Implement Cross-Origin-Opener-Policy
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox67 | --- | fixed |
People
(Reporter: nika, Assigned: valentin)
References
Details
(Keywords: dev-doc-needed)
Attachments
(4 files)
HTML Spec Issue: https://github.com/whatwg/html/issues/3740
Chrome Implementation Issue: https://bugs.chromium.org/p/chromium/issues/detail?id=922191
:annevk's more technical explainer: https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e
The initial implementation of this feature will probably be easiest to implement using the in-flight process selection logic implemented in bug 1467223. A check would be added for a Cross-Origin-Opener-Policy
mismatch which would cause an unconditional process swap, whether or not the source and destination remoteType
values are the same.
Updated•6 years ago
|
Updated•6 years ago
|
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Comment 2•6 years ago
|
||
Depends on D18119
Updated•6 years ago
|
Updated•6 years ago
|
Assignee | ||
Comment 3•6 years ago
|
||
- Adds nsIHttpChannelInternal.setTopWindowPrincipal used to pass the principal from the child to the parent
Depends on D18119
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Assignee | ||
Comment 4•6 years ago
|
||
- New topLevel loads get the nsILoadInfo.openerPolicy of the current top level document
- Parsing the Cross-Opener-Origin-Policy of a channel will update mLoadInfo.openerPolicy and this value will get propagated to the child process.
- SessionStore now checks nsIHttpChannel.hasCrossOriginOpenerPolicyMismatch (preffed off) and performs a process switch if needed
Depends on D18246
Comment 6•6 years ago
|
||
Backed out 4 changesets (bug 1521808) for build bustage. CLOSED TREE
Log:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=227895515&repo=autoland&lineNumber=12312
Push with failures:
https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=80aeea5f7abe0a5c98c5c2f8c9de7d152c2a82e2
Backout:
https://hg.mozilla.org/integration/autoland/rev/a791ece512e14ccdc7ebf95e1f28d49e80d372f5
Assignee | ||
Comment 7•6 years ago
|
||
Assignee | ||
Comment 8•6 years ago
|
||
Assignee | ||
Comment 9•6 years ago
|
||
Updated•6 years ago
|
Assignee | ||
Comment 10•6 years ago
|
||
Updated•6 years ago
|
Assignee | ||
Comment 11•6 years ago
|
||
Comment 12•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Comment 13•6 years ago
|
||
Comment 14•6 years ago
|
||
Backed out for causing merge conflicts. https://irccloud.mozilla.com/file/AxR0gkMP/image.png
Comment 15•6 years ago
|
||
Comment 16•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/acf942062ea0
https://hg.mozilla.org/mozilla-central/rev/6c7b1d562420
https://hg.mozilla.org/mozilla-central/rev/a7dc0e4d0136
https://hg.mozilla.org/mozilla-central/rev/ab75adc15a37
Assignee | ||
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Comment 18•6 years ago
|
||
Note to MDN writers:
I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP
The header still needs documenting, and BCD filling in.
Comment 19•5 years ago
|
||
(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #18)
Note to MDN writers:
I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTPThe header still needs documenting, and BCD filling in.
I see there is a pref called "browser.tabs.remote.useCrossOriginOpenerPolicy". Is this behind that pref, or is the header actually shipping in Firefox 67?
Assignee | ||
Comment 20•5 years ago
|
||
(In reply to Florian Scholz [:fscholz] (MDN) from comment #19)
(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #18)
Note to MDN writers:
I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTPThe header still needs documenting, and BCD filling in.
I see there is a pref called "browser.tabs.remote.useCrossOriginOpenerPolicy". Is this behind that pref, or is the header actually shipping in Firefox 67?
This header is behind the pref.
Comment 21•5 years ago
|
||
Thanks, updating the release notes accordingly.
Comment 22•5 years ago
|
||
valentin, do you recall why the test uses rather magical setTimeout(, 20).
(I'm debugging bug 1528607 a bit, without being able to reproduce too often, and those setTimeouts without any comments look suspicious)
Assignee | ||
Comment 23•5 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #22)
valentin, do you recall why the test uses rather magical setTimeout(, 20).
(I'm debugging bug 1528607 a bit, without being able to reproduce too often, and those setTimeouts without any comments look suspicious)
It was because this code
currentPID = await ContentTask.spawn(browser, null, () => {
return Services.appinfo.processID;
});
would sometimes return the PID of the previous process, not the one in which we did the cross process redirect.
Waiting for a bit™ would let things stabilize and run in the correct process. I didn't get the chance to check why that was at the time.
I don't know how relevant that test is anymore, given that we've got a lot more WPT tests for COOP now.
Description
•