Open Bug 1532642 (orb) Opened 5 years ago Updated 2 months ago

ORB, aka CORB++ (blocking all the "no-cors" cross-origin responses possible)

Categories

(Core :: DOM: Networking, enhancement, P3)

Product:
Core
Component:
DOM: Networking
Type:
enhancement

Tracking

()

Project Flags:
Fission Milestone Future

People

(Reporter: annevk, Unassigned)

References

(Depends on 19 open bugs, Blocks 5 open bugs,
URL
)

Details

(Whiteboard: [necko-triaged][spectre-blocker])

Attachments

(11 obsolete files)

This is a tracking issue to see if we can create a filter that only lets "no-cors" cross-origin media (audio, image, video), CSS, and JavaScript enter the content process.

This is similar to Chrome's CORB, except safelist rather than blocklist-based.

Depends on: 1532644
Depends on: 1532646
Depends on: 1532648
Assignee: nobody → valentin.gosu
Priority: -- → P3
Whiteboard: [necko-triaged]

https://github.com/whatwg/fetch/issues/721#issuecomment-470126129 has a more detailed sketch of this filter.

Summary: Fission++ (blocking all the "no-cors" cross-origin responses possible) → CORB++ (blocking all the "no-cors" cross-origin responses possible)
Assignee: valentin.gosu → nobody
Blocks: fission-site-sandbox
Blocks: fission

Fission Future because Nika says this doesn't block shipping Fission MVP.

Fission Milestone: --- → Future
Depends on: 1683131
Depends on: 1686040
Depends on: 1643611
Assignee: nobody → ttung
Status: NEW → ASSIGNED
Attachment #9199217 - Attachment description: Bug 1532642 - Add fucntions to determine opaque-safelisted MIME type, opaque-blocklisted MIME type and opaque-blocklisted-never-sniffed MIME type; → Bug 1532642 - Add functions to determine opaque-safelisted MIME type, opaque-blocklisted MIME type and opaque-blocklisted-never-sniffed MIME type;
Attached file Bug 1532642 - Add media element id; (obsolete) —

This is needed to be putting into "opaque-safelisted requesters set" in ORB
(https://github.com/annevk/orb).

Depends on D102447

Depends on D102448

Attachment #9204846 - Attachment is obsolete: true
Attachment #9203439 - Attachment is obsolete: true
Attachment #9203440 - Attachment is obsolete: true
Depends on: 1695987
Depends on: 1696111

Comment on attachment 9199216 [details]
Bug 1532642 - Add a pref for ORB and disable it by default;

Revision D102388 was moved to bug 1696111. Setting attachment 9199216 [details] to obsolete.

Attachment #9199216 - Attachment is obsolete: true

Comment on attachment 9199217 [details]
Bug 1532642 - Add functions to determine opaque-safelisted MIME type, opaque-blocklisted MIME type and opaque-blocklisted-never-sniffed MIME type;

Revision D102447 was moved to bug 1696111. Setting attachment 9199217 [details] to obsolete.

Attachment #9199217 - Attachment is obsolete: true

Comment on attachment 9199218 [details]
Bug 1532642 - ORB core Implementation;

Revision D102448 was moved to bug 1696111. Setting attachment 9199218 [details] to obsolete.

Attachment #9199218 - Attachment is obsolete: true

Comment on attachment 9206287 [details]
Bug 1532642 - Extract the code for parsing range header string out and use it later;

Revision D106889 was moved to bug 1696111. Setting attachment 9206287 [details] to obsolete.

Attachment #9206287 - Attachment is obsolete: true

Comment on attachment 9206290 [details]
Bug 1532642 - Make LoadInfo know if the request is triggered from a media element and if it's an initial request;

Revision D106890 was moved to bug 1696111. Setting attachment 9206290 [details] to obsolete.

Attachment #9206290 - Attachment is obsolete: true

Comment on attachment 9206291 [details]
Bug 1532642 - Sniff and check the initial media request and allow its subsequent requests;

Revision D106891 was moved to bug 1696111. Setting attachment 9206291 [details] to obsolete.

Attachment #9206291 - Attachment is obsolete: true

Comment on attachment 9199219 [details]
Bug 1532642 - Enable the pref for ORB on Nightly;

Revision D102449 was moved to bug 1696111. Setting attachment 9199219 [details] to obsolete.

Attachment #9199219 - Attachment is obsolete: true
No longer depends on: 1683131
No longer depends on: 1695987
Depends on: 1595491
Assignee: shes050117 → echuang
Depends on: 1698040
Depends on: 1701868
Blocks: 1398886
Depends on: 1714299

Hi Anne! Should the title here be changed from CORB++ to ORB to be consistent with https://github.com/annevk/orb ?

Flags: needinfo?(annevk)
Flags: needinfo?(annevk)
Summary: CORB++ (blocking all the "no-cors" cross-origin responses possible) → ORB, aka CORB++ (blocking all the "no-cors" cross-origin responses possible)
Whiteboard: [necko-triaged] → [necko-triaged][spectre-blocker]
Blocks: 1731778
Attachment #9281810 - Attachment is obsolete: true
Depends on: 1774800
Depends on: 1778135
Depends on: 1785331
Depends on: 1791864
Depends on: 1791915
Depends on: 1791918
Depends on: 1794601
Severity: normal → S3
Depends on: 1802088
Depends on: 1804086
Depends on: 1804261
Depends on: 1804638
Depends on: 1805228
Depends on: 1806501
Depends on: 1809518
No longer blocks: fission
Depends on: 1812051
Depends on: 1820192
Whiteboard: [necko-triaged][spectre-blocker] → [necko-triaged][spectre-blocker][sp3]
See Also: https://mozilla-hub.atlassian.net/browse/SP3-80
Whiteboard: [necko-triaged][spectre-blocker][sp3] → [necko-triaged][spectre-blocker]
Depends on: 1828375
Regressions: 1827684
Depends on: 1800658
Depends on: 1823877
Depends on: 1829778
Depends on: 1833216
Assignee: echuang → nobody
Status: ASSIGNED → NEW
Regressions: 1838052
Depends on: 1838208
Depends on: 1838228
Depends on: 1839881
Depends on: 1841016
Depends on: 1841933
Alias: orb
Depends on: 1824658
Depends on: 1848603
Depends on: 1855466
Regressions: 1855775
Depends on: 1865395
Depends on: 1878773
Blocks: necko-cors
Depends on: 1880289
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: