summaryrefslogtreecommitdiffstats
path: root/browser/extensions/webcompat/shims/blogger.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /browser/extensions/webcompat/shims/blogger.js
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--browser/extensions/webcompat/shims/blogger.js39
1 files changed, 39 insertions, 0 deletions
diff --git a/browser/extensions/webcompat/shims/blogger.js b/browser/extensions/webcompat/shims/blogger.js
new file mode 100644
index 0000000000..a474b3c5e9
--- /dev/null
+++ b/browser/extensions/webcompat/shims/blogger.js
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* globals exportFunction */
+
+"use strict";
+
+/**
+ * Blogger powered blogs rely on storage access to https://blogger.com to enable
+ * oauth with Google. For dFPI, sites need to use the Storage Access API to gain
+ * first party storage access. This shim calls requestStorageAccess on behalf of
+ * the site when a user wants to log in via oauth.
+ */
+
+console.warn(
+ `When using oauth, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1776869 for details.`
+);
+
+const GOOGLE_OAUTH_PATH_PREFIX = "https://accounts.google.com/ServiceLogin";
+
+// Overwrite the window.open method so we can detect oauth related popups.
+const origOpen = window.wrappedJSObject.open;
+Object.defineProperty(window.wrappedJSObject, "open", {
+ value: exportFunction((url, ...args) => {
+ // Filter oauth popups.
+ if (!url.startsWith(GOOGLE_OAUTH_PATH_PREFIX)) {
+ return origOpen(url, ...args);
+ }
+ // Request storage access for the Blogger iframe.
+ document.requestStorageAccess().then(() => {
+ origOpen(url, ...args);
+ });
+ // We don't have the window object yet which window.open returns, since the
+ // sign-in flow is dependent on the async storage access request. This isn't
+ // a problem as long as the website does not consume it.
+ return null;
+ }, window),
+});