diff options
Diffstat (limited to '')
-rw-r--r-- | browser/extensions/webcompat/shims/crave-ca.js | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/browser/extensions/webcompat/shims/crave-ca.js b/browser/extensions/webcompat/shims/crave-ca.js new file mode 100644 index 0000000000..b4d93ccdfa --- /dev/null +++ b/browser/extensions/webcompat/shims/crave-ca.js @@ -0,0 +1,56 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +/* + * Bug 1746439 - crave.ca login broken with dFPI enabled + * + * Crave.ca relies upon a login page that is out-of-origin. That login page + * sets a cookie for https://www.crave.ca, which is then used as an proof of + * authentication on redirect back to the main site. This shim adds a request + * for storage access for https://www.crave.ca when the user tries to log in. + */ + +console.warn( + `When logging in, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1746439 for details.` +); + +// Third-party origin we need to request storage access for. +const STORAGE_ACCESS_ORIGIN = "https://www.crave.ca"; + +document.documentElement.addEventListener( + "click", + e => { + const { target, isTrusted } = e; + if (!isTrusted) { + return; + } + const button = target.closest("button"); + if (!button) { + return; + } + const form = target.closest(".login-form"); + if (!form) { + return; + } + + console.warn( + "Calling the Storage Access API on behalf of " + STORAGE_ACCESS_ORIGIN + ); + button.disabled = true; + e.stopPropagation(); + e.preventDefault(); + document + .requestStorageAccessForOrigin(STORAGE_ACCESS_ORIGIN) + .then(() => { + button.disabled = false; + target.click(); + }) + .catch(() => { + button.disabled = false; + }); + }, + true +); |