1315553 - Opening an about:blank tab with an explicit NullPrincipal breaks the document

Status: NEW

(Firefox :: Tabbed Browser, defect)

Description

[Tomislav Jovanovic :zombie]

+++ This bug was initially created as a clone of Bug #1310331 +++

As part of bug 1310331, we need to mark a tab created with the "about:blank" url as having a NullPrincipal (and maybe with the appropriate addonId origin attribute).  I'm trying to do that using the following code:

    gBrowser.addTab("about:blank", 
        {originPrincipal: Services.scriptSecurityManager.createNullPrincipal({})});

(works in the browser console)

A tab is opened, but the document inside never finishes loading, remaining in readyState: "uninitialized" forever.

This looks like a platform bug, but I'm unsure about the product/component.

Comment 1

[Tomislav Jovanovic :zombie]

Well, this is confusing.

This seems to work in Aurora, and anything other than Nightly, but it's not a recent change. It's broken in any Nightly build from the last 6 months -- tested all the way back to 47 before giving up.

Comment 2

[Tomislav Jovanovic :zombie]

Hey Mike, I followed this down to docShell land, and knowing you visited there, you'll either know where to look, or at least who to ni? next.  ;)

Comment 3

[Tomislav Jovanovic :zombie]

> It's broken in any Nightly build from the last 6 months

I somehow messed this up.  It worked in Nightly until November 28, and broke in the November 29 build. 

---

We managed to work around this in bug 1310331, so it's not blocking things anymore.  Though this still looks like a bug, and we still might wish to set an origin attribute down the line (which current solution doesn't allow us to do).

Clearing the ni? from Mike, feel free to look at this whenever you get to it.

Comment 4

[:Gijs (he/him)]

It being broken on nightly only sounds like it has to do with usercontextid not matching the tab somehow? It looks like you're not passing your new null principal any origin attributes (or only an addonId but not a usercontextid)

Comment 5

[:Gijs (he/him)]

(In reply to Tomislav Jovanovic :zombie from comment #3)
> > It's broken in any Nightly build from the last 6 months
> 
> I somehow messed this up.  It worked in Nightly until November 28, and broke
> in the November 29 build. 

This is 2015? Can you provide a pushlog?

Comment 6

[Tomislav Jovanovic :zombie]

> It being broken on nightly only sounds like it has to do with usercontextid
> not matching the tab somehow? It looks like you're not passing your new null
> principal any origin attributes (or only an addonId but not a usercontextid)

Yes, the STR above is an empty NullPrincipal without any origin attributes (the final goal is to probably use addonId).  Is that not allowed anymore?  Is usercontextid now mandatory?


> This is 2015? Can you provide a pushlog?

And I manged to mess up the correction.  :(  
I'm distracted, should probably step away from the keyboard.


It stopped working in Nightly build from *September* 29th, a month and a half ago.

Comment 7

[:Gijs (he/him)]

(In reply to Tomislav Jovanovic :zombie from comment #6)
> And I manged to mess up the correction.  :(  
> I'm distracted, should probably step away from the keyboard.
> 
> 
> It stopped working in Nightly build from *September* 29th, a month and a
> half ago.

That's presumably because "originPrincipal" was only introduced then, because we used it for a security fix.

https://hg.mozilla.org/mozilla-central/rev/a45cfe898352

before then, the null principal argument had no effect.

I expect that the issue is that we're creating an about:blank content viewer and then loading about:blank in there, so various location change things might not fire given that the URIs are the same, or something?

Comment 8

[Boris Zbarsky [:bzbarsky]]

Could be, but that wouldn't generally affect readyState.

That said, about:blank is all sorts of black magic; just ask hsivonen.  It's possible that the actual about:blank load is simply not happening in this case, and the initial about:blank _is_ in the "uninitialized" readyState.