Closed Bug 1553371 Opened 5 months ago Closed 5 months ago

WebExtension pages don't have access to privileged APIs

Categories

(GeckoView :: General, defect, P1)

Unspecified
Android
defect

Tracking

(firefox67 wontfix, firefox67.0.1 wontfix, firefox68 fixed, firefox69 fixed)

RESOLVED FIXED
mozilla69
Tracking Status
firefox67 --- wontfix
firefox67.0.1 --- wontfix
firefox68 --- fixed
firefox69 --- fixed

People

(Reporter: Agi, Assigned: Agi)

References

(Blocks 1 open bug)

Details

(Whiteboard: [geckoview:fenix:m6])

Attachments

(2 files)

WebExtension pages should have access to privileged APIs like browser.runtime. In GeckoView, however, browser is always undefined for WebExtension pages.

See also: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/user_interface/Extension_pages

This is a blocker for Reader Mode in Fenix.

Added [geckoview:fenix:m6] whiteboard tag because Reader Mode blocks Fenix MVP.

OS: All → Android
Whiteboard: [geckoview:fenix:m6]

Whenever we switch processes in GeckoView we didn't inject frameScripts.

This change adds a new method onBrowserAttached that is called whenever a
module's new browser is attached to a window, whenever that happens we inject
the frameScript into the browser.

This fixes a bug in WebExtension pages where the WebExtension Process Script
would never be notified of a new WebExtension page window, breaking privileged
APIs.

WebExtension can always open their respective WebExtension pages even when the
WebExtension page is not content accessible.

However, this is not true for tabs.update, which couldn't link to
WebExtension pages at all.

Similarly, a user should be able to open a WebExtension page directly by typing
the URL.

To fix the above problems we pass the correct triggeringPrincipal when
loading such URIs.

Pushed by asferro@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d4516071aeff
Load moz-extension pages in extension principal. r=snorp
https://hg.mozilla.org/integration/autoland/rev/28d50d22a289
Load chrome frameScripts when switching processes. r=snorp
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69

Comment on attachment 9066718 [details]
Bug 1553371 - Load chrome frameScripts when switching processes.

Beta/Release Uplift Approval Request

  • User impact if declined: Reader mode wouldn't work in Fenix, blocker for MVP
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Medium
  • Why is the change risky/not risky? (and alternatives if risky): This change only affects GeckoView. There are automated tests and it's very obvious if the fix doesn't work (GV would pretty much stop working because frame scripts are not running).

The other patch in this bug affects Fennec too, it makes Android match the behavior in Desktop (using the extension principal when opening a tab) and there are automated tests for this too.

  • String changes made/needed:
Attachment #9066718 - Flags: approval-mozilla-beta?
Attachment #9066719 - Flags: approval-mozilla-beta?

Comment on attachment 9066718 [details]
Bug 1553371 - Load chrome frameScripts when switching processes.

approved for 68.0b5

Attachment #9066718 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9066719 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.