Make nsHttpChannel::AsyncOpen wait (async) for HSTS data to be available before connecting to non-https URLs
Categories
(Core :: Networking: HTTP, enhancement, P2)
Tracking
()
People
(Reporter: Gijs, Assigned: kershaw)
References
Details
(Keywords: perf:responsiveness, Whiteboard: [necko-triaged])
Attachments
(2 files, 2 obsolete files)
In bug 1372889, captive portal detection causes a non-https http connection to a server, which causes us to load hsts data, which we do sync and blocks the main thread, causing jank.
To avoid this, in principle we'd need to make Connect() async, but in the short term, it may be easier to make asyncopen check if the data is available, and only proceed with making the connection once it is.
Reporter | ||
Updated•6 years ago
|
Comment 1•6 years ago
|
||
Hey valentin,
The qf team is trying to triage this, but we need some more information that maybe you can help us with:
- Are we right when we assume that this will happen on every start-up?
- Are we right when we assume that this blocks loading any other pages until this operation completes?
(In reply to Mike Conley (:mconley) (:⚙️) from comment #1)
Hey valentin,
The qf team is trying to triage this, but we need some more information that maybe you can help us with:
- Are we right when we assume that this will happen on every start-up?
Yes, the captive portal service usually does a check on every start-up. The exception would be Android, where the CPS isn't enabled.
- Are we right when we assume that this blocks loading any other pages until this operation completes?
Given that bug 1372889 is about the connection blocking the main thread, I think it's fair to say that it blocks loading other pages until the HSTS data is loaded.
Updated•6 years ago
|
Comment 3•6 years ago
|
||
The priority flag is not set for this bug.
:selenamarie, could you have a look please?
Comment 4•6 years ago
|
||
Kershaw -- could you have a look at this bug?
Assignee | ||
Comment 5•6 years ago
|
||
(In reply to Selena Deckelmann :selenamarie :selena use ni? pronoun: she from comment #4)
Kershaw -- could you have a look at this bug?
Sure.
![]() |
||
Updated•6 years ago
|
Assignee | ||
Comment 6•6 years ago
|
||
This patch contains changes of necko and security part.
Necko part:
- Add new API NS_AsyncShouldSecureUpgrade, which is the async version of NS_ShouldSecureUpgrade.
- Make nsHttpChannel::OnBeforeConnect async.
Security part:
- Add async version of IsSecureURI, which is only used in NS_AsyncShouldSecureUpgrade.
- Make DataStorage queue the pending functions before ready. Flush and execute pending funcs when it's ready.
Assignee | ||
Comment 7•6 years ago
|
||
Updated•5 years ago
|
Assignee | ||
Comment 8•5 years ago
|
||
- Add AsyncCheckIsSecureURI in nsISiteSecurityService.
- Make DataStorage queue the pending functions before ready. Flush and execute pending funcs when it's ready.
Assignee | ||
Comment 9•5 years ago
|
||
- Make nsHttpChannel::OnBeforeConnect async.
- There are two ways to get the result from NS_ShouldSecureUpgrade. One is getting the result synchronously from the input reference and the other is via the provided callback.
Note that the callback is only used when the storage is not ready to read at startup.
Assignee | ||
Comment 10•5 years ago
|
||
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 11•5 years ago
|
||
Due to the p1 patch, the first time we get the result back from NS_ShouldSecureUpgrade is always asynchronously.
This means that the first http request could be completed slower than the http requests opened after the first one. There are some tests affected by this change, since these tests assume that http requests should be completed in the same order as these requests were created.
This patch fixes the tests by:
- Move the order of asyncopen calls.
- Stop the http server until all requests are done.
Comment 12•5 years ago
|
||
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/917f02e20ab6 P1: Support to get the result from NS_ShouldSecureUpgrade asynchronously r=mayhemer https://hg.mozilla.org/integration/autoland/rev/70b9b6dbe5b8 P2: Fix failure tests r=mayhemer
Comment 13•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/917f02e20ab6
https://hg.mozilla.org/mozilla-central/rev/70b9b6dbe5b8
Updated•5 years ago
|
Comment 14•5 years ago
|
||
I'm assuming this is fine to ride the trains to 68, but if not feel free to reset the 67 status to affected and request uplift.
Updated•2 years ago
|
Description
•