Closed
Bug 1360973
Opened 7 years ago
Closed 7 years ago
Don't do the work needed for same origin referrer policies unless if we have one set
Categories
(Core :: Networking: HTTP, enhancement)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox55 | --- | fixed |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
Attachments
(1 file, 5 obsolete files)
6.65 KB,
patch
|
tnguyen
:
review+
|
Details | Diff | Splinter Review |
CheckSameOriginURI() can be expensive and shows up under profiles, so we should try to avoid calling it unless if we have the same origin referrer policy.
Assignee | ||
Comment 1•7 years ago
|
||
Don't do the work needed for same origin referrer policies unless if we have one set
Attachment #8863296 -
Flags: review?(mcmanus)
Assignee | ||
Comment 2•7 years ago
|
||
Assignee | ||
Comment 3•7 years ago
|
||
Comment on attachment 8863296 [details] [diff] [review] t push -f my work# Attachment to Bug 1360973 - Don't do the work needed for same origin referrer policies unless if we have one set Sorry this isn't quite right, I was building in the wrong ssh window :-( I will fix up the patch tomorrow.
Attachment #8863296 -
Attachment is obsolete: true
Flags: needinfo?(ehsan)
Attachment #8863296 -
Flags: review?(mcmanus)
Comment 4•7 years ago
|
||
I'll delegate the review to :tnguyen when you get there..
Assignee | ||
Comment 5•7 years ago
|
||
CheckSameOriginURI() can be expensive and shows up under profiles, so we should try to avoid calling it unless if we are going to use isCrossOrigin.
Attachment #8863440 -
Flags: review?(tnguyen)
Assignee | ||
Comment 6•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=e538721dc72606690472fa09ed88a8a025f65fcf&selectedJob=95650690
Flags: needinfo?(ehsan)
Assignee | ||
Updated•7 years ago
|
Attachment #8863297 -
Attachment is obsolete: true
Assignee | ||
Comment 7•7 years ago
|
||
Comment 8•7 years ago
|
||
Comment on attachment 8863440 [details] [diff] [review] Don't do the work needed for same origin referrer policies unless if we need to Review of attachment 8863440 [details] [diff] [review]: ----------------------------------------------------------------- Thanks Ehsan ::: netwerk/protocol/http/HttpBaseChannel.cpp @@ +1650,5 @@ > + Maybe<bool> isCrossOrigin; > + if (mReferrerPolicy == REFERRER_POLICY_SAME_ORIGIN || > + mReferrerPolicy == REFERRER_POLICY_ORIGIN_WHEN_XORIGIN || > + mReferrerPolicy == REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN || > + gHttpHandler->ReferrerXOriginTrimmingPolicy() != 0) { Should we check userReferrerTrimmingPolicy != 2? Because 2 is the strictest policy (origin) and we may not have to compute isCrossOrigin @@ +1744,5 @@ > rv = clone->SetUserPass(EmptyCString()); > if (NS_FAILED(rv)) return rv; > > nsAutoCString spec; > I think we should move the computing part to here, because other condition checks may bail out early. @@ +1763,5 @@ > // "Strict" request from https->http case was bailed out, so here: > // "strict-origin" behaves the same as "origin". > // "strict-origin-when-cross-origin" behaves the same as "origin-when-cross-origin" > if (mReferrerPolicy == REFERRER_POLICY_ORIGIN || > mReferrerPolicy == REFERRER_POLICY_STRICT_ORIGIN || These 2 values we also don't have to compute isCrossOrigin. That means if we had the strictest policy userReferrerTrimmingPolicy == 2, we may not have to compute isCrossOrigin
Attachment #8863440 -
Flags: review?(tnguyen)
Assignee | ||
Comment 9•7 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] ni plz from comment #8) > ::: netwerk/protocol/http/HttpBaseChannel.cpp > @@ +1650,5 @@ > > + Maybe<bool> isCrossOrigin; > > + if (mReferrerPolicy == REFERRER_POLICY_SAME_ORIGIN || > > + mReferrerPolicy == REFERRER_POLICY_ORIGIN_WHEN_XORIGIN || > > + mReferrerPolicy == REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN || > > + gHttpHandler->ReferrerXOriginTrimmingPolicy() != 0) { > > Should we check userReferrerTrimmingPolicy != 2? > Because 2 is the strictest policy (origin) and we may not have to compute > isCrossOrigin I checked against 0 because of userReferrerXOriginTrimmingPolicy being passed to std::max here. IOW if userReferrerXOriginTrimmingPolicy is 0, std::max(foo, 0) would be foo, so there would be no side effect to running this branch. Does that make sense? > @@ +1744,5 @@ > > rv = clone->SetUserPass(EmptyCString()); > > if (NS_FAILED(rv)) return rv; > > > > nsAutoCString spec; > > > > I think we should move the computing part to here, because other condition > checks may bail out early. Sure. I guess technically that changes the behavior if some of the reordered code fails and returns an error code but hopefully nothing will depend on that. I'll attach another version of my patch although I suspect it will need to change based on the rest of this comment, but that's OK. :-) > @@ +1763,5 @@ > > // "Strict" request from https->http case was bailed out, so here: > > // "strict-origin" behaves the same as "origin". > > // "strict-origin-when-cross-origin" behaves the same as "origin-when-cross-origin" > > if (mReferrerPolicy == REFERRER_POLICY_ORIGIN || > > mReferrerPolicy == REFERRER_POLICY_STRICT_ORIGIN || > > These 2 values we also don't have to compute isCrossOrigin. That means if we > had the strictest policy userReferrerTrimmingPolicy == 2, we may not have to > compute isCrossOrigin Are you sure? If we don't check isCrossOrigin for these two values, then if content specifies "origin-when-cross-origin" it will effectively be treated as "origin", and if content specifies "strict-origin-when-cross-origin" it will effectively be treated as "strict-origin". That seems wrong to me... What am I missing?
Flags: needinfo?(tnguyen)
Assignee | ||
Comment 10•7 years ago
|
||
CheckSameOriginURI() can be expensive and shows up under profiles, so we should try to avoid calling it unless if we are going to use isCrossOrigin.
Assignee | ||
Updated•7 years ago
|
Attachment #8863440 -
Attachment is obsolete: true
Assignee | ||
Updated•7 years ago
|
Attachment #8863441 -
Attachment is obsolete: true
Comment 11•7 years ago
|
||
(In reply to :Ehsan Akhgari (super long backlog, slow to respond) from comment #9) > (In reply to Thomas Nguyen[:tnguyen] ni plz from comment #8) > > Are you sure? If we don't check isCrossOrigin for these two values, then if > content specifies "origin-when-cross-origin" it will effectively be treated > as "origin", and if content specifies "strict-origin-when-cross-origin" it > will effectively be treated as "strict-origin". That seems wrong to me... > What am I missing? Sorry for confusing you. I meant REFERRER_POLICY_ORIGIN and REFERRER_POLICY_STRICT_ORIGIN, we do not have to compute isCrossOrigin though CheckSameOriginURI() (even gHttpHandler->ReferrerXOriginTrimmingPolicy() != 0). Because we expect to send origin no matter the site is cross origin.
Flags: needinfo?(tnguyen)
Comment 12•7 years ago
|
||
(In reply to :Ehsan Akhgari (super long backlog, slow to respond) from comment #9) > (In reply to Thomas Nguyen[:tnguyen] ni plz from comment #8) > > ::: netwerk/protocol/http/HttpBaseChannel.cpp > > @@ +1650,5 @@ > > > + Maybe<bool> isCrossOrigin; > > > + if (mReferrerPolicy == REFERRER_POLICY_SAME_ORIGIN || > > > + mReferrerPolicy == REFERRER_POLICY_ORIGIN_WHEN_XORIGIN || > > > + mReferrerPolicy == REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN || > > > + gHttpHandler->ReferrerXOriginTrimmingPolicy() != 0) { > > > > Should we check userReferrerTrimmingPolicy != 2? > > Because 2 is the strictest policy (origin) and we may not have to compute > > isCrossOrigin > > I checked against 0 because of userReferrerXOriginTrimmingPolicy being > passed to std::max here. IOW if userReferrerXOriginTrimmingPolicy is 0, > std::max(foo, 0) would be foo, so there would be no side effect to running > this branch. Does that make sense? The same here, I meant userReferrerTrimmingPolicy We have userReferrerXOriginTrimmingPolicy = max(userReferrerTrimmingPolicy, userReferrerXOriginTrimmingPolicy) So if userReferrerTrimmingPolicy == 2, then max(2, userReferrerXOriginTrimmingPolicy) == 2 no matter if cross origin
Comment 13•7 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] ni plz from comment #12) > (In reply to :Ehsan Akhgari (super long backlog, slow to respond) from > comment #9) > > I checked against 0 because of userReferrerXOriginTrimmingPolicy being > > passed to std::max here. IOW if userReferrerXOriginTrimmingPolicy is 0, > > std::max(foo, 0) would be foo, so there would be no side effect to running > > this branch. Does that make sense? > The same here, I meant userReferrerTrimmingPolicy > We have userReferrerXOriginTrimmingPolicy = max(userReferrerTrimmingPolicy, > userReferrerXOriginTrimmingPolicy) > So if userReferrerTrimmingPolicy == 2, then max(2, > userReferrerXOriginTrimmingPolicy) == 2 no matter if cross origin Typo userReferrerTrimmingPolicy = std::max(userReferrerTrimmingPolicy, userReferrerXOriginTrimmingPolicy);
Assignee | ||
Comment 14•7 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] ni plz from comment #11) > (In reply to :Ehsan Akhgari (super long backlog, slow to respond) from > comment #9) > > (In reply to Thomas Nguyen[:tnguyen] ni plz from comment #8) > > > > Are you sure? If we don't check isCrossOrigin for these two values, then if > > content specifies "origin-when-cross-origin" it will effectively be treated > > as "origin", and if content specifies "strict-origin-when-cross-origin" it > > will effectively be treated as "strict-origin". That seems wrong to me... > > What am I missing? > Sorry for confusing you. I meant REFERRER_POLICY_ORIGIN and > REFERRER_POLICY_STRICT_ORIGIN, we do not have to compute isCrossOrigin > though CheckSameOriginURI() (even > gHttpHandler->ReferrerXOriginTrimmingPolicy() != 0). Because we expect to > send origin no matter the site is cross origin. Oh, great point, I understand now. Thanks!
Assignee | ||
Comment 15•7 years ago
|
||
CheckSameOriginURI() can be expensive and shows up under profiles, so we should try to avoid calling it unless if we are going to use isCrossOrigin.
Attachment #8864392 -
Flags: review?(tnguyen)
Assignee | ||
Updated•7 years ago
|
Attachment #8863597 -
Attachment is obsolete: true
Comment 16•7 years ago
|
||
Comment on attachment 8864392 [details] [diff] [review] Don't do the work needed for same origin referrer policies unless if we need to Review of attachment 8864392 [details] [diff] [review]: ----------------------------------------------------------------- Lgtm with the bellow comment ::: netwerk/protocol/http/HttpBaseChannel.cpp @@ +1720,5 @@ > + mReferrerPolicy != REFERRER_POLICY_STRICT_ORIGIN)) && > + // 2 (origin-only) is already the strictest policy which we'd adopt if we > + // were cross-origin, so there is no point to compute whether we are or > + // not. > + gHttpHandler->ReferrerXOriginTrimmingPolicy() != 2) { And plz check && gHttpHandler->ReferrerTrimmingPolicy() != 2 (because ReferrerTrimmingPolicy is applied in both cases cross/same origin. If we have the strictest ReferrerTrimmingPolicy, we also don't have to compute)
Attachment #8864392 -
Flags: review?(tnguyen) → review+
Assignee | ||
Comment 17•7 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] ni plz from comment #16) > ::: netwerk/protocol/http/HttpBaseChannel.cpp > @@ +1720,5 @@ > > + mReferrerPolicy != REFERRER_POLICY_STRICT_ORIGIN)) && > > + // 2 (origin-only) is already the strictest policy which we'd adopt if we > > + // were cross-origin, so there is no point to compute whether we are or > > + // not. > > + gHttpHandler->ReferrerXOriginTrimmingPolicy() != 2) { > > And plz check && gHttpHandler->ReferrerTrimmingPolicy() != 2 (because > ReferrerTrimmingPolicy is applied in both cases cross/same origin. If we > have the strictest ReferrerTrimmingPolicy, we also don't have to compute) D'oh, I think I should do this instead, and not additionally in fact, since the cross origin trimming policy doesn't matter here, it is the non-cross-origin policy that overrides the cross-origin policy. Thankfully a test failure on the try server caught this mistake. :-) Thanks for spotting it!
Comment 18•7 years ago
|
||
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/e07dcfd3c4a5 Don't do the work needed for same origin referrer policies unless if we need to; r=tnguyen
Comment 19•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e07dcfd3c4a5
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in
before you can comment on or make changes to this bug.
Description
•