Bug 1160017 part 1 - Remove fullscreen permission code from nsDocument. r=smaug

dom/base/Element.cpp

@@ -3117,10 +3117,6 @@ GetFullScreenError(nsIDocument* aDoc)
     return "FullScreenDeniedNotInputDriven";
   }
 
-  if (nsContentUtils::IsSitePermDeny(aDoc->NodePrincipal(), "fullscreen")) {
-    return "FullScreenDeniedBlocked";
-  }
-
   return nullptr;
 }
 

dom/base/nsDocument.cpp

@@ -11349,9 +11349,7 @@ nsDocument::RestorePreviousFullScreenState()
         // a fullscreen element in a parent document. If this document isn't
         // approved for fullscreen, or if it's cross origin, dispatch an
         // event to chrome so it knows to show the authorization/warning UI.
-        if (!nsContentUtils::HaveEqualPrincipals(fullScreenDoc, doc) ||
-            (!nsContentUtils::IsSitePermAllow(doc->NodePrincipal(), "fullscreen") &&
-             !static_cast<nsDocument*>(doc)->mIsApprovedForFullscreen)) {
+        if (!nsContentUtils::HaveEqualPrincipals(fullScreenDoc, doc)) {
           DispatchCustomEventWithFlush(
             doc, NS_LITERAL_STRING("MozDOMFullscreen:NewOrigin"),
             /* Bubbles */ true, /* ChromeOnly */ true);
@@ -11419,41 +11417,6 @@ LogFullScreenDenied(bool aLogFailure, const char* aMessage, nsIDocument* aDoc)
                                   aMessage);
 }
 
-nsresult
-nsDocument::AddFullscreenApprovedObserver()
-{
-  if (mHasFullscreenApprovedObserver) {
-    return NS_OK;
-  }
-
-  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
-  NS_ENSURE_TRUE(os, NS_ERROR_FAILURE);
-
-  nsresult res = os->AddObserver(this, "fullscreen-approved", true);
-  NS_ENSURE_SUCCESS(res, res);
-
-  mHasFullscreenApprovedObserver = true;
-
-  return NS_OK;
-}
-
-nsresult
-nsDocument::RemoveFullscreenApprovedObserver()
-{
-  if (!mHasFullscreenApprovedObserver) {
-    return NS_OK;
-  }
-  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
-  NS_ENSURE_TRUE(os, NS_ERROR_FAILURE);
-
-  nsresult res = os->RemoveObserver(this, "fullscreen-approved");
-  NS_ENSURE_SUCCESS(res, res);
-
-  mHasFullscreenApprovedObserver = false;
-
-  return NS_OK;
-}
-
 void
 nsDocument::CleanupFullscreenState()
 {
@@ -11471,8 +11434,6 @@ nsDocument::CleanupFullscreenState()
     }
     mFullScreenStack.Clear();
   }
-  SetApprovedForFullscreen(false);
-  RemoveFullscreenApprovedObserver();
   mFullscreenRoot = nullptr;
 }
 
@@ -11817,8 +11778,6 @@ nsDocument::ApplyFullscreen(const FullscreenRequest& aRequest)
   // to detect if the origin which is fullscreen has changed.
   nsCOMPtr<nsIDocument> previousFullscreenDoc = GetFullscreenLeaf(this);
 
-  AddFullscreenApprovedObserver();
-
   // Stores a list of documents which we must dispatch "mozfullscreenchange"
   // too. We're required by the spec to dispatch the events in root-to-leaf
   // order, but we traverse the doctree in a leaf-to-root order, so we save
@@ -11875,25 +11834,13 @@ nsDocument::ApplyFullscreen(const FullscreenRequest& aRequest)
     }
   }
 
-  // If this document hasn't already been approved in this session,
-  // check to see if the user has granted the fullscreen access
-  // to the document's principal's host, if it has one. Note that documents
-  // in web apps which are the same origin as the web app are considered
-  // trusted and so are automatically approved.
-  if (!mIsApprovedForFullscreen) {
-    mIsApprovedForFullscreen =
-      !Preferences::GetBool("full-screen-api.approval-required") ||
-      NodePrincipal()->GetAppStatus() >= nsIPrincipal::APP_STATUS_INSTALLED ||
-      nsContentUtils::IsSitePermAllow(NodePrincipal(), "fullscreen");
-  }
-
   FullscreenRoots::Add(this);
 
   // If it is the first entry of the fullscreen, trigger an event so
   // that the UI can response to this change, e.g. hide chrome, or
   // notifying parent process to enter fullscreen. Note that chrome
   // code may also want to listen to MozDOMFullscreen:NewOrigin event
-  // to pop up warning/approval UI.
+  // to pop up warning UI.
   if (!previousFullscreenDoc) {
     nsContentUtils::DispatchEventOnlyToChrome(
       this, ToSupports(elem), NS_LITERAL_STRING("MozDOMFullscreen:Entered"),
@@ -11901,7 +11848,7 @@ nsDocument::ApplyFullscreen(const FullscreenRequest& aRequest)
   }
 
   // The origin which is fullscreen gets changed. Trigger an event so
-  // that the chrome knows to pop up a warning/approval UI. Note that
+  // that the chrome knows to pop up a warning UI. Note that
   // previousFullscreenDoc == nullptr upon first entry, so we always
   // take this path on the first entry. Also note that, in a multi-
   // process browser, the code in content process is responsible for
@@ -12090,15 +12037,13 @@ public:
       return NS_OK;
     }
 
-    // We're about to enter fullscreen mode.
     nsDocument* doc = static_cast<nsDocument*>(d.get());
-    if (doc->mPendingFullscreenRequests > 0 ||
-        (doc->mHasFullscreenApprovedObserver && !doc->mIsApprovedForFullscreen)) {
-      // We're still waiting for approval.
+    if (doc->mPendingFullscreenRequests > 0) {
+      // We're still entering fullscreen.
       return NS_OK;
     }
 
-    if (doc->mIsApprovedForFullscreen || doc->mAllowRelocking) {
+    if (doc->IsFullScreenDoc() || doc->mAllowRelocking) {
       Allow(JS::UndefinedHandleValue);
       return NS_OK;
     }
@@ -12203,8 +12148,7 @@ nsPointerLockPermissionRequest::Allow(JS::HandleValue aChoices)
   nsCOMPtr<nsIDocument> doc = do_QueryReferent(mDocument);
   nsDocument* d = static_cast<nsDocument*>(doc.get());
   if (!e || !d || gPendingPointerLockRequest != this ||
-      e->GetUncomposedDoc() != d ||
-      (!mUserInputOrChromeCaller && !d->mIsApprovedForFullscreen)) {
+      e->GetUncomposedDoc() != d) {
     Handled();
     DispatchPointerLockError(d);
     return NS_OK;
@@ -12253,12 +12197,6 @@ nsPointerLockPermissionRequest::GetRequester(nsIContentPermissionRequester** aRe
   return NS_OK;
 }
 
-void
-nsDocument::SetApprovedForFullscreen(bool aIsApproved)
-{
-  mIsApprovedForFullscreen = aIsApproved;
-}
-
 static void
 RedispatchPendingPointerLockRequest(nsIDocument* aDocument)
 {
@@ -12278,7 +12216,7 @@ RedispatchPendingPointerLockRequest(nsIDocument* aDocument)
   }
 
   // We have a request pending on the document which may previously be
-  // blocked for fullscreen approval. Create a clone and re-dispatch it
+  // blocked for fullscreen change. Create a clone and re-dispatch it
   // to guarantee that Run() method gets called again.
   bool userInputOrChromeCaller =
     gPendingPointerLockRequest->mUserInputOrChromeCaller;
@@ -12293,14 +12231,7 @@ nsDocument::Observe(nsISupports *aSubject,
                     const char *aTopic,
                     const char16_t *aData)
 {
-  if (strcmp("fullscreen-approved", aTopic) == 0) {
-    nsCOMPtr<nsIDocument> subject(do_QueryInterface(aSubject));
-    if (subject != this) {
-      return NS_OK;
-    }
-    SetApprovedForFullscreen(true);
-    RedispatchPendingPointerLockRequest(this);
-  } else if (strcmp("app-theme-changed", aTopic) == 0) {
+  if (strcmp("app-theme-changed", aTopic) == 0) {
     if (!nsContentUtils::IsSystemPrincipal(NodePrincipal()) &&
         !IsUnstyledDocument()) {
       // We don't want to style the chrome window, only app ones.

dom/base/nsDocument.h

@@ -1208,7 +1208,6 @@ public:
   virtual void RestorePreviousFullScreenState() override;
   virtual bool IsFullscreenLeaf() override;
   virtual bool IsFullScreenDoc() override;
-  virtual void SetApprovedForFullscreen(bool aIsApproved) override;
   virtual nsresult
     RemoteFrameFullscreenChanged(nsIDOMElement* aFrameElement) override;
 
@@ -1254,13 +1253,6 @@ public:
   // styles from the top element in the stack.
   void CleanupFullscreenState();
 
-  // Add/remove "fullscreen-approved" observer service notification listener.
-  // Chrome sends us a notification when fullscreen is approved for a
-  // document, with the notification subject as the document that was approved.
-  // We maintain this listener while in fullscreen mode.
-  nsresult AddFullscreenApprovedObserver();
-  nsresult RemoveFullscreenApprovedObserver();
-
   // Pushes aElement onto the full-screen stack, and removes full-screen styles
   // from the former full-screen stack top, and its ancestors, and applies the
   // styles to aElement. aElement becomes the new "full-screen element".
@@ -1661,26 +1653,6 @@ public:
   // terminated instead of letting it finish at its own pace.
   bool mParserAborted:1;
 
-  // Whether this document has been approved for fullscreen, either by explicit
-  // approval via the fullscreen-approval UI, or because it received
-  // approval because its document's host already had the "fullscreen"
-  // permission granted when the document requested fullscreen.
-  // 
-  // Note if a document's principal doesn't have a host, the permission manager
-  // can't store permissions for it, so we can only manage approval using this
-  // flag.
-  //
-  // Note we must track this separately from the "fullscreen" permission,
-  // so that pending pointer lock requests can determine whether documents
-  // whose principal doesn't have a host (i.e. those which can't store
-  // permissions in the permission manager) have been approved for fullscreen.
-  bool mIsApprovedForFullscreen:1;
-
-  // Whether this document has a fullscreen approved observer. Only documents
-  // which request fullscreen and which don't have a pre-existing approval for
-  // fullscreen will have an observer.
-  bool mHasFullscreenApprovedObserver:1;
-
   friend class nsPointerLockPermissionRequest;
   friend class nsCallRequestFullScreen;
   // When set, trying to lock the pointer doesn't require permission from the

dom/base/nsIDocument.h

@@ -152,8 +152,8 @@ typedef CallbackObjectHolder<NodeFilter, nsIDOMNodeFilter> NodeFilterHolder;
 } // namespace mozilla
 
 #define NS_IDOCUMENT_IID \
-{ 0x21bbd52a, 0xc2d2, 0x4b2f, \
-  { 0xbc, 0x6c, 0xc9, 0x52, 0xbe, 0x23, 0x6b, 0x19 } }
+{ 0xbbce44c8, 0x22fe, 0x404f, \
+  { 0x9e, 0x71, 0x23, 0x1d, 0xf4, 0xcc, 0x8e, 0x34 } }
 
 // Enum for requesting a particular type of document when creating a doc
 enum DocumentFlavor {
@@ -1156,14 +1156,6 @@ public:
    */
   virtual void SetFullscreenRoot(nsIDocument* aRoot) = 0;
 
-  /**
-   * Sets whether this document is approved for fullscreen mode.
-   * Documents aren't approved for fullscreen until chrome has sent a
-   * "fullscreen-approved" notification with a subject which is a pointer
-   * to the approved document.
-   */
-  virtual void SetApprovedForFullscreen(bool aIsApproved) = 0;
-
   /**
    * Synchronously cleans up the fullscreen state on the given document.
    *

dom/html/test/file_fullscreen-esc-context-menu.html

@@ -56,9 +56,7 @@ function begin() {
   ok(contextMenu, "Got context menu XUL");
 
   addFullscreenChangeContinuation("enter", fullscreenEntered);
-  SpecialPowers.pushPrefEnv({"set":[["full-screen-api.approval-required", false]]}, function() {
-    document.body.mozRequestFullScreen();
-  });
+  document.body.mozRequestFullScreen();
 }
 
 function finish() {

dom/locales/en-US/chrome/dom/dom.properties

@@ -65,7 +65,6 @@ nsIJSONDecodeDeprecatedWarning=nsIJSON.decode is deprecated.  Please use JSON.pa
 nsIJSONEncodeDeprecatedWarning=nsIJSON.encode is deprecated.  Please use JSON.stringify instead.
 nsIDOMWindowInternalWarning=Use of nsIDOMWindowInternal is deprecated. Use nsIDOMWindow instead.
 InputEncodingWarning=Use of inputEncoding is deprecated.
-FullScreenDeniedBlocked=Request for full-screen was denied because this domain has been blocked from full-screen by user.
 FullScreenDeniedDisabled=Request for full-screen was denied because full-screen API is disabled by user preference.
 FullScreenDeniedFocusedPlugin=Request for full-screen was denied because a windowed plugin is focused.
 FullScreenDeniedHidden=Request for full-screen was denied because the document is no longer visible.

dom/tests/mochitest/pointerlock/file_approval.html

@@ -1,66 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--https://bugzilla.mozilla.org/show_bug.cgi?id=746885-->
-<head>
-  <title>Bug 746885</title>
-  <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
-  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <script type="application/javascript" src="pointerlock_utils.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-</head>
-<body>
-  <a target="_blank"
-    href="https://bugzilla.mozilla.org/show_bug.cgi?id=746885">
-    Mozilla Bug 746885
-  </a>
-  <div id="div"></div>
-  <pre id="test">
-    <script type="text/javascript">
-      /*
-       * Test for Bug 746885
-       * When requesting pointer lock on a domain that doesn't have fullscreen
-       * permission, the pointer lock request should be delayed until approval
-       * has been granted.
-       */
-
-      SimpleTest.waitForExplicitFinish();
-      
-      // Ensure fullscreen won't be automatically granted for this document's domain.
-      SpecialPowers.removeFullscreenAllowed(document);
-
-      var div = document.getElementById("div");
-      var isApproved = false;
-
-      document.addEventListener("mozpointerlockchange",
-        function (e) {
-          is(isApproved, true, "Should only receive mozpointerlockchange when we've been approved for fullscreen.");
-          document.mozCancelFullScreen();
-        }, false);
-
-      function approveFullscreen() {
-        isApproved = true;
-        SpecialPowers.setFullscreenAllowed(document);
-      }
-      
-      document.addEventListener("mozfullscreenchange", function(e) {
-        if (document.mozFullScreenElement === div) {
-          // First entered fullscreen. Request pointer lock...
-          div.mozRequestPointerLock();
-          // ... But only approve fullscreen after a delay, giving the pointer
-          // lock request time to run if it were going to. Note we need two timeouts
-          // here to because if we were to fail and the pointer lock request were to
-          // succeed without approval, we'd need to give it time to run, and time for
-          // its asynchronously dispatched mozpointerlockchange to run.
-          setTimeout(function(){ setTimeout(approveFullscreen, 0); }, 0);
-        } else {
-          SimpleTest.finish();
-        }
-      }, false);
-      
-      function start() {
-        div.mozRequestFullScreen();
-      }
-    </script>
-  </pre>
-</body>
-</html>

dom/tests/mochitest/pointerlock/mochitest.ini

@@ -1,7 +1,6 @@
 [DEFAULT]
 support-files =
   pointerlock_utils.js
-  file_approval.html
   file_pointerlock-api.html
   file_pointerlockerror.html
   file_escapeKey.html

dom/tests/mochitest/pointerlock/test_pointerlock-api.html

@@ -28,10 +28,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=633602
 
         SimpleTest.waitForExplicitFinish();
 
-        // Grant "fullscreen" permission on the test domain. This means fullscreen will be
-        // automatically approved, so pointer lock in the tests will be too.
-        SpecialPowers.setFullscreenAllowed(document);
-
         SpecialPowers.pushPrefEnv({"set": [
           ["full-screen-api.enabled", true],
           ["full-screen-api.allow-trusted-requests-only", false],
@@ -43,7 +39,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=633602
         // normally run in an iframe, which by default will not have the
         // allowfullscreen attribute set, so full-screen won't work.
         var gTestFiles = [
-          "file_approval.html",
           "file_screenClientXYConst.html",
           "file_childIframe.html",
           "file_doubleLock.html",
@@ -72,11 +67,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=633602
         var gTestWindow = null;
         var gTestIndex = 0;
 
-        function finish() {
-          SpecialPowers.removeFullscreenAllowed(document)
-          SimpleTest.finish();
-        }
-
         function nextTest() {
           if (gTestWindow) {
             gTestWindow.close();
@@ -103,7 +93,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=633602
               nextTest();
             }
           } else {
-            finish();
+            SimpleTest.finish();
           }
         }
       </script>

testing/specialpowers/content/specialpowersAPI.js

@@ -1820,16 +1820,6 @@ SpecialPowersAPI.prototype = {
                                   .messageManager);
   },
 
-  setFullscreenAllowed: function(document) {
-    Services.perms.addFromPrincipal(document.nodePrincipal, "fullscreen",
-				     Ci.nsIPermissionManager.ALLOW_ACTION);
-    Services.obs.notifyObservers(document, "fullscreen-approved", null);
-  },
-
-  removeFullscreenAllowed: function(document) {
-    Services.perms.removeFromPrincipal(document.nodePrincipal, "fullscreen");
-  },
-
   _getInfoFromPermissionArg: function(arg) {
     let url = "";
     let appId = Ci.nsIScriptSecurityManager.NO_APP_ID;

webapprt/locales/en-US/webapprt/overrides/dom.properties

@@ -65,7 +65,6 @@ nsIJSONDecodeDeprecatedWarning=nsIJSON.decode is deprecated. Please use JSON.par
 nsIJSONEncodeDeprecatedWarning=nsIJSON.encode is deprecated. Please use JSON.stringify instead.
 nsIDOMWindowInternalWarning=Use of nsIDOMWindowInternal is deprecated. Use nsIDOMWindow instead.
 InputEncodingWarning=Use of inputEncoding is deprecated.
-FullScreenDeniedBlocked=Request for full-screen was denied because this domain has been blocked from full-screen by user.
 FullScreenDeniedDisabled=Request for full-screen was denied because full-screen API is disabled by user preference.
 FullScreenDeniedFocusedPlugin=Request for full-screen was denied because a windowed plugin is focused.
 FullScreenDeniedHidden=Request for full-screen was denied because the document is no longer visible.