Closed Bug 1185377 Opened 9 years ago Closed 8 years ago

b2g apps probably crash with a third party iframe that uses Cache API

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bkelly, Unassigned)

References

Details

Similar to the problem in bug 1179191, we probably will get b2g app crashes with this scenario: 1) b2g starts a process for app foo.com!appid=123 2) app opens an iframe for bar.com which runs in the same process 3) bar.com iframe tries to use Cache API 4) Cache API checks to see if child process matches bar.com (but it really matches foo.com!appid=123) 5) Failed security check kills child process As far as I can tell from the security check, we require exact app ID matches. This probably will not be the case for the third party iframe: https://dxr.mozilla.org/mozilla-central/source/dom/ipc/AppProcessChecker.cpp#211 I could be wrong, though. Maybe the iframe has bar.com, but inherits the appID somehow (confusing to me). Can someone write a test for this to see if it crashes or not?
Blocks: 1207265
No longer blocks: ServiceWorkers-B2G
OS: Unspecified → Gonk (Firefox OS)
Hardware: Unspecified → ARM
I think Jonas told me we inherit the appID, so we're probably safe here. A test would still be good, though.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.