[tor-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 22343: Make 'Save Page As' obey first-party isolation

gk at torproject.org gk at torproject.org
Thu Nov 15 20:35:28 UTC 2018


commit c2b7e89ecaf3ea6a14a650a0a71c6dc3ebb02c50
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Tue May 30 10:25:34 2017 -0700

    Bug 22343: Make 'Save Page As' obey first-party isolation
    
    Fixes:
    * File menu:
      - Save Page As
    * Context menu in content pages:
      - Save Page As
      - Save Image As
      - Save Video As
      - Save Link As
      - Save Frame As
    * Page Info "Media" Panel:
      - Save As
---
 browser/base/content/browser.js                |  2 +-
 browser/base/content/nsContextMenu.js          | 39 ++++++++++++++++++--------
 browser/base/content/pageinfo/pageInfo.js      |  5 ++--
 browser/base/content/utilityOverlay.js         |  6 ++--
 dom/webbrowserpersist/nsIWebBrowserPersist.idl |  9 +++++-
 dom/webbrowserpersist/nsWebBrowserPersist.cpp  | 18 ++++++++++--
 dom/webbrowserpersist/nsWebBrowserPersist.h    |  2 ++
 mobile/android/chrome/content/browser.js       |  6 ++--
 netwerk/base/LoadContextInfo.cpp               | 18 ++++++++++--
 toolkit/components/browser/nsWebBrowser.cpp    | 12 ++++++++
 toolkit/content/contentAreaUtils.js            | 32 +++++++++++++++------
 11 files changed, 115 insertions(+), 34 deletions(-)

diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 0fc6a72daf66..5eed34e08086 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -6175,7 +6175,7 @@ function handleLinkClick(event, href, linkNode) {
 
   if (where == "save") {
     saveURL(href, linkNode ? gatherTextUnder(linkNode) : "", null, true,
-            true, doc.documentURIObject, doc);
+            true, doc.documentURIObject, doc, undefined, doc.nodePrincipal);
     event.preventDefault();
     return true;
   }
diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js
index 368d0475ac34..37ebde22ea07 100644
--- a/browser/base/content/nsContextMenu.js
+++ b/browser/base/content/nsContextMenu.js
@@ -989,9 +989,11 @@ nsContextMenu.prototype = {
     let onMessage = (message) => {
       mm.removeMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage);
       let dataURL = message.data.dataURL;
+      const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        makeURI(dataURL), this.principal.originAttributes);
       saveImageURL(dataURL, name, "SaveImageTitle", true, false,
                    document.documentURIObject, null, null, null,
-                   isPrivate);
+                   isPrivate, principal);
     };
     mm.addMessageListener("ContextMenu:SaveVideoFrameAsImage:Result", onMessage);
   },
@@ -1063,7 +1065,7 @@ nsContextMenu.prototype = {
   // Helper function to wait for appropriate MIME-type headers and
   // then prompt the user with a file picker
   saveHelper(linkURL, linkText, dialogTitle, bypassCache, doc, docURI,
-             windowID, linkDownload, isContentWindowPrivate) {
+             windowID, linkDownload, isContentWindowPrivate, contentPrincipal) {
     // canonical def in nsURILoader.h
     const NS_ERROR_SAVE_LINK_AS_TIMEOUT = 0x805d0020;
 
@@ -1116,7 +1118,7 @@ nsContextMenu.prototype = {
           // do it the old fashioned way, which will pick the best filename
           // it can without waiting.
           saveURL(linkURL, linkText, dialogTitle, bypassCache, false, docURI,
-                  doc, isContentWindowPrivate);
+                  doc, isContentWindowPrivate, contentPrincipal);
         }
         if (this.extListener)
           this.extListener.onStopRequest(aRequest, aContext, aStatusCode);
@@ -1156,10 +1158,13 @@ nsContextMenu.prototype = {
       }
     };
 
+    const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      makeURI(linkURL), this.principal.originAttributes);
+
     // setting up a new channel for 'right click - save link as ...'
     var channel = NetUtil.newChannel({
                     uri: makeURI(linkURL),
-                    loadingPrincipal: this.principal,
+                    loadingPrincipal: principal,
                     contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
                     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
                   });
@@ -1201,14 +1206,17 @@ nsContextMenu.prototype = {
 
   // Save URL of clicked-on link.
   saveLink() {
-    urlSecurityCheck(this.linkURL, this.principal);
+    const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      makeURI(this.linkURL), this.principal.originAttributes);
+    urlSecurityCheck(this.linkURL, principal);
 
     let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined;
     this.saveHelper(this.linkURL, this.linkTextStr, null, true, this.ownerDoc,
                     gContextMenuContentData.documentURIObject,
                     this.frameOuterWindowID,
                     this.linkDownload,
-                    isContentWindowPrivate);
+                    isContentWindowPrivate,
+                    principal);
   },
 
   // Backwards-compatibility wrapper
@@ -1223,23 +1231,32 @@ nsContextMenu.prototype = {
     let isContentWindowPrivate = this.isRemote ? this.ownerDoc.isPrivate : undefined;
     let referrerURI = gContextMenuContentData.documentURIObject;
     let isPrivate = PrivateBrowsingUtils.isBrowserPrivate(this.browser);
+    let thisPrincipal = this.principal;
     if (this.onCanvas) {
       // Bypass cache, since it's a data: URL.
       this._canvasToBlobURL(this.target).then(function(blobURL) {
+        const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+          makeURI(blobURL), thisPrincipal.originAttributes);
         saveImageURL(blobURL, "canvas.png", "SaveImageTitle",
                      true, false, referrerURI, null, null, null,
-                     isPrivate);
+                     isPrivate, principal);
       }, Cu.reportError);
     } else if (this.onImage) {
-      urlSecurityCheck(this.mediaURL, this.principal);
+      const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        makeURI(this.mediaURL), thisPrincipal.originAttributes);
+      urlSecurityCheck(this.mediaURL, principal);
       saveImageURL(this.mediaURL, null, "SaveImageTitle", false,
                    false, referrerURI, null, gContextMenuContentData.contentType,
-                   gContextMenuContentData.contentDisposition, isPrivate);
+                   gContextMenuContentData.contentDisposition, isPrivate,
+                   principal);
     } else if (this.onVideo || this.onAudio) {
-      urlSecurityCheck(this.mediaURL, this.principal);
+      const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        makeURI(this.mediaURL), thisPrincipal.originAttributes);
+      urlSecurityCheck(this.mediaURL, principal);
       var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle";
       this.saveHelper(this.mediaURL, null, dialogTitle, false, doc, referrerURI,
-                      this.frameOuterWindowID, "", isContentWindowPrivate);
+                      this.frameOuterWindowID, "", isContentWindowPrivate,
+                      principal);
     }
   },
 
diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js
index 86f548c74494..efe24f7487d9 100644
--- a/browser/base/content/pageinfo/pageInfo.js
+++ b/browser/base/content/pageinfo/pageInfo.js
@@ -696,7 +696,7 @@ function saveMedia() {
         titleKey = "SaveAudioTitle";
 
       saveURL(url, null, titleKey, false, false, makeURI(item.baseURI),
-              null, gDocInfo.isContentWindowPrivate);
+              null, gDocInfo.isContentWindowPrivate, gDocInfo.principal);
     }
   } else {
     selectSaveFolder(function(aDirectory) {
@@ -704,7 +704,8 @@ function saveMedia() {
         var saveAnImage = function(aURIString, aChosenData, aBaseURI) {
           uniqueFile(aChosenData.file);
           internalSave(aURIString, null, null, null, null, false, "SaveImageTitle",
-                       aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate);
+                       aChosenData, aBaseURI, null, false, null, gDocInfo.isContentWindowPrivate,
+                       gDocInfo.principal);
         };
 
         for (var i = 0; i < rowArray.length; i++) {
diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js
index b73a01a0b0f3..4cd7d91e4e9a 100644
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -258,14 +258,16 @@ function openLinkIn(url, where, params) {
 
     // ContentClick.jsm passes isContentWindowPrivate for saveURL instead of passing a CPOW initiatingDoc
     if ("isContentWindowPrivate" in params) {
-      saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, null, params.isContentWindowPrivate);
+      saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI,
+              null, params.isContentWindowPrivate,
+              aPrincipal || aTriggeringPrincipal);
     } else {
       if (!aInitiatingDoc) {
         Cu.reportError("openUILink/openLinkIn was called with " +
           "where == 'save' but without initiatingDoc.  See bug 814264.");
         return;
       }
-      saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc);
+      saveURL(url, null, null, true, true, aNoReferrer ? null : aReferrerURI, aInitiatingDoc, params.isContentWindowPrivate, aPrincipal || aTriggeringPrincipal);
     }
     return;
   }
diff --git a/dom/webbrowserpersist/nsIWebBrowserPersist.idl b/dom/webbrowserpersist/nsIWebBrowserPersist.idl
index 8de84f5e2904..62ac1c1cd7bd 100644
--- a/dom/webbrowserpersist/nsIWebBrowserPersist.idl
+++ b/dom/webbrowserpersist/nsIWebBrowserPersist.idl
@@ -13,11 +13,12 @@ interface nsIWebProgressListener;
 interface nsIFile;
 interface nsIChannel;
 interface nsILoadContext;
+interface nsIPrincipal;
 
 /**
  * Interface for persisting DOM documents and URIs to local or remote storage.
  */
-[scriptable, uuid(8cd752a4-60b1-42c3-a819-65c7a1138a28)]
+[scriptable, uuid(ccdbc750-be09-4f11-bb01-4e0a4db76c41)]
 interface nsIWebBrowserPersist : nsICancelable
 {
   /** No special persistence behaviour. */
@@ -112,6 +113,12 @@ interface nsIWebBrowserPersist : nsICancelable
   attribute nsIWebProgressListener progressListener;
 
   /**
+   * This attribute can be used to set the loading principal
+   * of the document or URI to be persisted.
+   */
+  attribute nsIPrincipal loadingPrincipal;
+
+  /**
    * Save the specified URI to file.
    *
    * @param aURI       URI to save to file. Some implementations of this interface
diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.cpp b/dom/webbrowserpersist/nsWebBrowserPersist.cpp
index fd6d9d0d9315..4f49b63475f3 100644
--- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp
+++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp
@@ -277,6 +277,7 @@ const char *kWebBrowserPersistStringBundle =
 nsWebBrowserPersist::nsWebBrowserPersist() :
     mCurrentDataPathIsRelative(false),
     mCurrentThingsToPersist(0),
+    mLoadingPrincipal(nsContentUtils::GetSystemPrincipal()),
     mFirstAndOnlyUse(true),
     mSavingDocument(false),
     mCancel(false),
@@ -413,6 +414,19 @@ NS_IMETHODIMP nsWebBrowserPersist::SetProgressListener(
     return NS_OK;
 }
 
+NS_IMETHODIMP nsWebBrowserPersist::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
+{
+    *loadingPrincipal = mLoadingPrincipal;
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsWebBrowserPersist::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
+{
+    mLoadingPrincipal = loadingPrincipal ? loadingPrincipal :
+        nsContentUtils::GetSystemPrincipal();
+    return NS_OK;
+}
+
 NS_IMETHODIMP nsWebBrowserPersist::SaveURI(
     nsIURI *aURI, nsISupports *aCacheKey,
     nsIURI *aReferrer, uint32_t aReferrerPolicy,
@@ -1385,7 +1399,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
     nsCOMPtr<nsIChannel> inputChannel;
     rv = NS_NewChannel(getter_AddRefs(inputChannel),
                        aURI,
-                       nsContentUtils::GetSystemPrincipal(),
+                       mLoadingPrincipal,
                        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                        nsIContentPolicy::TYPE_OTHER,
                        nullptr,  // aPerformanceStorage
@@ -2756,7 +2770,7 @@ nsWebBrowserPersist::CreateChannelFromURI(nsIURI *aURI, nsIChannel **aChannel)
 
     rv = NS_NewChannel(aChannel,
                        aURI,
-                       nsContentUtils::GetSystemPrincipal(),
+                       mLoadingPrincipal,
                        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                        nsIContentPolicy::TYPE_OTHER);
     NS_ENSURE_SUCCESS(rv, rv);
diff --git a/dom/webbrowserpersist/nsWebBrowserPersist.h b/dom/webbrowserpersist/nsWebBrowserPersist.h
index 17b570d783e7..f95300be12cb 100644
--- a/dom/webbrowserpersist/nsWebBrowserPersist.h
+++ b/dom/webbrowserpersist/nsWebBrowserPersist.h
@@ -147,6 +147,8 @@ private:
     nsCOMPtr<nsIMIMEService>  mMIMEService;
     nsCOMPtr<nsIURI>          mURI;
     nsCOMPtr<nsIWebProgressListener> mProgressListener;
+    nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
+
     /**
      * Progress listener for 64-bit values; this is the same object as
      * mProgressListener, but is a member to avoid having to qi it for each
diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js
index d081fde9b20e..51fe1422acc5 100644
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -886,10 +886,10 @@ var BrowserApp = {
             if (!permissionGranted) {
                 return;
             }
-
+            let doc = aTarget.ownerDocument;
             ContentAreaUtils.saveImageURL(aTarget.currentRequestFinalURI.spec, null, "SaveImageTitle",
-                                          false, true, aTarget.ownerDocument.documentURIObject,
-                                          aTarget.ownerDocument);
+                                          false, true, doc.documentURIObject,
+                                          null, null, null, doc.isPrivate, doc.nodePrincipal);
         });
       });
 
diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp
index 79f870e8d20d..1218345b63ed 100644
--- a/netwerk/base/LoadContextInfo.cpp
+++ b/netwerk/base/LoadContextInfo.cpp
@@ -121,8 +121,6 @@ GetLoadContextInfo(nsIChannel * aChannel)
 {
   nsresult rv;
 
-  DebugOnly<bool> pb = NS_UsePrivateBrowsing(aChannel);
-
   bool anon = false;
   nsLoadFlags loadFlags;
   rv = aChannel->GetLoadFlags(&loadFlags);
@@ -132,7 +130,21 @@ GetLoadContextInfo(nsIChannel * aChannel)
 
   OriginAttributes oa;
   NS_GetOriginAttributes(aChannel, oa);
-  MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
+
+#ifdef DEBUG
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+  if (loadInfo) {
+    nsCOMPtr<nsIPrincipal> principal = loadInfo->LoadingPrincipal();
+    if (principal) {
+      bool chrome;
+      principal->GetIsSystemPrincipal(&chrome);
+      if (!chrome) {
+        bool pb = NS_UsePrivateBrowsing(aChannel);
+        MOZ_ASSERT(pb == (oa.mPrivateBrowsingId > 0));
+      }
+    }
+  }
+#endif
 
   return new LoadContextInfo(anon, oa);
 }
diff --git a/toolkit/components/browser/nsWebBrowser.cpp b/toolkit/components/browser/nsWebBrowser.cpp
index 40ac82210502..ff1e728243b4 100644
--- a/toolkit/components/browser/nsWebBrowser.cpp
+++ b/toolkit/components/browser/nsWebBrowser.cpp
@@ -997,6 +997,18 @@ nsWebBrowser::SetProgressListener(nsIWebProgressListener* aProgressListener)
 }
 
 NS_IMETHODIMP
+nsWebBrowser::GetLoadingPrincipal(nsIPrincipal** loadingPrincipal)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsWebBrowser::SetLoadingPrincipal(nsIPrincipal* loadingPrincipal)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
 nsWebBrowser::SaveURI(nsIURI* aURI,
                       nsISupports* aCacheKey,
                       nsIURI* aReferrer,
diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js
index 48cf448798a5..e213a0e4333e 100644
--- a/toolkit/content/contentAreaUtils.js
+++ b/toolkit/content/contentAreaUtils.js
@@ -62,14 +62,14 @@ function forbidCPOW(arg, func, argname) {
 // - A linked document using Alt-click Save Link As...
 //
 function saveURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
-                 aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate) {
+                 aSkipPrompt, aReferrer, aSourceDocument, aIsContentWindowPrivate,
+                 aContentPrincipal) {
   forbidCPOW(aURL, "saveURL", "aURL");
   forbidCPOW(aReferrer, "saveURL", "aReferrer");
   // Allow aSourceDocument to be a CPOW.
-
   internalSave(aURL, null, aFileName, null, null, aShouldBypassCache,
                aFilePickerTitleKey, null, aReferrer, aSourceDocument,
-               aSkipPrompt, null, aIsContentWindowPrivate);
+               aSkipPrompt, null, aIsContentWindowPrivate, aContentPrincipal);
 }
 
 // Just like saveURL, but will get some info off the image before
@@ -109,10 +109,12 @@ const nsISupportsCString = Ci.nsISupportsCString;
  * @param aIsContentWindowPrivate (bool)
  *        Whether or not the containing window is in private browsing mode.
  *        Does not need to be provided is aDoc is passed.
+ * @param aContentPrincipal [optional]
+ *        The principal to be used for fetching and saving the target URL.
  */
 function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
                       aSkipPrompt, aReferrer, aDoc, aContentType, aContentDisp,
-                      aIsContentWindowPrivate) {
+                      aIsContentWindowPrivate, aContentPrincipal) {
   forbidCPOW(aURL, "saveImageURL", "aURL");
   forbidCPOW(aReferrer, "saveImageURL", "aReferrer");
 
@@ -156,7 +158,8 @@ function saveImageURL(aURL, aFileName, aFilePickerTitleKey, aShouldBypassCache,
 
   internalSave(aURL, null, aFileName, aContentDisp, aContentType,
                aShouldBypassCache, aFilePickerTitleKey, null, aReferrer,
-               null, aSkipPrompt, null, aIsContentWindowPrivate);
+               null, aSkipPrompt, null, aIsContentWindowPrivate,
+               aContentPrincipal);
 }
 
 // This is like saveDocument, but takes any browser/frame-like element
@@ -170,7 +173,7 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) {
   let stack = Components.stack.caller;
   persistable.startPersistence(aOuterWindowID, {
     onDocumentReady(document) {
-      saveDocument(document, aSkipPrompt);
+      saveDocument(document, aSkipPrompt, aBrowser.contentPrincipal);
     },
     onError(status) {
       throw new Components.Exception("saveBrowser failed asynchronously in startPersistence",
@@ -186,7 +189,9 @@ function saveBrowser(aBrowser, aSkipPrompt, aOuterWindowID = 0) {
 // case "save as" modes that serialize the document's DOM are
 // unavailable.  This is a temporary measure for the "Save Frame As"
 // command (bug 1141337) and pre-e10s add-ons.
-function saveDocument(aDocument, aSkipPrompt) {
+//
+// aContentPrincipal is the principal for downloading and saving the document.
+function saveDocument(aDocument, aSkipPrompt, aContentPrincipal) {
   if (!aDocument)
     throw "Must have a document when calling saveDocument";
 
@@ -241,7 +246,7 @@ function saveDocument(aDocument, aSkipPrompt) {
   internalSave(aDocument.documentURI, aDocument, null, contentDisposition,
                aDocument.contentType, false, null, null,
                aDocument.referrer ? makeURI(aDocument.referrer) : null,
-               aDocument, aSkipPrompt, cacheKey);
+               aDocument, aSkipPrompt, cacheKey, undefined, aContentPrincipal);
 }
 
 function DownloadListener(win, transfer) {
@@ -350,11 +355,13 @@ XPCOMUtils.defineConstant(this, "kSaveAsType_Text", kSaveAsType_Text);
  *        This parameter is provided when the aInitiatingDocument is not a
  *        real document object. Stores whether aInitiatingDocument.defaultView
  *        was private or not.
+ * @param aContentPrincipal [optional]
+ *        The principal to be used for fetching and saving the target URL.
  */
 function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
                       aContentType, aShouldBypassCache, aFilePickerTitleKey,
                       aChosenData, aReferrer, aInitiatingDocument, aSkipPrompt,
-                      aCacheKey, aIsContentWindowPrivate) {
+                      aCacheKey, aIsContentWindowPrivate, aContentPrincipal) {
   forbidCPOW(aURL, "internalSave", "aURL");
   forbidCPOW(aReferrer, "internalSave", "aReferrer");
   forbidCPOW(aCacheKey, "internalSave", "aCacheKey");
@@ -423,6 +430,7 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
     let nonCPOWDocument =
       aDocument && !Cu.isCrossProcessWrapper(aDocument);
 
+
     let isPrivate = aIsContentWindowPrivate;
     if (isPrivate === undefined) {
       isPrivate = aInitiatingDocument instanceof Ci.nsIDOMDocument
@@ -440,6 +448,7 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
       sourcePostData: nonCPOWDocument ? getPostData(aDocument) : null,
       bypassCache: aShouldBypassCache,
       isPrivate,
+      loadingPrincipal: aContentPrincipal,
     };
 
     // Start the actual save process
@@ -476,10 +485,15 @@ function internalSave(aURL, aDocument, aDefaultFileName, aContentDisposition,
  *        If true, the document will always be refetched from the server
  * @param persistArgs.isPrivate
  *        Indicates whether this is taking place in a private browsing context.
+ * @param persistArgs.loadingPrincipal
+ *        The principal assigned to the document being saved.
  */
 function internalPersist(persistArgs) {
   var persist = makeWebBrowserPersist();
 
+  if (["http", "https", "ftp"].includes(persistArgs.sourceURI.scheme)) {
+    persist.loadingPrincipal = persistArgs.loadingPrincipal;
+  }
   // Calculate persist flags.
   const nsIWBP = Ci.nsIWebBrowserPersist;
   const flags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES |



More information about the tor-commits mailing list