Closed Bug 1272754 Opened 9 years ago Closed 9 years ago

contextid not being propagated when switching a tab into non-e10s

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Version:
49 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
e10s + ---
firefox49 --- wontfix
firefox50 --- fix-optional
firefox51 --- fixed

People

(Reporter: kjozwiak, Assigned: jhao)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active][usercontextId][OA][uplift50-])

Attachments

(1 file, 6 obsolete files)

Disable "Open in new non-e10s window" from non-default containers.
1.25 KB, patch
jhao
: review+
Details | Diff | Splinter Review
Switching the current tab to a non-e10s window doesn't propagate the contextid but does preserve the website that the user was previously browsing. We should be preserving both the container and the website in this situation. STR: * open and login into bugzilla using the work container * once logged in, right click on the tab and select "Open in a new non-e10s window" * the new non-e10s window will load bugzilla using the default container (contextid=0) rather than opening it in a work container
tracking-e10s: --- → ?
Whiteboard: [domsecurity-backlog]
non-shipping feature, tracks but doesn't block e10s.
tracking-e10s: ?+
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog][usercontextId]
Whiteboard: [domsecurity-backlog][usercontextId] → [domsecurity-backlog][usercontextId][OA]
This is still occurring with the latest version of Nightly. I quickly went through the STR from comment #0 to see if this might have been fixed as a byproduct of all the work going into the container feature. Build Used: * fx50.0a1 buildId: 20160712030234, changeset: aac8ff1024c5
Assignee: nobody → jhao
I thought this patch should fix this bug. My printf at line 974 says the new docshell has correct userContextId, but when I tried the STR, the newly created tab is still in default container. I don't know what's wrong. Baku, would you please take a look?
Attachment #8771383 - Flags: feedback?(amarchesini)
Comment on attachment 8771383 [details] [diff] [review] Switching a tab into non-e10s should preserve userContextId. Tim just traced the code with me. We found that my method was totally wrong, and we believe we have the right fix this time. I'll upload a patch later.
Attachment #8771383 - Attachment is obsolete: true
Attachment #8771383 - Flags: feedback?(amarchesini)
Whiteboard: [domsecurity-backlog][usercontextId][OA] → [domsecurity-active][usercontextId][OA]
Baku, would you please review this patch?
Attachment #8772476 - Flags: review?(amarchesini)
Status: NEW → ASSIGNED
Comment on attachment 8772476 [details] [diff] [review] Switching a tab into non-e10s should preserve userContextId. I cannot review this code.
Attachment #8772476 - Flags: review?(amarchesini) → review?(mconley)
Comment on attachment 8772476 [details] [diff] [review] Switching a tab into non-e10s should preserve userContextId. Review of attachment 8772476 [details] [diff] [review]: ----------------------------------------------------------------- ::: browser/base/content/tabbrowser.xml @@ +2997,5 @@ > throw "This method is intended only for e10s testing!"; > } > let url = aTab.linkedBrowser.currentURI.spec; > + let userContextId = aTab.hasAttribute("usercontextid") ? aTab.getAttribute("usercontextid") : 0; > + return window.openDialog("chrome://browser/content/", "_blank", "chrome,all,dialog=no,non-remote", url, This seems wrong. We are asking for the opening of a new window, for a chrome URL. This chrome URL should not receive the userContextId because it will run using systemPrincipal. To me the bug is when we swap the docShell.
Attachment #8772476 - Flags: feedback-
This chrome URL won't actually receive the userContextid. The userContextId is passed in as an extra argument [1], and will not be used until the chrome URL is fully loaded. My patch retrieves the extra argument at _delayedStartup [2], when the actually url is about to be loaded. System principal will not be used at that time. http://searchfox.org/mozilla-central/source/dom/base/nsGlobalWindow.cpp#8169 http://searchfox.org/mozilla-central/source/browser/base/content/browser.js#1154
Baku, does Comment 8 change your mind?
Flags: needinfo?(amarchesini)
Do we swap the docShell between a e10s and an non-e10s docShell?
Flags: needinfo?(amarchesini) → needinfo?(jhao)
To be absolutely clear, the "Open in non-e10s Window" context menu item for tabs will not ship to release users. That item, along with the "- e10s" prefix in the tab titles, and the "Open non-e10s Window" toolbar button, are restricted to the Nightly and Aurora channels. So with that information in mind, is fixing this really necessary?
(In reply to Andrea Marchesini (:baku) from comment #10) > Do we swap the docShell between a e10s and an non-e10s docShell? No, we don't because "Open in non-e10s Window" keeps the originally e10s window and opens a whole new non-e10s one. The user action triggers tabbrowser.xml:openNonRemoteWindow() and it creates a window by: window.openDialog("chrome://browser/content/", "_blank", "chrome,all,dialog=no,non-remote", url, userContextId); When the window is painted, the MozAfterPaint event will trigger browser.js:_delayedStartup(). It will eventually go to this else block: http://searchfox.org/mozilla-central/source/browser/base/content/browser.js#1153. The code that swaps the docshell is in this block: http://searchfox.org/mozilla-central/source/browser/base/content/browser.js#1124 and won't be executed in this code path.
Flags: needinfo?(jhao)
(In reply to Mike Conley (:mconley) - (Needinfo me!) from comment #11) > To be absolutely clear, the "Open in non-e10s Window" context menu item for > tabs will not ship to release users. That item, along with the "- e10s" > prefix in the tab titles, and the "Open non-e10s Window" toolbar button, are > restricted to the Nightly and Aurora channels. > > So with that information in mind, is fixing this really necessary? Before container is in TestPilot, users who want this feature can only use it in Nightly and Aurora channels. They can still be affected. So, if there isn't too much risk, I think we should fix this.
Comment on attachment 8772476 [details] [diff] [review] Switching a tab into non-e10s should preserve userContextId. Review of attachment 8772476 [details] [diff] [review]: ----------------------------------------------------------------- I don't think this is going to work with e10s, since gBrowser.webNavigation is not going to be accessible. So far, Test Pilot studies have had user populations in the tens of thousands. I wonder, for those users, if it makes more sense to hide the "Open in non-e10s" menu options if they're within the testing pool. ::: browser/base/content/browser.js @@ +1847,5 @@ > // This function throws for certain malformed URIs, so use exception handling > // so that we don't disrupt startup > try { > + if (aUserContextId) { > + gBrowser.webNavigation.setOriginAttributesBeforeLoading({ userContextId: aUserContextId }); This is going to break with e10s, where we have no access to the nsIWebNavigation in the parent process.
Attachment #8772476 - Flags: review?(mconley) → review-
Thanks, Mike. I pass the userContextId further down in this patch and I think it should be compatible with e10s this time.
Attachment #8775494 - Flags: review?(mconley)
Attachment #8772476 - Attachment is obsolete: true
The code path is: tabbrowser.xml::loadTabs() -> tabbrowser.xml::loadURI() -> browser.xml::loadURI() -> tabbrowser.xml::loadURIWithFlags() -> (remote and non-remote both has an implmentation) browser.js::_loadURIWithFlags()
I removed an unused argument.
Attachment #8775498 - Flags: review?(mconley)
Attachment #8775494 - Attachment is obsolete: true
Attachment #8775494 - Flags: review?(mconley)
I forgot to refresh before the last upload. Sorry for all the fuss.
Attachment #8775501 - Flags: review?(mconley)
Attachment #8775498 - Attachment is obsolete: true
Attachment #8775498 - Flags: review?(mconley)
Comment on attachment 8775501 [details] [diff] [review] Switching a tab into non-e10s should preserve userContextId. Review of attachment 8775501 [details] [diff] [review]: ----------------------------------------------------------------- Before I review this, what do you think of my idea in comment 14 of hiding the menuitems for Test Pilot participants? The reason I ask, is because I'm seeing this bug track 49, and I assume you want to uplift, and that worries me a bit because while the patch is small, it's altering some pretty critical paths for loading content. So let me know what you think of hiding the menuitems instead.
Attachment #8775501 - Flags: review?(mconley)
If this patch concerns you this much, we can hide the menu items instead.
Attachment #8775501 - Attachment is obsolete: true
Comment on attachment 8775922 [details] [diff] [review] Disable "Open in new non-e10s window" from non-default containers. Review of attachment 8775922 [details] [diff] [review]: ----------------------------------------------------------------- Note that there is still the e10s-button for opening non-e10s windows that's in the application menu for Nightly / Aurora builds: http://searchfox.org/mozilla-central/rev/3df383b8552c1f8059f5c21258388ddb5a2f33d0/browser/components/customizableui/CustomizableWidgets.jsm#1262 You might want to have that button be disabled at the same time that the URL bar is updated to reflect which container is selected. ::: browser/base/content/browser.js @@ +7609,4 @@ > menuItem.hidden = !gMultiProcessBrowser; > + if (menuItem.id == "context_openNonRemoteWindow") { > + menuItem.disabled = this.contextTab.hasAttribute("usercontextid") && > + parseInt(this.contextTab.getAttribute("usercontextid")); Nit: if the attribute doesn't exist, getAttribute will return null, which parseInt will convert to NaN, which is false-y. You should be able to simplify this to: menuItem.disabled = !!parseInt(this.contextTab.getAttribute("usercontextid"));
Attachment #8775922 - Flags: review?(mconley) → review-
Are you talking about the "New non-e10s Window under the File menu and also in the hamburger menu? That command will always open a window with a tab in the default container, and is not related to this bug.
Flags: needinfo?(mconley)
(In reply to Jonathan Hao [:jhao] from comment #23) > Are you talking about the "New non-e10s Window under the File menu and also > in the hamburger menu? That command will always open a window with a tab in > the default container, and is not related to this bug. That's true - I apologize, you're absolutely right on that.
Flags: needinfo?(mconley)
Comment on attachment 8775922 [details] [diff] [review] Disable "Open in new non-e10s window" from non-default containers. You were absolutely right that we only need this to apply to the tab context menu item, and not the panel or toolbar buttons. r=me with the nit I brought up in comment 22 fixed.
Attachment #8775922 - Flags: review- → review+
Attachment #8775922 - Attachment is obsolete: true
Hi Tanvi and Paul, This bug affects aurora users when they are executing steps described in comment 0. Shall we uplift this bug to aurora (FF 50)?
Flags: needinfo?(tanvi)
Flags: needinfo?(ptheriault)
Whiteboard: [domsecurity-active][usercontextId][OA] → [domsecurity-active][usercontextId][OA][uplift50?]
Is the "Open Link in new non-e10s window" available in Aurora? Is Aurora e10s by default?
(In reply to Tanvi Vyas [:tanvi] from comment #28) > Is the "Open Link in new non-e10s window" available in Aurora? Is Aurora > e10s by default? Yes to both questions.
Containers is not enabled by default in Aurora 50. When we go to Test Pilot in 49 and do enable Containers there, I don't think e10s will be enabled for test pilot users. So if we uplift this, we'd only be uplifting for Aurora users who enable containers. I don't expect that percentage to be very high so I'm okay with just keeping this in 51.
Flags: needinfo?(tanvi)
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/b4192b6a9958 Disable "Open in new non-e10s window" from non-default containers. r=mconley
Keywords: checkin-needed
(In reply to Tanvi Vyas [:tanvi] from comment #30) > Containers is not enabled by default in Aurora 50. When we go to Test Pilot > in 49 and do enable Containers there, I don't think e10s will be enabled for > test pilot users. So if we uplift this, we'd only be uplifting for Aurora > users who enable containers. I don't expect that percentage to be very high > so I'm okay with just keeping this in 51. Sounds reasonable.
Flags: needinfo?(ptheriault)
Whiteboard: [domsecurity-active][usercontextId][OA][uplift50?] → [domsecurity-active][usercontextId][OA][uplift50-]
https://hg.mozilla.org/mozilla-central/rev/b4192b6a9958
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox51: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: