Closed Bug 1521808 Opened 6 years ago Closed 6 years ago

Implement Cross-Origin-Opener-Policy

Categories

(Core :: DOM: Core & HTML, enhancement, P2)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Project Flags:
Fission Milestone M1
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: nika, Assigned: valentin)

References

Details

(Keywords: dev-doc-needed)

Attachments

(4 files)

Bug 1521808 - Implement Cross-Origin-Opener-Policy header r=mayhemer!,nika!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1521808 - Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer!,nika!,annevk!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1521808 - Use topWindowPrincipal for CrossOriginOpenerPolicy check r=mayhemer!,nika!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1521808 - Implement process switching based on Cross-Opener-Origin-Policy header r=nika!
47 bytes, text/x-phabricator-request
Details | Review

HTML Spec Issue: https://github.com/whatwg/html/issues/3740
Chrome Implementation Issue: https://bugs.chromium.org/p/chromium/issues/detail?id=922191
:annevk's more technical explainer: https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e

The initial implementation of this feature will probably be easiest to implement using the in-flight process selection logic implemented in bug 1467223. A check would be added for a Cross-Origin-Opener-Policy mismatch which would cause an unconditional process swap, whether or not the source and destination remoteType values are the same.

Blocks: resab
Priority: -- → P2
Fission Milestone: --- → M1
Attachment #9040185 - Attachment description: Bug 1521808 - Implement Cross-Origin-Opener-Policy header r=nika → Bug 1521808 - Implement Cross-Origin-Opener-Policy header r=nika!
  • Adds nsIHttpChannelInternal.setTopWindowPrincipal used to pass the principal from the child to the parent

Depends on D18119

Attachment #9040185 - Attachment description: Bug 1521808 - Implement Cross-Origin-Opener-Policy header r=nika! → Bug 1521808 - Implement Cross-Origin-Opener-Policy header r=mayhemer!,nika!
Attachment #9040476 - Attachment description: Bug 1521808 - Add xpcshell-test for CrossOriginOpenerPolicy → Bug 1521808 - Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer!,nika!
Attachment #9040476 - Attachment description: Bug 1521808 - Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer!,nika! → Bug 1521808 - Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer!,nika!,annevk!
  • New topLevel loads get the nsILoadInfo.openerPolicy of the current top level document
  • Parsing the Cross-Opener-Origin-Policy of a channel will update mLoadInfo.openerPolicy and this value will get propagated to the child process.
  • SessionStore now checks nsIHttpChannel.hasCrossOriginOpenerPolicyMismatch (preffed off) and performs a process switch if needed

Depends on D18246

Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/8d5174a560fa Implement Cross-Origin-Opener-Policy header r=nika,mayhemer https://hg.mozilla.org/integration/autoland/rev/cc0a5c7dabb4 Use topWindowPrincipal for CrossOriginOpenerPolicy check r=mayhemer,nika https://hg.mozilla.org/integration/autoland/rev/c8c151d92c03 Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer,nika,annevk https://hg.mozilla.org/integration/autoland/rev/80aeea5f7abe Implement process switching based on Cross-Opener-Origin-Policy header r=nika,qdot
Blocks: 1527314
Whiteboard: [2/14] patches r+; working towards for a green try
Status: NEW → ASSIGNED
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/a08553c07886 Implement Cross-Origin-Opener-Policy header r=nika,mayhemer https://hg.mozilla.org/integration/autoland/rev/94e513102b53 Use topWindowPrincipal for CrossOriginOpenerPolicy check r=mayhemer,nika https://hg.mozilla.org/integration/autoland/rev/32ce09b2c33a Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer,nika,annevk https://hg.mozilla.org/integration/autoland/rev/42641f88d7da Implement process switching based on Cross-Opener-Origin-Policy header r=nika,qdot
Flags: needinfo?(valentin.gosu)
Blocks: 1528269
Backout by csabou@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/45aaded7cf63 Backed out 4 changesets for causing merge conflicts.

Backed out for causing merge conflicts. https://irccloud.mozilla.com/file/AxR0gkMP/image.png

Flags: needinfo?(valentin.gosu)
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/acf942062ea0 Implement Cross-Origin-Opener-Policy header r=nika,mayhemer https://hg.mozilla.org/integration/autoland/rev/6c7b1d562420 Use topWindowPrincipal for CrossOriginOpenerPolicy check r=mayhemer,nika https://hg.mozilla.org/integration/autoland/rev/a7dc0e4d0136 Add xpcshell-test for CrossOriginOpenerPolicy r=mayhemer,nika,annevk https://hg.mozilla.org/integration/autoland/rev/ab75adc15a37 Implement process switching based on Cross-Opener-Origin-Policy header r=nika,qdot
Blocks: 1529004
Flags: needinfo?(valentin.gosu)
Depends on: 1530303
Depends on: 1530329
Whiteboard: [2/14] patches r+; working towards for a green try
Component: DOM → DOM: Core & HTML
Depends on: 1541389

Note to MDN writers:

I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP

The header still needs documenting, and BCD filling in.

Depends on: 1549376
Depends on: 1555036

(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #18)

Note to MDN writers:

I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP

The header still needs documenting, and BCD filling in.

I see there is a pref called "browser.tabs.remote.useCrossOriginOpenerPolicy". Is this behind that pref, or is the header actually shipping in Firefox 67?

Flags: needinfo?(valentin.gosu)

(In reply to Florian Scholz [:fscholz] (MDN) from comment #19)

(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #18)

Note to MDN writers:

I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP

The header still needs documenting, and BCD filling in.

I see there is a pref called "browser.tabs.remote.useCrossOriginOpenerPolicy". Is this behind that pref, or is the header actually shipping in Firefox 67?

This header is behind the pref.

Flags: needinfo?(valentin.gosu)

Thanks, updating the release notes accordingly.

Depends on: 1570889
No longer depends on: 1570889

valentin, do you recall why the test uses rather magical setTimeout(, 20).
(I'm debugging bug 1528607 a bit, without being able to reproduce too often, and those setTimeouts without any comments look suspicious)

Flags: needinfo?(valentin.gosu)

(In reply to Olli Pettay [:smaug] from comment #22)

valentin, do you recall why the test uses rather magical setTimeout(, 20).
(I'm debugging bug 1528607 a bit, without being able to reproduce too often, and those setTimeouts without any comments look suspicious)

It was because this code

currentPID = await ContentTask.spawn(browser, null, () => {
        return Services.appinfo.processID;
      });

would sometimes return the PID of the previous process, not the one in which we did the cross process redirect.
Waiting for a bit™ would let things stabilize and run in the correct process. I didn't get the chance to check why that was at the time.
I don't know how relevant that test is anymore, given that we've got a lot more WPT tests for COOP now.

Flags: needinfo?(valentin.gosu)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: