Closed
Bug 1091287
Opened 10 years ago
Closed 10 years ago
[e10s] If a background tab requests HTTP auth the tab isn't switched to before displaying the auth dialog
Categories
(Toolkit :: Password Manager, defect)
Toolkit
Password Manager
Tracking
()
Tracking | Status | |
---|---|---|
e10s | m4+ | --- |
People
(Reporter: mossop, Assigned: mossop)
References
Details
Attachments
(1 file, 2 obsolete files)
16.43 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
This is a means to spoof the user into giving the background tab their credentials for whatever the foreground tab is.
I think the bug lies here:
http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/nsLoginManagerPrompter.js#581
In e10s we don't have the content window, this._window is just the main browser window.
Flags: firefox-backlog+
Comment 1•10 years ago
|
||
I noticed this too, thanks for filing it.
I had assumed it was caused by issues with DOMWillOpenModalDialog not firing or not properly being propagated to the parent process, but looking into it just a bit further, http://hg.mozilla.org/mozilla-central/annotate/80e18ff7c7b2/toolkit/components/passwordmgr/LoginManagerParent.jsm#l210 looks pretty fishy.
Comment 2•10 years ago
|
||
I suppose the setE10sData call is already forwarding the browser over to the nsILoginManagerPrompter, but there's no nice way to forward that even further along to the underlying prompt service here:
http://hg.mozilla.org/mozilla-central/annotate/80e18ff7c7b2/toolkit/components/passwordmgr/nsLoginManagerPrompter.js#l367
Prompting APIs are all window based :(
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → dtownsend+bugmail
Status: NEW → ASSIGNED
Points: --- → 3
Flags: qe-verify-
Assignee | ||
Updated•10 years ago
|
Iteration: --- → 36.2
Updated•10 years ago
|
Assignee | ||
Comment 3•10 years ago
|
||
This makes TabParent forward along the browser to the auth prompter. I'm not a fan of having to use the tabbrowser APIs to switch to the tab but can't think of an alternative right now.
I'm not positive that "*aResult = prompt.forget().take()" is the right way to return the prompter from C++ so let me know if there is a better way to do that.
Attachment #8515099 -
Flags: review?(mrbkap)
Comment 4•10 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #3)
> I'm not a fan of having to use the tabbrowser APIs to switch to the tab but can't
> think of an alternative right now.
Adjust the promptservice API to allow passing in the opener somehow, and have it fire DOMWillOpenModalDialog properly? We'll need to do this eventually anyhow to fix a bunch of other prompts.
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #4)
> (In reply to Dave Townsend [:mossop] from comment #3)
> > I'm not a fan of having to use the tabbrowser APIs to switch to the tab but can't
> > think of an alternative right now.
>
> Adjust the promptservice API to allow passing in the opener somehow, and
> have it fire DOMWillOpenModalDialog properly? We'll need to do this
> eventually anyhow to fix a bunch of other prompts.
Aha, I wasn't aware we had that. Looks like it takes a browser already so I can just use that.
Assignee | ||
Comment 6•10 years ago
|
||
Attachment #8515099 -
Attachment is obsolete: true
Attachment #8515099 -
Flags: review?(mrbkap)
Attachment #8516067 -
Flags: review?(mrbkap)
Assignee | ||
Updated•10 years ago
|
Attachment #8516067 -
Attachment is obsolete: true
Attachment #8516067 -
Flags: review?(mrbkap)
Assignee | ||
Comment 7•10 years ago
|
||
Attachment #8516172 -
Flags: review?(mrbkap)
Comment 8•10 years ago
|
||
Comment on attachment 8516172 [details] [diff] [review]
patch rev 3
Review of attachment 8516172 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/ipc/TabParent.cpp
@@ +71,5 @@
> #include "nsAuthInformationHolder.h"
> #include "nsICancelable.h"
> #include "gfxPrefs.h"
> #include <algorithm>
> +#include "nsILoginManagerPrompter.h"
Nit: I believe the style guide asks us to keep #include ""s blocked separately from #include <>s.
@@ +1890,5 @@
> + nsCOMPtr<nsIDOMElement> browser = do_QueryInterface(mFrameElement);
> + prompter->SetE10sData(browser, nullptr);
> + }
> +
> + *aResult = prompt.forget().take();
prompt.forget(aResult);
Attachment #8516172 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 9•10 years ago
|
||
(In reply to Blake Kaplan (:mrbkap) from comment #8)
> @@ +1890,5 @@
> > + nsCOMPtr<nsIDOMElement> browser = do_QueryInterface(mFrameElement);
> > + prompter->SetE10sData(browser, nullptr);
> > + }
> > +
> > + *aResult = prompt.forget().take();
>
> prompt.forget(aResult);
I tried that before and it fails to compile with "error: assigning to 'void *' from incompatible type 'already_AddRefed<nsISupports>'"
Flags: needinfo?(mrbkap)
Comment 10•10 years ago
|
||
Gah, sorry. Your original attempt was the right way to go.
Flags: needinfo?(mrbkap)
Assignee | ||
Comment 11•10 years ago
|
||
Comment 12•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in
before you can comment on or make changes to this bug.
Description
•