><p>Error code: NS_ERROR_NET_INADEQUATE_SECURITY</p>">
@@ -522,8 +522,9 @@ SendPing(void* aClosure, nsIContent* aContent, nsIURI* aURI,
    return;
  }

-  // Don't bother caching the result of this URI load.
-  chan->SetLoadFlags(nsIRequest::INHIBIT_CACHING);
+  // Don't bother caching the result of this URI load, but do not exempt
+  // it from Safe Browsing.
+  chan->SetLoadFlags(nsIRequest::INHIBIT_CACHING | nsIChannel::LOAD_CLASSIFY_URI);

  nsCOMPtr<nsIHttpChannel> httpChan = do_QueryInterface(chan);
  if (!httpChan) {
@@ -1510,8 +1511,7 @@ nsDocShell::LoadURI(nsIURI* aURI,
      }
      // Don't inherit from the current page.  Just do the safe thing
      // and pretend that we were loaded by a nullprincipal.
-      owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
-      NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
+      owner = nsNullPrincipal::Create();
      inheritOwner = false;
    }
  }
@@ -3475,6 +3475,11 @@ nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
    return false;
  }

+  if (static_cast<nsDocShell*>(targetDS.get())->GetOriginAttributes() !=
+      static_cast<nsDocShell*>(accessingDS.get())->GetOriginAttributes()) {
+    return false;
+  }
+
  // A private document can't access a non-private one, and vice versa.
  if (static_cast<nsDocShell*>(targetDS.get())->UsePrivateBrowsing() !=
      static_cast<nsDocShell*>(accessingDS.get())->UsePrivateBrowsing()) {
@@ -4788,6 +4793,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
  } else if (NS_ERROR_FILE_NOT_FOUND == aError) {
    NS_ENSURE_ARG_POINTER(aURI);
    error.AssignLiteral("fileNotFound");
+  } else if (NS_ERROR_FILE_ACCESS_DENIED == aError) {
+    NS_ENSURE_ARG_POINTER(aURI);
+    error.AssignLiteral("fileAccessDenied");
  } else if (NS_ERROR_UNKNOWN_HOST == aError) {
    NS_ENSURE_ARG_POINTER(aURI);
    // Get the host
@@ -5034,6 +5042,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
        // ServiceWorker intercepted request, but something went wrong.
        error.AssignLiteral("corruptedContentError");
        break;
+      case NS_ERROR_NET_INADEQUATE_SECURITY:
+        // Server negotiated bad TLS for HTTP/2.
+        error.AssignLiteral("inadequateSecurityError");
+        addHostPort = true;
+        break;
      default:
        break;
    }
@@ -7563,6 +7576,7 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
  //
  if (url && NS_FAILED(aStatus)) {
    if (aStatus == NS_ERROR_FILE_NOT_FOUND ||
+        aStatus == NS_ERROR_FILE_ACCESS_DENIED ||
        aStatus == NS_ERROR_CORRUPTED_CONTENT ||
        aStatus == NS_ERROR_INVALID_CONTENT_ENCODING) {
      DisplayLoadError(aStatus, url, nullptr, aChannel);
@@ -7787,6 +7801,7 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
               aStatus == NS_ERROR_UNSAFE_CONTENT_TYPE ||
               aStatus == NS_ERROR_REMOTE_XUL ||
               aStatus == NS_ERROR_INTERCEPTION_FAILED ||
+               aStatus == NS_ERROR_NET_INADEQUATE_SECURITY ||
               NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_SECURITY) {
      // Errors to be shown for any frame
      DisplayLoadError(aStatus, url, nullptr, aChannel);
@@ -9647,6 +9662,11 @@ nsDocShell::InternalLoad2(nsIURI* aURI,

  NS_ENSURE_TRUE(!mIsBeingDestroyed, NS_ERROR_NOT_AVAILABLE);

+  rv = EnsureScriptEnvironment();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
  // wyciwyg urls can only be loaded through history. Any normal load of
  // wyciwyg through docshell is  illegal. Disallow such loads.
  if (aLoadType & LOAD_CMD_NORMAL) {
@@ -9662,15 +9682,11 @@ nsDocShell::InternalLoad2(nsIURI* aURI,
    isJavaScript = false;
  }

-  //
  // First, notify any nsIContentPolicy listeners about the document load.
  // Only abort the load if a content policy listener explicitly vetos it!
-  //
-  nsCOMPtr<Element> requestingElement;
  // Use nsPIDOMWindow since we _want_ to cross the chrome boundary if needed
-  if (mScriptGlobal) {
-    requestingElement = mScriptGlobal->GetFrameElementInternal();
-  }
+  nsCOMPtr<Element> requestingElement =
+    mScriptGlobal->GetFrameElementInternal();

  RefPtr<nsGlobalWindow> MMADeathGrip = mScriptGlobal;

@@ -9832,8 +9848,6 @@ nsDocShell::InternalLoad2(nsIURI* aURI,
      if (aURI) {
        aURI->GetSpec(spec);
      }
-      // RM 2018-12-03 We miss all loadInfo setting up here 
-      // so we cannot set aIsFromProcessingFrameAttributes
      rv = win->OpenNoNavigate(NS_ConvertUTF8toUTF16(spec),
                               name,  // window name
                               EmptyString(), // Features
@@ -10590,10 +10604,16 @@ nsDocShell::DoURILoad(nsIURI* aURI,
                      nsIURI* aBaseURI,
                      nsContentPolicyType aContentPolicyType)
 {
-  nsresult rv;
-  nsCOMPtr<nsIURILoader> uriLoader;
+  // Double-check that we're still around to load this URI.
+  if (mIsBeingDestroyed) {
+    // Return NS_OK despite not doing anything to avoid throwing exceptions from
+    // nsLocation::SetHref if the unload handler of the existing page tears us
+    // down.
+    return NS_OK;
+  }

-  uriLoader = do_GetService(NS_URI_LOADER_CONTRACTID, &rv);
+  nsresult rv;
+  nsCOMPtr<nsIURILoader> uriLoader = do_GetService(NS_URI_LOADER_CONTRACTID, &rv);
  if (NS_FAILED(rv)) {
    return rv;
  }
@@ -10635,10 +10655,7 @@ nsDocShell::DoURILoad(nsIURI* aURI,

  bool isSrcdoc = !aSrcdoc.IsVoid();

-  // There are three cases we care about:
-  // * Null mScriptGlobal: shouldn't happen but does (see bug 1240246). In this
-  //   case, we create a loadingPrincipal as for a top-level load, but we leave
-  //   requestingNode and requestingWindow null.
+  // There are two cases we care about:
  // * Top-level load (GetFrameElementInternal returns null). In this case,
  //   requestingNode is null, but requestingWindow is our mScriptGlobal.
  //   TODO we want to pass null for loadingPrincipal in this case.
@@ -10649,18 +10666,20 @@ nsDocShell::DoURILoad(nsIURI* aURI,
  nsCOMPtr<nsPIDOMWindow> requestingWindow;

  nsCOMPtr<nsIPrincipal> loadingPrincipal;
-  if (mScriptGlobal) {
-    requestingNode = mScriptGlobal->GetFrameElementInternal();
-    if (requestingNode) {
-      // If we have a requesting node, then use that as our loadingPrincipal.
-      loadingPrincipal = requestingNode->NodePrincipal();
-    } else {
-      MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT);
-      requestingWindow = mScriptGlobal;
+  requestingNode = mScriptGlobal->GetFrameElementInternal();
+  if (requestingNode) {
+    // If we have a requesting node, then use that as our loadingPrincipal.
+    loadingPrincipal = requestingNode->NodePrincipal();
+  } else {
+    if (aContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) {
+      // If this isn't a top-level load and mScriptGlobal's frame element is
+      // null, then the element got removed from the DOM while we were trying to
+      // load this resource. This docshell is scheduled for destruction already,
+      // so bail out here.
+      return NS_OK;
    }
-  }

-  if (!loadingPrincipal) {
+    requestingWindow = mScriptGlobal;
    if (mItemType != typeChrome) {
      nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
      ssm->GetDocShellCodebasePrincipal(aURI, this, getter_AddRefs(loadingPrincipal));
@@ -97,7 +97,7 @@
      function initPage()
      {
        var err = getErrorCode();
-        
+
        // if it's an unknown error or there's no title or description
        // defined, get the generic message
        var errTitle = document.getElementById("et_" + err);
@@ -141,7 +141,7 @@

          // Also, if they specified a CSS class, they must supply their own
          // favicon.  In order to trigger the browser to repaint though, we
-          // need to remove/add the link element. 
+          // need to remove/add the link element.
          var favicon = document.getElementById("favicon");
          var faviconParent = favicon.parentNode;
          faviconParent.removeChild(favicon);
@@ -177,14 +177,25 @@
          var secOverride = document.getElementById("securityOverrideDiv");
          secOverride.parentNode.removeChild(secOverride);
        }
+
+        if (err == "inadequateSecurityError") {
+          // Remove the "Try again" button for HTTP/2 inadequate security as it
+          // is useless.
+          document.getElementById("errorTryAgain").style.display = "none";
+
+          var container = document.getElementById("errorLongDesc");
+          for (var span of container.querySelectorAll("span.hostname")) {
+            span.textContent = document.location.hostname;
+          }
+        }
      }
-      
+
      function showSecuritySection() {
        // Swap link out, content in
        document.getElementById('securityOverrideContent').style.display = '';
        document.getElementById('securityOverrideLink').style.display = 'none';
      }
-      
+
      /* In the case of SSL error pages about domain mismatch, see if
         we can hyperlink the user to the correct site.  We don't want
         to do this generically since it allows MitM attacks to redirect
@@ -196,29 +207,29 @@
        var sd = document.getElementById("errorShortDescText");
        if (sd) {
          var desc = getDescription();
-          
+
          // sanitize description text - see bug 441169
-          
+
          // First, find the index of the <a> tag we care about, being careful not to
          // use an over-greedy regex
          var re = /<a id="cert_domain_link" title="([^"]+)">/;
          var result = re.exec(desc);
          if(!result)
            return;
-          
+
          // Remove sd's existing children
          sd.textContent = "";

          // Everything up to the link should be text content
          sd.appendChild(document.createTextNode(desc.slice(0, result.index)));
-          
+
          // Now create the link itself
          var anchorEl = document.createElement("a");
          anchorEl.setAttribute("id", "cert_domain_link");
          anchorEl.setAttribute("title", result[1]);
          anchorEl.appendChild(document.createTextNode(result[1]));
          sd.appendChild(anchorEl);
-          
+
          // Finally, append text for anything after the closing </a>
          sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length)));
        }
@@ -226,7 +237,7 @@
        var link = document.getElementById('cert_domain_link');
        if (!link)
          return;
-        
+
        var okHost = link.getAttribute("title");
        var thisHost = document.location.hostname;
        var proto = document.location.protocol;
@@ -236,7 +247,7 @@
        // get anyone anywhere useful. bug 432491
        okHost = okHost.replace(/^\*\./, "www.");

-        /* case #1: 
+        /* case #1:
         * example.com uses an invalid security certificate.
         *
         * The certificate is only valid for www.example.com
@@ -260,7 +271,7 @@
        if (endsWith(thisHost, "." + okHost))
          link.href = proto + okHost;
      }
-      
+
      function endsWith(haystack, needle) {
        return haystack.slice(-needle.length) == needle;
      }
@@ -276,6 +287,7 @@
        <h1 id="et_generic">&generic.title;</h1>
        <h1 id="et_dnsNotFound">&dnsNotFound.title;</h1>
        <h1 id="et_fileNotFound">&fileNotFound.title;</h1>
+        <h1 id="et_fileAccessDenied">&fileAccessDenied.title;</h1>
        <h1 id="et_malformedURI">&malformedURI.title;</h1>
        <h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1>
        <h1 id="et_connectionFailure">&connectionFailure.title;</h1>
@@ -299,11 +311,13 @@
        <h1 id="et_cspBlocked">&cspBlocked.title;</h1>
        <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
        <h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
+        <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
      </div>
      <div id="errorDescriptionsContainer">
        <div id="ed_generic">&generic.longDesc;</div>
        <div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div>
        <div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
+        <div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div>
        <div id="ed_malformedURI">&malformedURI.longDesc;</div>
        <div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div>
        <div id="ed_connectionFailure">&connectionFailure.longDesc;</div>
@@ -327,20 +341,21 @@
        <div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
        <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
        <div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>
+        <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
      </div>
    </div>

    <!-- PAGE CONTAINER (for styling purposes only) -->
    <div id="errorPageContainer">
-    
+
      <!-- Error Title -->
      <div id="errorTitle">
        <h1 id="errorTitleText" />
      </div>
-      
+
      <!-- LONG CONTENT (the section most likely to require scrolling) -->
      <div id="errorLongContent">
-      
+
        <!-- Short Description -->
        <div id="errorShortDesc">
          <p id="errorShortDescText" />
@@ -41,8 +41,9 @@ function run_test() {
  let spec2 = "http://bar.com/bar.html";
  let uri1 = NetUtil.newURI(spec1);
  let uri2 = NetUtil.newURI(spec2);
-  let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
-  let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
+  const contentPolicyType = Ci.nsIContentPolicy.TYPE_DOCUMENT;
+  let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true, contentPolicyType});
+  let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true, contentPolicyType});

  // Create some file:// URIs.
  let filespec1 = "file://foo.txt";
@@ -70,12 +71,12 @@ function run_test() {
  // hierarchy. We leave that to mochitests.

  // Test isThirdPartyChannel. As above, we can't test the bits that require
-  // a load context or window heirarchy. Because of that, the code assumes
-  // that these are all third-party loads.
+  // a load context or window heirarchy. Because of bug 1259873, we assume
+  // that these are not third-party.
  do_check_throws(function() { util.isThirdPartyChannel(null); },
    NS_ERROR_INVALID_ARG);
-  do_check_true(util.isThirdPartyChannel(channel1));
-  do_check_true(util.isThirdPartyChannel(channel1, uri1));
+  do_check_false(util.isThirdPartyChannel(channel1));
+  do_check_false(util.isThirdPartyChannel(channel1, uri1));
  do_check_true(util.isThirdPartyChannel(channel1, uri2));

  let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
@@ -569,8 +569,15 @@ WebGLContext::GetParameter(JSContext* cx, GLenum pname, ErrorResult& rv)
        case LOCAL_GL_DEPTH_RANGE:
        case LOCAL_GL_ALIASED_POINT_SIZE_RANGE:
        case LOCAL_GL_ALIASED_LINE_WIDTH_RANGE: {
+            GLenum driverPName = pname;
+            if (gl->IsCoreProfile() &&
+                driverPName == LOCAL_GL_ALIASED_POINT_SIZE_RANGE)
+            {
+                driverPName = LOCAL_GL_POINT_SIZE_RANGE;
+            }
+
            GLfloat fv[2] = { 0 };
-            gl->fGetFloatv(pname, fv);
+            gl->fGetFloatv(driverPName, fv);
            JSObject* obj = dom::Float32Array::Create(cx, this, 2, fv);
            if (!obj) {
                rv = NS_ERROR_OUT_OF_MEMORY;
@@ -4,6 +4,7 @@

 malformedURI=The URL is not valid and cannot be loaded.
 fileNotFound=The file %S cannot be found. Please check the location and try again.
+fileAccessDenied=The file at %S is not readable.
 dnsNotFound=%S could not be found. Please check the name and try again.
 unknownProtocolFound=One of the following (%S) is not a registered protocol or is not allowed in this context.
 connectionFailure=The connection was refused when attempting to contact %S.
@@ -39,3 +40,4 @@ remoteXUL=This page uses an unsupported technology that is no longer available b
 tabcrashed=
 sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol.
 weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, the connection to this website has not been established.
+inadequateSecurityError=The website tried to negotiate an inadequate level of security.
@@ -19,6 +19,9 @@
 <!ENTITY fileNotFound.title "File Not Found">
 <!ENTITY fileNotFound.longDesc "<ul><li>Could the item have been renamed, removed, or relocated?</li><li>Is there a spelling, capitalization, or other typographical error in the address?</li><li>Do you have sufficient access permissions to the requested item?</li></ul>">

+<!ENTITY fileAccessDenied.title "Access to the file was denied">
+<!ENTITY fileAccessDenied.longDesc "<ul><li>It may have been removed, moved, or file permissions may be preventing access.</li></ul>">
+
 <!ENTITY generic.title "Cannot Complete Request">
 <!ENTITY generic.longDesc "<p>Additional information about this problem or error is currently unavailable.</p>">

@@ -105,3 +108,8 @@

 <!ENTITY remoteXUL.title "Remote XUL">
 <!ENTITY remoteXUL.longDesc "<p><ul><li>Please contact the website owners to inform them of this problem.</li></ul></p>">
+
+<!ENTITY inadequateSecurityError.title "Your connection is not secure">
+<!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate
+     "NS_ERROR_NET_INADEQUATE_SECURITY". -->
+<!ENTITY inadequateSecurityError.longDesc "<p><span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.</p><p>Error code: NS_ERROR_NET_INADEQUATE_SECURITY</p>">
@@ -0,0 +1,15 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+function handleRequest(request, response) {
+  try {
+    var cookie = request.getHeader("Cookie");
+  } catch (e) {
+    cookie = "EMPTY_COOKIE";
+  }
+
+  // avoid confusing cache behaviors.
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-type", "text/plain", false);
+  response.setStatusLine(request.httpVersion, "200", "OK");
+  response.write(cookie);
+}
@@ -25,6 +25,7 @@ support-files =
  eventDispatch_worker.js
  fibonacci_worker.js
  file_bug1010784_worker.js
+  file_getcookie.sjs
  importScripts_worker.js
  importScripts_worker_imported1.js
  importScripts_worker_imported2.js
@@ -236,6 +237,7 @@ skip-if = buildapp == 'b2g' || toolkit == 'android' #bug 982828
 [test_workersDisabled.html]
 [test_xhr.html]
 [test_xhr2.html]
+[test_xhr_3rdparty.html]
 [test_xhr_headers.html]
 [test_xhr_implicit_cancel.html]
 [test_xhr_parameters.html]
@@ -0,0 +1,74 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests of DOM Worker Threads XHR(Bug 450452 )
+-->
+<head>
+  <title>Test for DOM Worker Threads XHR (Bug 450452 )</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=450452">DOM Worker Threads XHR (Bug 450452)</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+  var worker = new Worker("xhr_worker.js");
+
+  var gotUploadLoad = false, gotLoadend = false;
+
+  worker.onmessage = function(event) {
+    is(event.target, worker);
+    var args = event.data;
+    switch (args.type) {
+      case "progress": {
+        ok(parseInt(args.current) <= parseInt(args.total));
+      } break;
+      case "error": {
+        ok(false, "XHR error: " + args.error);
+      } break;
+      case "upload.load": {
+        gotUploadLoad = true;
+      } break;
+      case "load": {
+        ok(gotUploadLoad, "Should have gotten upload load event");
+        gotLoadend = true;
+        is(args.data, "a=cookie_is_set", "correct data");
+        document.getElementById("content").textContent = args.data;
+      } break;
+      case "loadend": {
+        ok(gotLoadend, "Should have gotten load.");
+        SimpleTest.finish();
+        break;
+      }
+      default: {
+        ok(false, "Unexpected message");
+        SimpleTest.finish();
+      }
+    }
+  };
+
+  worker.onerror = function(event) {
+    is(event.target, worker);
+    ok(false, "Worker had an error:" + event.message);
+    SimpleTest.finish();
+  }
+
+  document.cookie = "a=cookie_is_set";
+  SpecialPowers.pushPrefEnv({ set: [[ "network.cookie.cookieBehavior", 1 ]] },
+                            () => worker.postMessage("file_getcookie.sjs"));
+
+  SimpleTest.waitForExplicitFinish();
+
+</script>
+</pre>
+</body>
+</html>
@@ -50,7 +50,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
  , mParentOuterWindowID(0)
  , mEnforceSecurity(false)
  , mInitialSecurityCheckDone(false)
-  , mIsThirdPartyContext(true)
+  , mIsThirdPartyContext(false)
  , mForcePreflight(false)
  , mIsPreflight(false)
  , mIsFromProcessingFrameAttributes(false)
@@ -58,6 +58,12 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
  MOZ_ASSERT(mLoadingPrincipal);
  MOZ_ASSERT(mTriggeringPrincipal);

+  // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning
+  // that consumers of LoadInfo that don't pass a context or pass a context from
+  // which we can't find a window will default to assuming that they're 1st
+  // party. It would be nice if we could default "safe" and assume that we are
+  // 3rd party until proven otherwise.
+
  // if consumers pass both, aLoadingContext and aLoadingPrincipal
  // then the loadingPrincipal must be the same as the node's principal
  MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||
@@ -151,6 +151,8 @@ Http2Session::Shutdown()
      CloseStream(stream, NS_ERROR_NET_RESET);  // can be restarted
    } else if (stream->RecvdData()) {
      CloseStream(stream, NS_ERROR_NET_PARTIAL_TRANSFER);
+    } else if (mGoAwayReason == INADEQUATE_SECURITY) {
+      CloseStream(stream, NS_ERROR_NET_INADEQUATE_SECURITY);
    } else {
      CloseStream(stream, NS_ERROR_ABORT);
    }
@@ -2270,8 +2272,14 @@ Http2Session::ReadSegmentsAgain(nsAHttpSegmentReader *reader,
             "Inconsistent Write Function Callback");

  nsresult rv = ConfirmTLSProfile();
-  if (NS_FAILED(rv))
+  if (NS_FAILED(rv)) {
+    if (mGoAwayReason == INADEQUATE_SECURITY) {
+      LOG3(("Http2Session::ReadSegments %p returning INADEQUATE_SECURITY %x",
+            this, NS_ERROR_NET_INADEQUATE_SECURITY));
+      rv = NS_ERROR_NET_INADEQUATE_SECURITY;
+    }
    return rv;
+  }

  if (reader)
    mSegmentReader = reader;
@@ -0,0 +1,16 @@
+function handleRequest(request, response)
+{
+  var query = {};
+  request.queryString.split('&').forEach(function (val) {
+    var [name, value] = val.split('=');
+    query[name] = unescape(value);
+  });
+
+  if (request.method == "POST") {
+    setState(query["id"], "ping");
+  } else {
+    var value = getState(query["id"]);
+    response.setHeader("Content-Type", "text/plain", false);
+    response.write(value);
+  }
+}
@@ -0,0 +1,121 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1233914 - ping doesn't honor the TP list here.</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+<p id="display"></p>
+<div id="content" style="display: none">
+</div>
+<pre id="test">
+
+<script class="testbody" type="text/javascript">
+  SimpleTest.requestFlakyTimeout("Delay to make sure ping is made prior than XHR");
+
+  const timeout = 200;
+  const host_nottrack = "http://not-tracking.example.com/";
+  const host_track = "http://trackertest.org/";
+  const path_ping = "tests/toolkit/components/url-classifier/tests/mochitest/ping.sjs";
+  const TP_ENABLE_PREF = "privacy.trackingprotection.enabled";
+
+  function testPingNonBlacklist() {
+    SpecialPowers.setBoolPref(TP_ENABLE_PREF, true);
+
+    var msg = "ping should reach page not in blacklist";
+    var expectPing = true;
+    var id = "1111";
+    ping(id, host_nottrack);
+
+    return new Promise(function(resolve, reject) {
+      setTimeout(function() {
+        isPinged(id, expectPing, msg, resolve);
+      }, timeout);
+    });
+  }
+
+  function testPingBlacklistSafebrowsingOff() {
+    SpecialPowers.setBoolPref(TP_ENABLE_PREF, false);
+
+    var msg = "ping should reach page in blacklist when tracking protection is off";
+    var expectPing = true;
+    var id = "2222";
+    ping(id, host_track);
+
+    return new Promise(function(resolve, reject) {
+      setTimeout(function() {
+        isPinged(id, expectPing, msg, resolve);
+      }, timeout);
+    });
+  }
+
+  function testPingBlacklistSafebrowsingOn() {
+    SpecialPowers.setBoolPref(TP_ENABLE_PREF, true);
+
+    var msg = "ping should not reach page in blacklist when tracking protection is on";
+    var expectPing = false;
+    var id = "3333";
+    ping(id, host_track);
+
+    return new Promise(function(resolve, reject) {
+      setTimeout(function() {
+        isPinged(id, expectPing, msg, resolve);
+      }, timeout);
+    });
+  }
+
+  function ping(id, host) {
+    var elm = document.createElement("a");
+    elm.setAttribute('ping', host + path_ping + "?id=" + id);
+    elm.setAttribute('href', "#");
+    document.body.appendChild(elm);
+
+    // Trigger ping.
+    elm.click();
+
+    document.body.removeChild(elm);
+  }
+
+  function isPinged(id, expected, msg, callback) {
+    var url = "http://mochi.test:8888/" + path_ping;
+    var xhr = new XMLHttpRequest();
+    xhr.open('GET', url + "?id=" + id);
+    xhr.onload = function() {
+      var isPinged = xhr.response === "ping";
+      is(expected, isPinged, msg);
+
+      callback();
+    };
+    xhr.send();
+  }
+
+  function cleanup() {
+    SpecialPowers.clearUserPref(TP_ENABLE_PREF);
+  }
+
+  function runTest() {
+    Promise.resolve()
+      .then(testPingNonBlacklist)
+      .then(testPingBlacklistSafebrowsingOff)
+      .then(testPingBlacklistSafebrowsingOn)
+      .then(function() {
+        SimpleTest.finish();
+      }).catch(function(e) {
+        ok(false, "Some test failed with error " + e);
+        SimpleTest.finish();
+      });
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  SimpleTest.registerCleanupFunction(cleanup);
+  SpecialPowers.pushPrefEnv({"set": [
+    ["browser.send_pings", true],
+    ["urlclassifier.trackingTable", "test-track-simple"],
+  ]}, runTest);
+
+</script>
+</pre>
+</body>
+</html>
@@ -225,6 +225,8 @@
  ERROR(NS_ERROR_PROXY_CONNECTION_REFUSED,  FAILURE(72)),
  /* A transfer was only partially done when it completed. */
  ERROR(NS_ERROR_NET_PARTIAL_TRANSFER,      FAILURE(76)),
+  /* HTTP/2 detected invalid TLS configuration */
+  ERROR(NS_ERROR_NET_INADEQUATE_SECURITY,   FAILURE(82)),

  /* XXX really need to better rationalize these error codes.  are consumers of
   * necko really expected to know how to discern the meaning of these?? */