Open Bug 1492596 Opened 6 years ago Updated 2 years ago

IPCPaymentCreateActionRequest.topLevelPrincipal can be removed?

Categories

(Core :: DOM: Web Payments, enhancement, P3)

Product:
Core
Component:
DOM: Web Payments
Type:
enhancement

Tracking

()

Project Flags:
Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [webpayments-reserve]) 

As far as I can tell, topLevelPrincipal is a testing-only parameter. It is supplied with a real value when creating a Payment Request; but on the other send the principal is never read or used - except in some test code: dom/payments/test/ConstructorChromeScript.js

Because this value is supplied by the content process, it is possible for a rogue Content Process to supply an invalid value here. If future code relied on this value being correct, it could be subverted.

We could add validation to the parameter; but maybe we can just remove it?
Priority: -- → P2
The information is requested from UI component, I guess UI plans to show the top level origin information, such that they might need the topLevelPrincipal.
Matt, could you help to comment that if UI still needs the information? If it is not used anymore, I can help remove it.
Flags: needinfo?(MattN+bmo)
Priority: P2 → P3
We use topLevelPrincipal on nsIPaymentRequest. I don't know whether that connects to IPCPaymentCreateActionRequest. I think our tests should fail if you removed it: ./mach test browser/components/payments/

https://searchfox.org/mozilla-central/rev/fc3d974254660b34638b2af9d5431618b191b233/browser/components/payments/content/paymentDialogWrapper.js#397,399

It sounds like the value should be populated on the content process side of the DOM code instead for better security.
Flags: needinfo?(MattN+bmo)
Whiteboard: [webpayments-reserve]

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.