I'm really not quite sure what's going on here at this point. It doesn't help that the site sometimes loads comments and sometimes not, even in the same build. :( In bug 1471496 there were two changes: part 1 fixed a bug in whether MaybeCrossOriginObject considered itself cross-origin due to first-party isolation not really affecting script access, and part 2 started using MaybeCrossOriginObject for the same-origin case as well. It's part _1_ that fixes the Washington Post case as near as I can tell from bisecting. Before that changeset, when the comment display fails (which it doesn't do consistently; that made bisecting extra-fun), we get a security exception with this stack: ``` #01: js::ReportAccessDenied(JSContext*) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Wrapper.cpp:466) #02: js::AutoEnterPolicy::reportErrorIfExceptionIsNotPending(JSContext*, JS::Handle<JS::PropertyKey>) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Proxy.cpp:40) #03: AutoEnterPolicy (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../dist/include/js/Proxy.h:616) #04: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Proxy.cpp:500) #05: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:508) #06: InternalCall(JSContext*, js::AnyInvokeArgs const&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:589) #07: js::CallFromStack(JSContext*, JS::CallArgs const&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:593) #08: Interpret(JSContext*, js::RunState&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:3069) ``` and after it we do not. That said, I tested what's going on in IsPlatformObjectSameOrigin() when we hit that exception, and both branches of the OriginAttributes::IsRestrictOpenerAccessForFPI() return the same value. Which is not surprising, since the branches should only differ when first-party isolation is enabled, and for me the "privacy.firstparty.isolate" pref is set to "false"... So I _really_ have no idea what's going on here now. :( Also, when I try builds from before bug 1363208 was fixed I think I see the problem too... Again, hard to tell because the site is pretty flaky for me in terms of whether it shows the problem or not. I would have expected builds from before bug 1363208 to not have this problem, if bug 1471496 was involved in fixing it.
Bug 1551272 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I'm really not quite sure what's going on here at this point. It doesn't help that the site sometimes loads comments and sometimes not, even in the same build. :( In bug 1471496 there were two changes: part 1 fixed a bug in whether MaybeCrossOriginObject considered itself cross-origin due to first-party isolation not really affecting script access, and part 2 started using MaybeCrossOriginObject for the same-origin case as well. It's part _1_ that fixes the Washington Post case as near as I can tell from bisecting. Before that changeset, when the comment display fails (which it doesn't do consistently; that made bisecting extra-fun), we get a security exception with this stack: ``` #01: js::ReportAccessDenied(JSContext*) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Wrapper.cpp:466) #02: js::AutoEnterPolicy::reportErrorIfExceptionIsNotPending(JSContext*, JS::Handle<JS::PropertyKey>) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Proxy.cpp:40) #03: AutoEnterPolicy (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../dist/include/js/Proxy.h:616) #04: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) (/home/bzbarsky/mozilla/vanilla/mozilla/js/src/proxy/Proxy.cpp:500) #05: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:508) #06: InternalCall(JSContext*, js::AnyInvokeArgs const&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:589) #07: js::CallFromStack(JSContext*, JS::CallArgs const&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:593) #08: Interpret(JSContext*, js::RunState&) (/home/bzbarsky/mozilla/vanilla/obj-firefox/js/src/../../../mozilla/js/src/vm/Interpreter.cpp:3069) ``` and after it we do not. That said, I tested what's going on in `IsPlatformObjectSameOrigin()` when we hit that exception, and both branches of the `OriginAttributes::IsRestrictOpenerAccessForFPI()` (if I compute them both in the changeset before I added the branch) return the same value. Which is not surprising, since the branches should only differ when first-party isolation is enabled, and for me the "privacy.firstparty.isolate" pref is set to "false"... So I _really_ have no idea what's going on here now. :( Also, when I try builds from before bug 1363208 was fixed I think I see the problem too... Again, hard to tell because the site is pretty flaky for me in terms of whether it shows the problem or not. I would have expected builds from before bug 1363208 to not have this problem, if bug 1471496 was involved in fixing it.