Change about: handling to not use nested URIs

NEW
Unassigned
(NeedInfo from)

Status

()

Core
Networking
P3
normal
2 years ago
a month ago

People

(Reporter: sicking, Unassigned, NeedInfo)

Tracking

(Blocks: 2 bugs)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-backlog])

Rather than created a nested URI with an inner "moz-safe-about" URI, we should always create an nsSimpleURI. We can then use the nsIProtocolHandlerWithDynamicFlags mechanism to give different security properties to different about: URIs.
Part of the challange here is that IndexedDB's file formats ends up using the moz-safe-about scheme name.

The origin of the page which uses IndexedDB, is stored in 3 places in the filesystem:
* The directory name (each origin gets a separate directory).
* Each directory gets a .metadata file which contain the origin and
some other information.
* Each IDB sqlite database contains a "database" table which has an
"origin" column with the origin.

Calculating this origin (correctly) grabs the innermost URI, which means that we use a moz-safe-about: scheme.

However there's two pieces of good news.

First off, it seems like all our origin handling for about: URIs go
through the TryGetInfoForAboutURI [1] function. That means that it is
quite easy to change our handling there to make sure that even though
we change about: URIs to never be parsed into inner moz-safe-about
URIs, we can easily act as if we did in order to avoid changing the
on-disk format.

Second, in bug 1195930 we're going to change the way that origins are
stored on disk. So we can rather easily at the same time change how
about: origins are stored. It's unclear if bug 1195930 will be fixed
first, or if we'll change about: URIs first. But either way I think we
should not worry about upgrading on-disk format as part of changing
about: URIs. Instead we should do the conversion when writing an
about: origin to disk.

Updating the on-disk format fewer times is better for both performance
and ability to downgrade anyway.

Additionally we do have code which reads one of these origins back
from disk and parses them in OriginParser::ParseOrigin [2]. It sounds
like we use this to restore .metadata files using a directory name
since for some reason the .metadata files sometimes gets lost. So this
code would also need to get updated to convert moz-safe-about origins
properly.

[1] http://mxr.mozilla.org/mozilla-central/source/dom/quota/ActorsParent.cpp#4030
[2] http://mxr.mozilla.org/mozilla-central/source/dom/quota/ActorsParent.cpp#6241
Flags: needinfo?(bzbarsky)
Whiteboard: [necko-backlog]

Updated

2 years ago
See Also: → bug 1280336

Comment 3

a year ago
Note to self: when we do this I would like to make sure that checkLoadURI and friends in caps/ still don't let non-chrome-privileged about: link to chrome-privileged about: .

Updated

a month ago
Blocks: 1171853

Updated

a month ago
Blocks: 1430257

Updated

a month ago
No longer blocks: 1171853
You need to log in before you can comment on or make changes to this bug.