Closed
Bug 1179557
Opened 9 years ago
Closed 9 years ago
Add contextID to originAttributes in nsIPrincipal
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
mozilla42
Tracking | Status | |
---|---|---|
firefox42 | --- | fixed |
People
(Reporter: tanvi, Assigned: englehardt)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 4 obsolete files)
8.88 KB,
patch
|
englehardt
:
review+
|
Details | Diff | Splinter Review |
3.95 KB,
patch
|
englehardt
:
review+
|
Details | Diff | Splinter Review |
We need a new attribute for Contextual Identity / Containers. We want another key to the same origin policy so that users can segregate their behavior into different context. Example uses cases:
* User has multiple accounts on websites and wants to be logged into both simultaneously. One for personal use, the other for work related use.
* User wants a session that persists but doesn't leak information to trackers about their browsing behavior in other contexts. (Ex: doesn't want the shopping context to affect the ads they see in their work context. Or wants to remain logged into a social network without being tracked across the web)
A good example addon demonstrating the usage which uses the appId originAttribute - https://addons.mozilla.org/en-US/firefox/addon/priv8/
This bug is to extend nsIPrincipal to include contextID as an originAttribute. We can set it to 0 as a default value. Then in followup bugs we will create UX that will change the value for different contexts.
https://mxr.mozilla.org/mozilla-central/source/caps/nsIPrincipal.idl?force=1#158
Some more notes on the platform infrastructure and this project - https://etherpad.mozilla.org/Eo3sSnFQj4
Assignee | ||
Comment 1•9 years ago
|
||
I've added containerId as an integer defaulting to 0 in originAttributes. I also added in some additional xpcshell unit tests. Currently on try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=0d20b573db12
Attachment #8638161 -
Flags: review?(tanvi)
Assignee | ||
Comment 2•9 years ago
|
||
Forgot to bump CIDs
Attachment #8638161 -
Attachment is obsolete: true
Attachment #8638161 -
Flags: review?(tanvi)
Attachment #8638263 -
Flags: review?(tanvi)
Assignee | ||
Comment 3•9 years ago
|
||
Attachment #8639577 -
Flags: review?(tanvi)
Attachment #8639577 -
Flags: review?(bobbyholley)
Assignee | ||
Updated•9 years ago
|
Attachment #8638263 -
Flags: review?(bobbyholley)
Comment 4•9 years ago
|
||
Comment on attachment 8639577 [details] [diff] [review]
1179557-part2.patch
Review of attachment 8639577 [details] [diff] [review]:
-----------------------------------------------------------------
I think you forgot to qref your changes to nsIPrincipal.idl?
Attachment #8639577 -
Flags: review?(bobbyholley)
Comment 5•9 years ago
|
||
Comment on attachment 8638263 [details] [diff] [review]
1179557-part1.patch
Review of attachment 8638263 [details] [diff] [review]:
-----------------------------------------------------------------
::: caps/nsIScriptSecurityManager.idl
@@ +254,5 @@
> const unsigned long NO_APP_ID = 0;
> const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
> const unsigned long SAFEBROWSING_APP_ID = 4294967294; // UINT32_MAX - 1
>
> + const unsigned long NO_CONTAINER_ID = 0;
This isn't really "no" container, so much as the "default" container, right? Or am I missing something?
::: dom/webidl/ChromeUtils.webidl
@@ +45,5 @@
> * use OriginAttributes in their nsISerializable implementations.
> */
> dictionary OriginAttributesDictionary {
> unsigned long appId = 0;
> + unsigned long containerId = 0;
This is too generic of a name to be used here. How about "userContext"? I'm happy to workshop the name, but this shouldn't land until we have something we're all satisfied with.
Attachment #8638263 -
Flags: review?(bobbyholley) → review+
Reporter | ||
Comment 6•9 years ago
|
||
Comment on attachment 8638263 [details] [diff] [review]
1179557-part1.patch
Name options are:
containerID
contextID
userContext
userContextID
If containerID is too generic, then contextID probably is to since "context" is overloaded in our codebase.
Attachment #8638263 -
Flags: review?(tanvi) → review+
Reporter | ||
Updated•9 years ago
|
Attachment #8639577 -
Flags: review?(tanvi) → review+
Reporter | ||
Updated•9 years ago
|
Attachment #8638263 -
Flags: review+ → review?(tanvi)
Comment 7•9 years ago
|
||
userContextId sounds like the way to go then, assuming that we want this thing to be an integer index into some registry somewhere. Note that the spelling of "Id" should be consistent with "appId" and "addonId".
Reporter | ||
Comment 8•9 years ago
|
||
Comment on attachment 8638263 [details] [diff] [review]
1179557-part1.patch
r+ with the name changes discussed.
Attachment #8638263 -
Flags: review?(tanvi) → review+
Assignee | ||
Comment 9•9 years ago
|
||
Carrying over r+ from Tanvi and Bobby. I agree that userContextId is the most appropriate name. I've updated containerId -> userContextId in this patch.
Attachment #8638263 -
Attachment is obsolete: true
Attachment #8640236 -
Flags: review+
Assignee | ||
Comment 10•9 years ago
|
||
Including changes to nsIPrincipal.idl this time.
Attachment #8639577 -
Attachment is obsolete: true
Attachment #8640237 -
Flags: review?(tanvi)
Attachment #8640237 -
Flags: review?(bobbyholley)
Assignee | ||
Comment 11•9 years ago
|
||
(In reply to Bobby Holley (:bholley) from comment #5)
> This isn't really "no" container, so much as the "default" container, right?
> Or am I missing something?
You're right in thinking that there isn't ever really "no" container. I've updated it to be DEFAULT_USER_CONTEXT_ID. The thinking here is that we won't add an attribute to the origin string when this is set to 0, and we won't have any tab/url bar decoration like the kind we've discussed in Bug 1181953. So this is the browsers default state or default container.
Assignee | ||
Comment 12•9 years ago
|
||
Comment 13•9 years ago
|
||
Comment on attachment 8640237 [details] [diff] [review]
1179557-part2.patch
Review of attachment 8640237 [details] [diff] [review]:
-----------------------------------------------------------------
::: caps/nsIPrincipal.idl
@@ +262,5 @@
> + * Gets the id of the user context this principal is inside. If this
> + * principal is inside the default userContext, this returns
> + * nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID.
> + */
> + [infallible] readonly attribute unsigned long userContextId;
You'll need to rev the UUID of this interface.
Attachment #8640237 -
Flags: review?(bobbyholley) → review+
Reporter | ||
Updated•9 years ago
|
Attachment #8640237 -
Flags: review?(tanvi) → review+
Assignee | ||
Comment 14•9 years ago
|
||
Carrying over r+ from bholley, tanvi. Bumping the uuid.
Resubmit to try for unresolved WinXP error: https://treeherder.mozilla.org/#/jobs?repo=try&revision=363a8379666a
Attachment #8640237 -
Attachment is obsolete: true
Attachment #8641291 -
Flags: review+
Assignee | ||
Updated•9 years ago
|
Keywords: checkin-needed
Comment 15•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/993a36e7e0b3
https://hg.mozilla.org/integration/mozilla-inbound/rev/7f05504085b1
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/993a36e7e0b3
https://hg.mozilla.org/mozilla-central/rev/7f05504085b1
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Assignee | ||
Updated•9 years ago
|
Blocks: ContextualIdentity
You need to log in
before you can comment on or make changes to this bug.
Description
•