From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- browser/extensions/webcompat/shims/kinja.js | 44 +++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 browser/extensions/webcompat/shims/kinja.js (limited to 'browser/extensions/webcompat/shims/kinja.js') diff --git a/browser/extensions/webcompat/shims/kinja.js b/browser/extensions/webcompat/shims/kinja.js new file mode 100644 index 0000000000..d30425b42d --- /dev/null +++ b/browser/extensions/webcompat/shims/kinja.js @@ -0,0 +1,44 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* globals exportFunction */ + +"use strict"; + +/** + * Kinja powered blogs rely on storage access to https://kinja.com to enable + * oauth with external providers. For dFPI, sites need to use the Storage Access + * API to gain first party storage access. This shim calls requestStorageAccess + * on behalf of the site when a user wants to log in via oauth. + */ + +// Third-party origin we need to request storage access for. +const STORAGE_ACCESS_ORIGIN = "https://kinja.com"; + +// Prefix of the path opened in a new window when users click the oauth login +// buttons. +const OAUTH_PATH_PREFIX = "/oauthlogin?provider="; + +console.warn( + `When using oauth, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1656171 for details.` +); + +// Overwrite the window.open method so we can detect oauth related popups. +const origOpen = window.wrappedJSObject.open; +Object.defineProperty(window.wrappedJSObject, "open", { + value: exportFunction((url, ...args) => { + // Filter oauth popups. + if (!url.startsWith(OAUTH_PATH_PREFIX)) { + return origOpen(url, ...args); + } + // Request storage access for Kinja. + document.requestStorageAccessForOrigin(STORAGE_ACCESS_ORIGIN).then(() => { + origOpen(url, ...args); + }); + // We don't have the window object yet which window.open returns, since the + // sign-in flow is dependent on the async storage access request. This isn't + // a problem as long as the website does not consume it. + return null; + }, window), +}); -- cgit v1.2.3