From f431ddbece55ae788869c3faa5b1529ca37e5521 Mon Sep 17 00:00:00 2001
From: Fedor <fedor@mail.ru>
Date: Thu, 1 Aug 2019 03:19:44 +0300
Subject: [PATCH] Treat all file: URIs as having a unique origin.

---
 modules/libpref/init/all.js |  4 +++
 netwerk/base/nsNetUtil.cpp  | 56 +++++++++++++++++++++----------------
 2 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 04972abfe..7f0e27d4d 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1335,6 +1335,10 @@ pref("image.animation_mode",                "normal");
 // Same-origin policy for file URIs, "false" is traditional
 pref("security.fileuri.strict_origin_policy", true);
 
+// Treat all file URIs as having a unique origin.
+// Only has an effect if strict origin policy is true.
+pref("security.fileuri.unique_origin", true);
+
 // If this pref is true, prefs in the logging.config branch will be cleared on
 // startup. This is done so that setting a log-file and log-modules at runtime
 // doesn't persist across restarts leading to huge logfile and low disk space.
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index 653a9003e..2974e26b0 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -10,6 +10,7 @@
 #include "mozilla/LoadContext.h"
 #include "mozilla/LoadInfo.h"
 #include "mozilla/BasePrincipal.h"
+#include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
 #include "nsNetUtil.h"
 #include "nsNetUtilInlines.h"
@@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
     return false;
   }
 
-  //
-  // If the file to be loaded is in a subdirectory of the source
-  // (or same-dir if source is not a directory) then it will
-  // inherit its source principal and be scriptable by that source.
-  //
-  bool sourceIsDir;
-  bool allowed = false;
-  nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
-  if (NS_SUCCEEDED(rv) && sourceIsDir) {
-    rv = sourceFile->Contains(targetFile, &allowed);
-  } else {
-    nsCOMPtr<nsIFile> sourceParent;
-    rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
-    if (NS_SUCCEEDED(rv) && sourceParent) {
-      rv = sourceParent->Equals(targetFile, &allowed);
-      if (NS_FAILED(rv) || !allowed) {
-        rv = sourceParent->Contains(targetFile, &allowed);
-      } else {
-        MOZ_ASSERT(aAllowDirectoryTarget,
-                   "sourceFile->Parent == targetFile, but targetFile "
-                   "should've been disallowed if it is a directory");
+  bool uniqueOrigin = true;
+  uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
+  
+  // If treating all files as unique origins, we can skip this because
+  // it should always be refused.
+  if (!uniqueOrigin) {
+    //
+    // If the file to be loaded is in a subdirectory of the source
+    // (or same-dir if source is not a directory) then it will
+    // inherit its source principal and be scriptable by that source.
+    //
+    bool sourceIsDir;
+    bool allowed = false;
+    nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
+    if (NS_SUCCEEDED(rv) && sourceIsDir) {
+      rv = sourceFile->Contains(targetFile, &allowed);
+    } else {
+      nsCOMPtr<nsIFile> sourceParent;
+      rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
+      if (NS_SUCCEEDED(rv) && sourceParent) {
+        rv = sourceParent->Equals(targetFile, &allowed);
+        if (NS_FAILED(rv) || !allowed) {
+          rv = sourceParent->Contains(targetFile, &allowed);
+        } else {
+          MOZ_ASSERT(aAllowDirectoryTarget,
+                     "sourceFile->Parent == targetFile, but targetFile "
+                     "should've been disallowed if it is a directory");
+        }
       }
     }
-  }
 
-  if (NS_SUCCEEDED(rv) && allowed) {
-    return true;
+    if (NS_SUCCEEDED(rv) && allowed) {
+      return true;
+    }
   }
 
   return false;