/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /** * PermissionUI is responsible for exposing both a prototype * PermissionPrompt that can be used by arbitrary browser * components and add-ons, but also hosts the implementations of * built-in permission prompts. * * If you're developing a feature that requires web content to ask * for special permissions from the user, this module is for you. * * Suppose a system add-on wants to add a new prompt for a new request * for getting more low-level access to the user's sound card, and the * permission request is coming up from content by way of the * nsContentPermissionHelper. The system add-on could then do the following: * * const { Integration } = ChromeUtils.importESModule( * "resource://gre/modules/Integration.sys.mjs" * ); * const { PermissionUI } = ChromeUtils.importESModule( * "resource:///modules/PermissionUI.sys.mjs" * ); * * const SoundCardIntegration = base => { * let soundCardObj = { * createPermissionPrompt(type, request) { * if (type != "sound-api") { * return super.createPermissionPrompt(...arguments); * } * * let permissionPrompt = { * get permissionKey() { * return "sound-permission"; * } * // etc - see the documentation for PermissionPrompt for * // a better idea of what things one can and should override. * }; * Object.setPrototypeOf( * permissionPrompt, * PermissionUI.PermissionPromptForRequest * ); * return permissionPrompt; * }, * }; * Object.setPrototypeOf(soundCardObj, base); * return soundCardObj; * }; * * // Add-on startup: * Integration.contentPermission.register(SoundCardIntegration); * // ... * // Add-on shutdown: * Integration.contentPermission.unregister(SoundCardIntegration); * * Note that PermissionPromptForRequest must be used as the * prototype, since the prompt is wrapping an nsIContentPermissionRequest, * and going through nsIContentPermissionPrompt. * * It is, however, possible to take advantage of PermissionPrompt without * having to go through nsIContentPermissionPrompt or with a * nsIContentPermissionRequest. The PermissionPrompt can be * imported, subclassed, and have prompt() called directly, without * the caller having called into createPermissionPrompt. */ import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { AddonManager: "resource://gre/modules/AddonManager.sys.mjs", PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs", SitePermissions: "resource:///modules/SitePermissions.sys.mjs", }); XPCOMUtils.defineLazyServiceGetter( lazy, "IDNService", "@mozilla.org/network/idn-service;1", "nsIIDNService" ); XPCOMUtils.defineLazyServiceGetter( lazy, "ContentPrefService2", "@mozilla.org/content-pref/service;1", "nsIContentPrefService2" ); ChromeUtils.defineLazyGetter(lazy, "gBrowserBundle", function () { return Services.strings.createBundle( "chrome://browser/locale/browser.properties" ); }); import { SITEPERMS_ADDON_PROVIDER_PREF } from "resource://gre/modules/addons/siteperms-addon-utils.sys.mjs"; XPCOMUtils.defineLazyPreferenceGetter( lazy, "sitePermsAddonsProviderEnabled", SITEPERMS_ADDON_PROVIDER_PREF, false ); /** * PermissionPrompt should be subclassed by callers that * want to display prompts to the user. See each method and property * below for guidance on what to override. * * Note that if you're creating a prompt for an * nsIContentPermissionRequest, you'll want to subclass * PermissionPromptForRequest instead. */ class PermissionPrompt { /** * Returns the associated for the request. This should * work for the e10s and non-e10s case. * * Subclasses must override this. * * @return {} */ get browser() { throw new Error("Not implemented."); } /** * Returns the nsIPrincipal associated with the request. * * Subclasses must override this. * * @return {nsIPrincipal} */ get principal() { throw new Error("Not implemented."); } /** * Indicates the type of the permission request from content. This type might * be different from the permission key used in the permissions database. */ get type() { return undefined; } /** * If the nsIPermissionManager is being queried and written * to for this permission request, set this to the key to be * used. If this is undefined, no integration with temporary * permissions infrastructure will be provided. * * Note that if a permission is set, in any follow-up * prompting within the expiry window of that permission, * the prompt will be skipped and the allow or deny choice * will be selected automatically. */ get permissionKey() { return undefined; } /** * If true, user permissions will be read from and written to. * When this is false, we still provide integration with * infrastructure such as temporary permissions. permissionKey should * still return a valid name in those cases for that integration to work. */ get usePermissionManager() { return true; } /** * Indicates what URI should be used as the scope when using temporary * permissions. If undefined, it defaults to the browser.currentURI. */ get temporaryPermissionURI() { return undefined; } /** * These are the options that will be passed to the PopupNotification when it * is shown. See the documentation of `PopupNotifications_show` in * PopupNotifications.sys.mjs for details. * * Note that prompt() will automatically set displayURI to * be the URI of the requesting pricipal, unless the displayURI is exactly * set to false. */ get popupOptions() { return {}; } /** * If true, automatically denied permission requests will * spawn a "post-prompt" that allows the user to correct the * automatic denial by giving permanent permission access to * the site. * * Note that if this function returns true, the permissionKey * and postPromptActions attributes must be implemented. */ get postPromptEnabled() { return false; } /** * If true, the prompt will be cancelled automatically unless * request.hasValidTransientUserGestureActivation is true. */ get requiresUserInput() { return false; } /** * PopupNotification requires a unique ID to open the notification. * You must return a unique ID string here, for which PopupNotification * will then create a node with the ID * "-notification". * * If there's a custom you're hoping to show, * then you need to make sure its ID has the "-notification" suffix, * and then return the prefix here. * * See PopupNotifications.sys.mjs for more details. * * @return {string} * The unique ID that will be used to as the * "-notification" ID for the * to use or create. */ get notificationID() { throw new Error("Not implemented."); } /** * The ID of the element to anchor the PopupNotification to. * * @return {string} */ get anchorID() { return "default-notification-icon"; } /** * The message to show to the user in the PopupNotification, see * `PopupNotifications_show` in PopupNotifications.sys.mjs. * * Subclasses must override this. * * @return {string} */ get message() { throw new Error("Not implemented."); } /** * Provides the preferred name to use in the permission popups, * based on the principal URI (the URI.hostPort for any URI scheme * besides the moz-extension one which should default to the * extension name). */ getPrincipalName(principal = this.principal) { if (principal.addonPolicy) { return principal.addonPolicy.name; } return principal.hostPort; } /** * This will be called if the request is to be cancelled. * * Subclasses only need to override this if they provide a * permissionKey. */ cancel() { throw new Error("Not implemented."); } /** * This will be called if the request is to be allowed. * * Subclasses only need to override this if they provide a * permissionKey. */ allow() { throw new Error("Not implemented."); } /** * The actions that will be displayed in the PopupNotification * via a dropdown menu. The first item in this array will be * the default selection. Each action is an Object with the * following properties: * * label (string): * The label that will be displayed for this choice. * accessKey (string): * The access key character that will be used for this choice. * action (SitePermissions state) * The action that will be associated with this choice. * This should be either SitePermissions.ALLOW or SitePermissions.BLOCK. * scope (SitePermissions scope) * The scope of the associated action (e.g. SitePermissions.SCOPE_PERSISTENT) * * callback (function, optional) * A callback function that will fire if the user makes this choice, with * a single parameter, state. State is an Object that contains the property * checkboxChecked, which identifies whether the checkbox to remember this * decision was checked. */ get promptActions() { return []; } /** * The actions that will be displayed in the PopupNotification * for post-prompt notifications via a dropdown menu. * The first item in this array will be the default selection. * Each action is an Object with the following properties: * * label (string): * The label that will be displayed for this choice. * accessKey (string): * The access key character that will be used for this choice. * action (SitePermissions state) * The action that will be associated with this choice. * This should be either SitePermissions.ALLOW or SitePermissions.BLOCK. * Note that the scope of this action will always be persistent. * * callback (function, optional) * A callback function that will fire if the user makes this choice. */ get postPromptActions() { return null; } /** * If the prompt will be shown to the user, this callback will * be called just before. Subclasses may want to override this * in order to, for example, bump a counter Telemetry probe for * how often a particular permission request is seen. * * If this returns false, it cancels the process of showing the prompt. In * that case, it is the responsibility of the onBeforeShow() implementation * to ensure that allow() or cancel() are called on the object appropriately. */ onBeforeShow() { return true; } /** * If the prompt was shown to the user, this callback will be called just * after it's been shown. */ onShown() {} /** * If the prompt was shown to the user, this callback will be called just * after it's been hidden. */ onAfterShow() {} /** * Will determine if a prompt should be shown to the user, and if so, * will show it. * * If a permissionKey is defined prompt() might automatically * allow or cancel itself based on the user's current * permission settings without displaying the prompt. * * If the permission is not already set and the that the request * is associated with does not belong to a browser window with the * PopupNotifications global set, the prompt request is ignored. */ prompt() { // We ignore requests from non-nsIStandardURLs let requestingURI = this.principal.URI; if (!(requestingURI instanceof Ci.nsIStandardURL)) { return; } if (this.usePermissionManager && this.permissionKey) { // If we're reading and setting permissions, then we need // to check to see if we already have a permission setting // for this particular principal. let { state } = lazy.SitePermissions.getForPrincipal( this.principal, this.permissionKey, this.browser, this.temporaryPermissionURI ); if (state == lazy.SitePermissions.BLOCK) { this.cancel(); return; } if ( state == lazy.SitePermissions.ALLOW && !this.request.isRequestDelegatedToUnsafeThirdParty ) { this.allow(); return; } } else if (this.permissionKey) { // If we're reading a permission which already has a temporary value, // see if we can use the temporary value. let { state } = lazy.SitePermissions.getForPrincipal( null, this.permissionKey, this.browser, this.temporaryPermissionURI ); if (state == lazy.SitePermissions.BLOCK) { this.cancel(); return; } } if ( this.requiresUserInput && !this.request.hasValidTransientUserGestureActivation ) { if (this.postPromptEnabled) { this.postPrompt(); } this.cancel(); return; } let chromeWin = this.browser.ownerGlobal; if (!chromeWin.PopupNotifications) { this.cancel(); return; } // Transform the PermissionPrompt actions into PopupNotification actions. let popupNotificationActions = []; for (let promptAction of this.promptActions) { let action = { label: promptAction.label, accessKey: promptAction.accessKey, callback: state => { if (promptAction.callback) { promptAction.callback(); } if (this.usePermissionManager && this.permissionKey) { if ( (state && state.checkboxChecked && state.source != "esc-press") || promptAction.scope == lazy.SitePermissions.SCOPE_PERSISTENT ) { // Permanently store permission. let scope = lazy.SitePermissions.SCOPE_PERSISTENT; // Only remember permission for session if in PB mode. if (lazy.PrivateBrowsingUtils.isBrowserPrivate(this.browser)) { scope = lazy.SitePermissions.SCOPE_SESSION; } lazy.SitePermissions.setForPrincipal( this.principal, this.permissionKey, promptAction.action, scope ); } else if (promptAction.action == lazy.SitePermissions.BLOCK) { // Temporarily store BLOCK permissions only // SitePermissions does not consider subframes when storing temporary // permissions on a tab, thus storing ALLOW could be exploited. lazy.SitePermissions.setForPrincipal( this.principal, this.permissionKey, promptAction.action, lazy.SitePermissions.SCOPE_TEMPORARY, this.browser ); } // Grant permission if action is ALLOW. if (promptAction.action == lazy.SitePermissions.ALLOW) { this.allow(); } else { this.cancel(); } } else if (this.permissionKey) { // TODO: Add support for permitTemporaryAllow if (promptAction.action == lazy.SitePermissions.BLOCK) { // Temporarily store BLOCK permissions. // We don't consider subframes when storing temporary // permissions on a tab, thus storing ALLOW could be exploited. lazy.SitePermissions.setForPrincipal( null, this.permissionKey, promptAction.action, lazy.SitePermissions.SCOPE_TEMPORARY, this.browser ); } } }, }; if (promptAction.dismiss) { action.dismiss = promptAction.dismiss; } popupNotificationActions.push(action); } this.#showNotification(popupNotificationActions); } postPrompt() { let browser = this.browser; let principal = this.principal; let chromeWin = browser.ownerGlobal; if (!chromeWin.PopupNotifications) { return; } if (!this.permissionKey) { throw new Error("permissionKey is required to show a post-prompt"); } if (!this.postPromptActions) { throw new Error("postPromptActions are required to show a post-prompt"); } // Transform the PermissionPrompt actions into PopupNotification actions. let popupNotificationActions = []; for (let promptAction of this.postPromptActions) { let action = { label: promptAction.label, accessKey: promptAction.accessKey, callback: state => { if (promptAction.callback) { promptAction.callback(); } // Post-prompt permissions are stored permanently by default. // Since we can not reply to the original permission request anymore, // the page will need to listen for permission changes which are triggered // by permanent entries in the permission manager. let scope = lazy.SitePermissions.SCOPE_PERSISTENT; // Only remember permission for session if in PB mode. if (lazy.PrivateBrowsingUtils.isBrowserPrivate(browser)) { scope = lazy.SitePermissions.SCOPE_SESSION; } lazy.SitePermissions.setForPrincipal( principal, this.permissionKey, promptAction.action, scope ); }, }; popupNotificationActions.push(action); } // Post-prompt animation if (!chromeWin.gReduceMotion) { let anchor = chromeWin.document.getElementById(this.anchorID); // Only show the animation on the first request, not after e.g. tab switching. anchor.addEventListener( "animationend", () => anchor.removeAttribute("animate"), { once: true } ); anchor.setAttribute("animate", "true"); } this.#showNotification(popupNotificationActions, true); } #showNotification(actions, postPrompt = false) { let chromeWin = this.browser.ownerGlobal; let mainAction = actions.length ? actions[0] : null; let secondaryActions = actions.splice(1); let options = this.popupOptions; if (!options.hasOwnProperty("displayURI") || options.displayURI) { options.displayURI = this.principal.URI; } if (!postPrompt) { // Permission prompts are always persistent; the close button is controlled by a pref. options.persistent = true; options.hideClose = true; } options.eventCallback = (topic, nextRemovalReason, isCancel) => { // When the docshell of the browser is aboout to be swapped to another one, // the "swapping" event is called. Returning true causes the notification // to be moved to the new browser. if (topic == "swapping") { return true; } // The prompt has been shown, notify the PermissionUI. // onShown() is currently not called for post-prompts, // because there is no prompt that would make use of this. // You can remove this restriction if you need it, but be // mindful of other consumers. if (topic == "shown" && !postPrompt) { this.onShown(); } // The prompt has been removed, notify the PermissionUI. // onAfterShow() is currently not called for post-prompts, // because there is no prompt that would make use of this. // You can remove this restriction if you need it, but be // mindful of other consumers. if (topic == "removed" && !postPrompt) { if (isCancel) { this.cancel(); } this.onAfterShow(); } return false; }; // Post-prompts show up as dismissed. options.dismissed = postPrompt; // onBeforeShow() is currently not called for post-prompts, // because there is no prompt that would make use of this. // You can remove this restriction if you need it, but be // mindful of other consumers. if (postPrompt || this.onBeforeShow() !== false) { chromeWin.PopupNotifications.show( this.browser, this.notificationID, this.message, this.anchorID, mainAction, secondaryActions, options ); } } } /** * A subclass of PermissionPrompt that assumes * that this.request is an nsIContentPermissionRequest * and fills in some of the required properties on the * PermissionPrompt. For callers that are wrapping an * nsIContentPermissionRequest, this should be subclassed * rather than PermissionPrompt. */ class PermissionPromptForRequest extends PermissionPrompt { get browser() { // In the e10s-case, the will be at request.element. // In the single-process case, we have to use some XPCOM incantations // to resolve to the . if (this.request.element) { return this.request.element; } return this.request.window.docShell.chromeEventHandler; } get principal() { let request = this.request.QueryInterface(Ci.nsIContentPermissionRequest); return request.getDelegatePrincipal(this.type); } cancel() { this.request.cancel(); } allow(choices) { this.request.allow(choices); } } /** * A subclass of PermissionPromptForRequest that prompts * for a Synthetic SitePermsAddon addon type and starts a synthetic * addon install flow. */ class SitePermsAddonInstallRequest extends PermissionPromptForRequest { prompt() { // fallback to regular permission prompt for localhost, // or when the SitePermsAddonProvider is not enabled. if (this.principal.isLoopbackHost || !lazy.sitePermsAddonsProviderEnabled) { super.prompt(); return; } // Otherwise, we'll use the addon install flow. lazy.AddonManager.installSitePermsAddonFromWebpage( this.browser, this.principal, this.permName ).then( () => { this.allow(); }, err => { this.cancel(); // Print an error message in the console to give more information to the developer. let scriptErrorClass = Cc["@mozilla.org/scripterror;1"]; let errorMessage = this.getInstallErrorMessage(err) || `${this.permName} access was rejected: ${err.message}`; let scriptError = scriptErrorClass.createInstance(Ci.nsIScriptError); scriptError.initWithWindowID( errorMessage, null, null, 0, 0, 0, "content javascript", this.browser.browsingContext.currentWindowGlobal.innerWindowId ); Services.console.logMessage(scriptError); } ); } /** * Returns an error message that will be printed to the console given a passed Component.Exception. * This should be overriden by children classes. * * @param {Components.Exception} err * @returns {String} The error message */ getInstallErrorMessage(err) { return null; } } /** * Creates a PermissionPrompt for a nsIContentPermissionRequest for * the GeoLocation API. * * @param request (nsIContentPermissionRequest) * The request for a permission from content. */ class GeolocationPermissionPrompt extends PermissionPromptForRequest { constructor(request) { super(); this.request = request; } get type() { return "geo"; } get permissionKey() { return "geo"; } get popupOptions() { let pref = "browser.geolocation.warning.infoURL"; let options = { learnMoreURL: Services.urlFormatter.formatURLPref(pref), displayURI: false, name: this.getPrincipalName(), }; // Don't offer "always remember" action in PB mode options.checkbox = { show: !lazy.PrivateBrowsingUtils.isWindowPrivate( this.browser.ownerGlobal ), }; if (this.request.isRequestDelegatedToUnsafeThirdParty) { // Second name should be the third party origin options.secondName = this.getPrincipalName(this.request.principal); options.checkbox = { show: false }; } if (options.checkbox.show) { options.checkbox.label = lazy.gBrowserBundle.GetStringFromName( "geolocation.remember" ); } return options; } get notificationID() { return "geolocation"; } get anchorID() { return "geo-notification-icon"; } get message() { if (this.principal.schemeIs("file")) { return lazy.gBrowserBundle.GetStringFromName( "geolocation.shareWithFile4" ); } if (this.request.isRequestDelegatedToUnsafeThirdParty) { return lazy.gBrowserBundle.formatStringFromName( "geolocation.shareWithSiteUnsafeDelegation2", ["<>", "{}"] ); } return lazy.gBrowserBundle.formatStringFromName( "geolocation.shareWithSite4", ["<>"] ); } get promptActions() { return [ { label: lazy.gBrowserBundle.GetStringFromName("geolocation.allow"), accessKey: lazy.gBrowserBundle.GetStringFromName( "geolocation.allow.accesskey" ), action: lazy.SitePermissions.ALLOW, }, { label: lazy.gBrowserBundle.GetStringFromName("geolocation.block"), accessKey: lazy.gBrowserBundle.GetStringFromName( "geolocation.block.accesskey" ), action: lazy.SitePermissions.BLOCK, }, ]; } #updateGeoSharing(state) { let gBrowser = this.browser.ownerGlobal.gBrowser; if (gBrowser == null) { return; } gBrowser.updateBrowserSharing(this.browser, { geo: state }); // Update last access timestamp let host; try { host = this.browser.currentURI.host; } catch (e) { return; } if (host == null || host == "") { return; } lazy.ContentPrefService2.set( this.browser.currentURI.host, "permissions.geoLocation.lastAccess", new Date().toString(), this.browser.loadContext ); } allow(...args) { this.#updateGeoSharing(true); super.allow(...args); } cancel(...args) { this.#updateGeoSharing(false); super.cancel(...args); } } /** * Creates a PermissionPrompt for a nsIContentPermissionRequest for * the WebXR API. * * @param request (nsIContentPermissionRequest) * The request for a permission from content. */ class XRPermissionPrompt extends PermissionPromptForRequest { constructor(request) { super(); this.request = request; } get type() { return "xr"; } get permissionKey() { return "xr"; } get popupOptions() { let pref = "browser.xr.warning.infoURL"; let options = { learnMoreURL: Services.urlFormatter.formatURLPref(pref), displayURI: false, name: this.getPrincipalName(), }; // Don't offer "always remember" action in PB mode options.checkbox = { show: !lazy.PrivateBrowsingUtils.isWindowPrivate( this.browser.ownerGlobal ), }; if (options.checkbox.show) { options.checkbox.label = lazy.gBrowserBundle.GetStringFromName("xr.remember"); } return options; } get notificationID() { return "xr"; } get anchorID() { return "xr-notification-icon"; } get message() { if (this.principal.schemeIs("file")) { return lazy.gBrowserBundle.GetStringFromName("xr.shareWithFile4"); } return lazy.gBrowserBundle.formatStringFromName("xr.shareWithSite4", [ "<>", ]); } get promptActions() { return [ { label: lazy.gBrowserBundle.GetStringFromName("xr.allow2"), accessKey: lazy.gBrowserBundle.GetStringFromName("xr.allow2.accesskey"), action: lazy.SitePermissions.ALLOW, }, { label: lazy.gBrowserBundle.GetStringFromName("xr.block"), accessKey: lazy.gBrowserBundle.GetStringFromName("xr.block.accesskey"), action: lazy.SitePermissions.BLOCK, }, ]; } #updateXRSharing(state) { let gBrowser = this.browser.ownerGlobal.gBrowser; if (gBrowser == null) { return; } gBrowser.updateBrowserSharing(this.browser, { xr: state }); let devicePermOrigins = this.browser.getDevicePermissionOrigins("xr"); if (!state) { devicePermOrigins.delete(this.principal.origin); return; } devicePermOrigins.add(this.principal.origin); } allow(...args) { this.#updateXRSharing(true); super.allow(...args); } cancel(...args) { this.#updateXRSharing(false); super.cancel(...args); } } /** * Creates a PermissionPrompt for a nsIContentPermissionRequest for * the Desktop Notification API. * * @param request (nsIContentPermissionRequest) * The request for a permission from content. * @return {PermissionPrompt} (see documentation in header) */ class DesktopNotificationPermissionPrompt extends PermissionPromptForRequest { constructor(request) { super(); this.request = request; XPCOMUtils.defineLazyPreferenceGetter( this, "requiresUserInput", "dom.webnotifications.requireuserinteraction" ); XPCOMUtils.defineLazyPreferenceGetter( this, "postPromptEnabled", "permissions.desktop-notification.postPrompt.enabled" ); XPCOMUtils.defineLazyPreferenceGetter( this, "notNowEnabled", "permissions.desktop-notification.notNow.enabled" ); } get type() { return "desktop-notification"; } get permissionKey() { return "desktop-notification"; } get popupOptions() { let learnMoreURL = Services.urlFormatter.formatURLPref("app.support.baseURL") + "push"; return { learnMoreURL, displayURI: false, name: this.getPrincipalName(), }; } get notificationID() { return "web-notifications"; } get anchorID() { return "web-notifications-notification-icon"; } get message() { return lazy.gBrowserBundle.formatStringFromName( "webNotifications.receiveFromSite3", ["<>"] ); } get promptActions() { let actions = [ { label: lazy.gBrowserBundle.GetStringFromName("webNotifications.allow2"), accessKey: lazy.gBrowserBundle.GetStringFromName( "webNotifications.allow2.accesskey" ), action: lazy.SitePermissions.ALLOW, scope: lazy.SitePermissions.SCOPE_PERSISTENT, }, ]; if (this.notNowEnabled) { actions.push({ label: lazy.gBrowserBundle.GetStringFromName("webNotifications.notNow"), accessKey: lazy.gBrowserBundle.GetStringFromName( "webNotifications.notNow.accesskey" ), action: lazy.SitePermissions.BLOCK, }); } let isBrowserPrivate = lazy.PrivateBrowsingUtils.isBrowserPrivate( this.browser ); actions.push({ label: isBrowserPrivate ? lazy.gBrowserBundle.GetStringFromName("webNotifications.block") : lazy.gBrowserBundle.GetStringFromName("webNotifications.alwaysBlock"), accessKey: isBrowserPrivate ? lazy.gBrowserBundle.GetStringFromName( "webNotifications.block.accesskey" ) : lazy.gBrowserBundle.GetStringFromName( "webNotifications.alwaysBlock.accesskey" ), action: lazy.SitePermissions.BLOCK, scope: isBrowserPrivate ? lazy.SitePermissions.SCOPE_SESSION : lazy.SitePermissions.SCOPE_PERSISTENT, }); return actions; } get postPromptActions() { let actions = [ { label: lazy.gBrowserBundle.GetStringFromName("webNotifications.allow2"), accessKey: lazy.gBrowserBundle.GetStringFromName( "webNotifications.allow2.accesskey" ), action: lazy.SitePermissions.ALLOW, }, ]; let isBrowserPrivate = lazy.PrivateBrowsingUtils.isBrowserPrivate( this.browser ); actions.push({ label: isBrowserPrivate ? lazy.gBrowserBundle.GetStringFromName("webNotifications.block") : lazy.gBrowserBundle.GetStringFromName("webNotifications.alwaysBlock"), accessKey: isBrowserPrivate ? lazy.gBrowserBundle.GetStringFromName( "webNotifications.block.accesskey" ) : lazy.gBrowserBundle.GetStringFromName( "webNotifications.alwaysBlock.accesskey" ), action: lazy.SitePermissions.BLOCK, }); return actions; } } /** * Creates a PermissionPrompt for a nsIContentPermissionRequest for * the persistent-storage API. * * @param request (nsIContentPermissionRequest) * The request for a permission from content. */ class PersistentStoragePermissionPrompt extends PermissionPromptForRequest { constructor(request) { super(); this.request = request; } get type() { return "persistent-storage"; } get permissionKey() { return "persistent-storage"; } get popupOptions() { let learnMoreURL = Services.urlFormatter.formatURLPref("app.support.baseURL") + "storage-permissions"; return { learnMoreURL, displayURI: false, name: this.getPrincipalName(), }; } get notificationID() { return "persistent-storage"; } get anchorID() { return "persistent-storage-notification-icon"; } get message() { return lazy.gBrowserBundle.formatStringFromName( "persistentStorage.allowWithSite2", ["<>"] ); } get promptActions() { return [ { label: lazy.gBrowserBundle.GetStringFromName("persistentStorage.allow"), accessKey: lazy.gBrowserBundle.GetStringFromName( "persistentStorage.allow.accesskey" ), action: Ci.nsIPermissionManager.ALLOW_ACTION, scope: lazy.SitePermissions.SCOPE_PERSISTENT, }, { label: lazy.gBrowserBundle.GetStringFromName( "persistentStorage.block.label" ), accessKey: lazy.gBrowserBundle.GetStringFromName( "persistentStorage.block.accesskey" ), action: lazy.SitePermissions.BLOCK, }, ]; } } /** * Creates a PermissionPrompt for a nsIContentPermissionRequest for * the WebMIDI API. * * @param request (nsIContentPermissionRequest) * The request for a permission from content. */ class MIDIPermissionPrompt extends SitePermsAddonInstallRequest { constructor(request) { super(); this.request = request; let types = request.types.QueryInterface(Ci.nsIArray); let perm = types.queryElementAt(0, Ci.nsIContentPermissionType); this.isSysexPerm = !!perm.options.length && perm.options.queryElementAt(0, Ci.nsISupportsString) == "sysex"; this.permName = "midi"; if (this.isSysexPerm) { this.permName = "midi-sysex"; } } get type() { return "midi"; } get permissionKey() { return this.permName; } get popupOptions() { // TODO (bug 1433235) We need a security/permissions explanation URL for this let options = { displayURI: false, name: this.getPrincipalName(), }; // Don't offer "always remember" action in PB mode options.checkbox = { show: !lazy.PrivateBrowsingUtils.isWindowPrivate( this.browser.ownerGlobal ), }; if (options.checkbox.show) { options.checkbox.label = lazy.gBrowserBundle.GetStringFromName("midi.remember"); } return options; } get notificationID() { return "midi"; } get anchorID() { return "midi-notification-icon"; } get message() { let message; if (this.principal.schemeIs("file")) { if (this.isSysexPerm) { message = lazy.gBrowserBundle.GetStringFromName( "midi.shareSysexWithFile" ); } else { message = lazy.gBrowserBundle.GetStringFromName("midi.shareWithFile"); } } else if (this.isSysexPerm) { message = lazy.gBrowserBundle.formatStringFromName( "midi.shareSysexWithSite", ["<>"] ); } else { message = lazy.gBrowserBundle.formatStringFromName("midi.shareWithSite", [ "<>", ]); } return message; } get promptActions() { return [ { label: lazy.gBrowserBundle.GetStringFromName("midi.allow.label"), accessKey: lazy.gBrowserBundle.GetStringFromName( "midi.allow.accesskey" ), action: Ci.nsIPermissionManager.ALLOW_ACTION, }, { label: lazy.gBrowserBundle.GetStringFromName("midi.block.label"), accessKey: lazy.gBrowserBundle.GetStringFromName( "midi.block.accesskey" ), action: Ci.nsIPermissionManager.DENY_ACTION, }, ]; } /** * @override * @param {Components.Exception} err * @returns {String} */ getInstallErrorMessage(err) { return `WebMIDI access request was denied: ❝${err.message}❞. See https://developer.mozilla.org/docs/Web/API/Navigator/requestMIDIAccess for more information`; } } class StorageAccessPermissionPrompt extends PermissionPromptForRequest { #permissionKey; constructor(request) { super(); this.request = request; this.siteOption = null; this.#permissionKey = `3rdPartyStorage${lazy.SitePermissions.PERM_KEY_DELIMITER}${this.principal.origin}`; let types = this.request.types.QueryInterface(Ci.nsIArray); let perm = types.queryElementAt(0, Ci.nsIContentPermissionType); let options = perm.options.QueryInterface(Ci.nsIArray); // If we have an option, the permission request is different in some way. // We may be in a call from requestStorageAccessUnderSite or a frame-scoped // request, which means that the embedding principal is not the current top-level // or the permission key is different. if (options.length != 2) { return; } let topLevelOption = options.queryElementAt(0, Ci.nsISupportsString).data; if (topLevelOption) { this.siteOption = topLevelOption; } let frameOption = options.queryElementAt(1, Ci.nsISupportsString).data; if (frameOption) { // We replace the permission key with a frame-specific one that only has a site after the delimiter this.#permissionKey = `3rdPartyFrameStorage${lazy.SitePermissions.PERM_KEY_DELIMITER}${this.principal.siteOrigin}`; } } get usePermissionManager() { return false; } get type() { return "storage-access"; } get permissionKey() { // Make sure this name is unique per each third-party tracker return this.#permissionKey; } get temporaryPermissionURI() { if (this.siteOption) { return Services.io.newURI(this.siteOption); } return undefined; } prettifyHostPort(hostport) { let [host, port] = hostport.split(":"); host = lazy.IDNService.convertToDisplayIDN(host, {}); if (port) { return `${host}:${port}`; } return host; } get popupOptions() { let learnMoreURL = Services.urlFormatter.formatURLPref("app.support.baseURL") + "third-party-cookies"; let hostPort = this.prettifyHostPort(this.principal.hostPort); let hintText = lazy.gBrowserBundle.formatStringFromName( "storageAccess1.hintText", [hostPort] ); return { learnMoreURL, displayURI: false, hintText, escAction: "secondarybuttoncommand", }; } get notificationID() { return "storage-access"; } get anchorID() { return "storage-access-notification-icon"; } get message() { let embeddingHost = this.topLevelPrincipal.host; if (this.siteOption) { embeddingHost = this.siteOption.split("://").at(-1); } return lazy.gBrowserBundle.formatStringFromName("storageAccess4.message", [ this.prettifyHostPort(this.principal.hostPort), this.prettifyHostPort(embeddingHost), ]); } get promptActions() { let self = this; return [ { label: lazy.gBrowserBundle.GetStringFromName( "storageAccess1.Allow.label" ), accessKey: lazy.gBrowserBundle.GetStringFromName( "storageAccess1.Allow.accesskey" ), action: Ci.nsIPermissionManager.ALLOW_ACTION, callback(state) { self.allow({ "storage-access": "allow" }); }, }, { label: lazy.gBrowserBundle.GetStringFromName( "storageAccess1.DontAllow.label" ), accessKey: lazy.gBrowserBundle.GetStringFromName( "storageAccess1.DontAllow.accesskey" ), action: Ci.nsIPermissionManager.DENY_ACTION, callback(state) { self.cancel(); }, }, ]; } get topLevelPrincipal() { return this.request.topLevelPrincipal; } } export const PermissionUI = { PermissionPromptForRequest, GeolocationPermissionPrompt, XRPermissionPrompt, DesktopNotificationPermissionPrompt, PersistentStoragePermissionPrompt, MIDIPermissionPrompt, StorageAccessPermissionPrompt, };