Consider whether/when XPConnect sandboxes should be able to see [SecureContext] API




3 years ago
2 months ago


(Reporter: jwatt, Unassigned)


(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)




3 years ago
Follow-up from bug 1177957 comment 23/30.

We should decide what to do about giving XPConnect sandboxes access to [SecureContext] API.
Per email discussion, we should have sandboxes inited with a window inherit its secure context state.  Ones inited with a URL or principal, presumably we would not treat as secure contexts, or we could just base it on that url or principal codebase, right?
Is jwatt going to make the call here?
Flags: needinfo?(jwatt)
Whiteboard: btpp-followup-2016-07-15

Comment 3

3 years ago
The email discussions bz refers to were between bholley, bz and myself. The recommendations from bholley were:

* Xray caller should see the secure APIs if either
  (a) they are system principal, or 
  (b) the Xrayed global sees the APIs.

* We should add a sandbox option, defaulting to false,
  for exposing secure-context APIs.

* IIUC the secure-context-ness can only be deduced from the
  Window, not the Principal, right? Assuming that's the case, I
  agree that the slightly-odd behavior of inheriting
  secure-context-ness when creating a sandbox from a
  Window-as-nsIScriptObjectPrincipal is the way to go.

I agree that we should have sandboxes inited with a window inherit its secure context state. I don't think we can really have sandboxes initialized with a URL or principal be a secure context though, since as bholley notes in that case we don't have enough information to make that call.
Flags: needinfo?(jwatt)
Priority: -- → P2
Whiteboard: btpp-followup-2016-07-15
Priority: P2 → P3
Jonathan, I'm hitting test failures in bug 1333140 because it turns out that "crypto.subtle" is currently exposed to sandboxes, and even used by at least the Push service. What needs to be done here to move this forward? Do we "simply" need someone to implement what's suggested in comment #3?
Flags: needinfo?(jwatt)

Comment 5

2 years ago
I think so, yes. Maybe reach out to the XPConnect peers to see if one of them can take a look?
Flags: needinfo?(jwatt) → needinfo?(bzbarsky)

Comment 6

2 years ago
Oops, didn't actually mean to needinfo bz. Probably best to find someone less busy if possible. :)
Flags: needinfo?(bzbarsky)
Fwiw, the plan from comment 3 seems reasonable to me.  We just need someone to implement.
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.