summaryrefslogtreecommitdiffstats
path: root/browser/extensions/webcompat/shims/crave-ca.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /browser/extensions/webcompat/shims/crave-ca.js
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'browser/extensions/webcompat/shims/crave-ca.js')
-rw-r--r--browser/extensions/webcompat/shims/crave-ca.js56
1 files changed, 56 insertions, 0 deletions
diff --git a/browser/extensions/webcompat/shims/crave-ca.js b/browser/extensions/webcompat/shims/crave-ca.js
new file mode 100644
index 0000000000..b4d93ccdfa
--- /dev/null
+++ b/browser/extensions/webcompat/shims/crave-ca.js
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/*
+ * Bug 1746439 - crave.ca login broken with dFPI enabled
+ *
+ * Crave.ca relies upon a login page that is out-of-origin. That login page
+ * sets a cookie for https://www.crave.ca, which is then used as an proof of
+ * authentication on redirect back to the main site. This shim adds a request
+ * for storage access for https://www.crave.ca when the user tries to log in.
+ */
+
+console.warn(
+ `When logging in, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1746439 for details.`
+);
+
+// Third-party origin we need to request storage access for.
+const STORAGE_ACCESS_ORIGIN = "https://www.crave.ca";
+
+document.documentElement.addEventListener(
+ "click",
+ e => {
+ const { target, isTrusted } = e;
+ if (!isTrusted) {
+ return;
+ }
+ const button = target.closest("button");
+ if (!button) {
+ return;
+ }
+ const form = target.closest(".login-form");
+ if (!form) {
+ return;
+ }
+
+ console.warn(
+ "Calling the Storage Access API on behalf of " + STORAGE_ACCESS_ORIGIN
+ );
+ button.disabled = true;
+ e.stopPropagation();
+ e.preventDefault();
+ document
+ .requestStorageAccessForOrigin(STORAGE_ACCESS_ORIGIN)
+ .then(() => {
+ button.disabled = false;
+ target.click();
+ })
+ .catch(() => {
+ button.disabled = false;
+ });
+ },
+ true
+);