Open
Bug 1391093
Opened 7 years ago
Updated 2 years ago
Enable some UI to be used in an onAuthRequired callback
Categories
(WebExtensions :: Frontend, enhancement, P3)
WebExtensions
Frontend
Tracking
(Not tracked)
NEW
People
(Reporter: markh, Unassigned)
References
Details
Attachments
(2 obsolete files)
Bug 1341126 has added the ability to open a popup or sidebar programatically, which offers a potential solution to webextensions which want to offer some UI during an onAuthRequired callback, so the user can select the credentials to use with http-basic authentication. However, these new functions are only available when the browser is processing user input. It would be ideal if we would also allow these functions to be called by an extension which has an outstanding onAutoRequired callback promise pending. Shane, do you have any thoughts on the best way to actually implement this? Would it be OK to reuse/abuse the requireUserInput flag (ie, to somehow arrange for the block at http://searchfox.org/mozilla-central/source/toolkit/components/extensions/ExtensionChild.jsm#643 to also check this and allow the call?)
Flags: needinfo?(mixedpuppy)
Comment 1•7 years ago
|
||
I'm OK with doing this, but we should make sure that we don't grant the activeTab permission in those cases.
Comment 2•7 years ago
|
||
I'm not aware of a way to set isHandlingUserInput but I'm sure we could add some kind of internal bypass flag that could be handled in callAsyncFunction. aswan knows the userinput code, lets see what he thinks.
Flags: needinfo?(mixedpuppy) → needinfo?(aswan)
Comment 3•7 years ago
|
||
It is possible to set isHandlingUserInput, but we definitely *should not* set it for onAuthRequired callbacks. This needs to be treated as a special case.
Flags: needinfo?(aswan)
Comment 4•7 years ago
|
||
Woudln't this negate the HandlingUserInput requirement for open() methods? A web extension could issue a request that triggers the onAuthRequired whenever it wants to bug the user with a popup...
Comment 5•7 years ago
|
||
An extension with webRequestBlocking permission could, yes. But I'm not too worried about that as long as we don't also grant activeTab permissions in that case. And, of course, any extension that we found doing that would be blocklisted with extreme prejudice.
Comment 6•7 years ago
|
||
The code that checks an individual api call is here: http://searchfox.org/mozilla-central/rev/5ce320a16f6998dc2b36e30458131d029d107077/toolkit/components/extensions/ExtensionChild.jsm#642-649 It sounds like that check needs to be expanded. Since you don't have an actual event to refer to here, you should think ahead of time about which top-level window you want the popup to open in (if some non-active tab in a non-active window generates onAuthRequired do I get the popup in my foreground window?). It looks like bug 1341126 unconditionally opens the popup in the top window.
Reporter | ||
Comment 7•7 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #3) > It is possible to set isHandlingUserInput, but we definitely *should not* > set it for onAuthRequired callbacks. This needs to be treated as a special > case. Do you have thoughts on how that should be expressed? For this specific case the addon needs "webRequestBlocking" permissions, so it might be OK to express this as webext permissions that override the isHandlingUserInput flag (and for this specific case, it would be just ["webRequestBlocking"]). OTOH, that might be too broad - thoughts? (In reply to Andrew Swan [:aswan] from comment #6) > Since you don't have an actual event to refer to here, you should think > ahead of time about which top-level window you want the popup to open in (if > some non-active tab in a non-active window generates onAuthRequired do I get > the popup in my foreground window?). It looks like bug 1341126 > unconditionally opens the popup in the top window. Yeah, that's a good point. I've got an example which uses a pageAction item, so doesn't suffer from that problem. A pageAction seems to make more sense for this specific requirement anyway, but I bet some password manager authors might prefer to use their existing browserAction. I'm new to much of this, so I'm just taking one step at a time :)
Flags: needinfo?(kmaglione+bmo)
Updated•7 years ago
|
Priority: -- → P5
Updated•6 years ago
|
Product: Toolkit → WebExtensions
Comment 8•6 years ago
|
||
Moving this back on the radar due to https://github.com/bitwarden/browser/issues/116 While a browser/page action may be an easy path, there are other issues per comment 6. We may want to consider some other mechanism, but am unsure what right now.
Priority: P5 → P2
Summary: Allow API to open browser/page/sidebarAction to be used in an onAuthRequired callback → Enable some UI to be used in an onAuthRequired callback
Updated•6 years ago
|
Assignee: nobody → mixedpuppy
Priority: P2 → P1
Updated•6 years ago
|
Flags: needinfo?(kmaglione+bmo)
Comment 9•6 years ago
|
||
Comment 10•6 years ago
|
||
(In reply to Andrew Swan [:aswan] from comment #6) > Since you don't have an actual event to refer to here, you should think > ahead of time about which top-level window you want the popup to open in (if > some non-active tab in a non-active window generates onAuthRequired do I get > the popup in my foreground window?). It looks like bug 1341126 > unconditionally opens the popup in the top window. We can allow extensions to determine that behavior, and if we want to tighten the screws later we can. The patch in phab now contains an illustration of dealing with authentication in background windows.
Comment 11•6 years ago
|
||
Updated•6 years ago
|
Attachment #9011006 -
Attachment is obsolete: true
Comment 12•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=051320b01bc62cb29adfbe47b99c7e378408e10b
Comment 13•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=aef09335996b41699441edde663a60735c611060
Comment 14•6 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #10) > We can allow extensions to determine that behavior, and if we want to > tighten the screws later we can. The patch in phab now contains an > illustration of dealing with authentication in background windows. I don't see this in the patch on phabricator, the test loads the page that needs authentication in a foreground tab. In any case, I'm not sure how I feel about the idea of just-let-the-extension-handle-it. Extension authors that don't consider this case are going to create a very confusing experience..
Comment 15•6 years ago
|
||
(In reply to Andrew Swan [:aswan] from comment #14) > (In reply to Shane Caraveo (:mixedpuppy) from comment #10) > > We can allow extensions to determine that behavior, and if we want to > > tighten the screws later we can. The patch in phab now contains an > > illustration of dealing with authentication in background windows. > > I don't see this in the patch on phabricator, the test loads the page that > needs authentication in a foreground tab. foreground within its own window. But I'll restructure the test a bit to prove that. > In any case, I'm not sure how I feel about the idea of > just-let-the-extension-handle-it. Extension authors that don't consider > this case are going to create a very confusing experience.. I think it's an acceptable solution. We cannot know how an extension will choose to handle an auth call (maybe they already have the login data and will just return it, maybe not), so we cannot make the decision to force-focus a tab that needs it.
Comment 16•6 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #15) > I think it's an acceptable solution. We cannot know how an extension will > choose to handle an auth call (maybe they already have the login data and > will just return it, maybe not), so we cannot make the decision to > force-focus a tab that needs it. I don't understand this comment, this bug is explicitly about the case where the extension does not have data available to handle the callback without user interaction.
Comment 17•6 years ago
|
||
(In reply to Andrew Swan [:aswan] from comment #16) > (In reply to Shane Caraveo (:mixedpuppy) from comment #15) > > I think it's an acceptable solution. We cannot know how an extension will > > choose to handle an auth call (maybe they already have the login data and > > will just return it, maybe not), so we cannot make the decision to > > force-focus a tab that needs it. > > I don't understand this comment, this bug is explicitly about the case where > the extension does not have data available to handle the callback without > user interaction. And how do you know if the extension is going to need user interaction?
Comment 18•6 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #17) > And how do you know if the extension is going to need user interaction? I have no idea, my only point is that I think that letting extensions open a popup in the foreground window based on something in a background window is a bad idea. I don't have a better idea off the top of my head but if we land this right now we're making an implicit promise to continue to support it, I don't think that's something we should do hastily. Lets talk about it in the Tuesday morning meeting.
Comment 19•6 years ago
|
||
We discussed this at the UX meeting this morning and decided to let the patch land as-is. The use of http auth is pretty low these days, the extension needs to have a reason to show a UI (like a selector for multiple potential credentials), and the user needs to have multiple windows open, all of which makes this feel like an edge case. There was no clear consensus on what the "right" thing to do would be, and a feeling that any guess as to what the right thing is might not be any better than letting the extension handle it (from a UX perspective).
(In reply to Kris Maglione [:kmag] from comment #1) > I'm OK with doing this, but we should make sure that we don't grant the > activeTab permission in those cases. I don't see any code in this patch to actually block ActiveTab usage. Did we implement this part yet?
What's the status here Andrew? Are you still working on this? I see a bit of movement in the discussion doc, but I don't know what the outcome or decision was about the approach to tackle this?
Er, by Andrew, I mean Shane, of course.
Comment 23•6 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #22) > Er, by Andrew, I mean Shane, of course. I'm thinking that the patch here is not the likely approach, but will wait more on discussion with product/etc. before settling on what we do.
Updated•6 years ago
|
Attachment #9009676 -
Attachment is obsolete: true
Updated•6 years ago
|
Priority: P1 → P2
Updated•6 years ago
|
Blocks: secure-proxy
Updated•5 years ago
|
Priority: P2 → P3
Updated•4 years ago
|
Assignee: mixedpuppy → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•