WebExtension pages don't have access to privileged APIs
Categories
(GeckoView :: Extensions, defect, P1)
Tracking
(firefox67 wontfix, firefox67.0.1 wontfix, firefox68 fixed, firefox69 fixed)
People
(Reporter: agi, Assigned: agi)
References
Details
(Whiteboard: [geckoview:fenix:m6])
Attachments
(2 files)
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
WebExtension pages should have access to privileged APIs like browser.runtime
. In GeckoView, however, browser
is always undefined for WebExtension pages.
This is a blocker for Reader Mode in Fenix.
Comment 1•5 years ago
|
||
Added [geckoview:fenix:m6]
whiteboard tag because Reader Mode blocks Fenix MVP.
Assignee | ||
Comment 2•5 years ago
|
||
Whenever we switch processes in GeckoView we didn't inject frameScripts.
This change adds a new method onBrowserAttached
that is called whenever a
module's new browser is attached to a window, whenever that happens we inject
the frameScript into the browser.
This fixes a bug in WebExtension pages where the WebExtension Process Script
would never be notified of a new WebExtension page window, breaking privileged
APIs.
Assignee | ||
Comment 3•5 years ago
|
||
WebExtension can always open their respective WebExtension pages even when the
WebExtension page is not content accessible.
However, this is not true for tabs.update
, which couldn't link to
WebExtension pages at all.
Similarly, a user should be able to open a WebExtension page directly by typing
the URL.
To fix the above problems we pass the correct triggeringPrincipal
when
loading such URIs.
Pushed by asferro@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d4516071aeff Load moz-extension pages in extension principal. r=snorp https://hg.mozilla.org/integration/autoland/rev/28d50d22a289 Load chrome frameScripts when switching processes. r=snorp
Comment 5•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d4516071aeff
https://hg.mozilla.org/mozilla-central/rev/28d50d22a289
Assignee | ||
Comment 6•5 years ago
|
||
Comment on attachment 9066718 [details]
Bug 1553371 - Load chrome frameScripts when switching processes.
Beta/Release Uplift Approval Request
- User impact if declined: Reader mode wouldn't work in Fenix, blocker for MVP
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Medium
- Why is the change risky/not risky? (and alternatives if risky): This change only affects GeckoView. There are automated tests and it's very obvious if the fix doesn't work (GV would pretty much stop working because frame scripts are not running).
The other patch in this bug affects Fennec too, it makes Android match the behavior in Desktop (using the extension principal when opening a tab) and there are automated tests for this too.
- String changes made/needed:
Assignee | ||
Updated•5 years ago
|
Comment 7•5 years ago
|
||
Comment on attachment 9066718 [details]
Bug 1553371 - Load chrome frameScripts when switching processes.
approved for 68.0b5
Updated•5 years ago
|
Comment 8•5 years ago
|
||
bugherder uplift |
Comment 9•2 years ago
|
||
Moving some WebExtension bugs to the GeckoView::Extensions component.
Description
•