Closed Bug 1584993 Opened 2 months ago Closed 2 months ago

Make CSP frame-ancestors work with fission enabled

Categories

(Core :: DOM: Security, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla72
Fission Milestone M5
Tracking Status
firefox72 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Depends on 1 open bug, Blocks 1 open bug, Regressed 2 open bugs)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

No description provided.
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]

Hey Nika, within the code for CSPs frame-ancestors we basically traverse the docshell-chain all the way up to the top-level parent, see
https://searchfox.org/mozilla-central/rev/23f836a71cfe961373c8bd0d0219ec60a64b3c8f/dom/security/nsCSPContext.cpp#1559

Obviously that is broken within fission and hence I wanted to verify something:
A potential solution would be to store an |ancestor-uri[]| on the loadinfo for subdocument loads. Basically whenever we create a new iframe, we copy the ancestor-uri of the parent and append the current-uri and hence pass that info all the way down nested iframes. Question is, does that defeat the purpose of fission? Because that ancestor-uri[] would be loaded cross process and hence could leak information about the parent or would that be fine?

Flags: needinfo?(nika)

Yeah, that would kinda defeat the purpose. We don't want to include the URIs of principals of your frame ancestors in the new fission content process.

You probably need to do CSP frame-ancestors checks within the parent process, so that the information doesn't need to be sent down to the content process at all. You can probably do this by getting the window which we're loading into from the loadinfo in the parent process, and reading the document principal information off of WindowGlobalParent actors there.

Flags: needinfo?(nika)
Attachment #9100858 - Attachment description: Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre → Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin
Keywords: checkin-needed

Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8705284b50d4
Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin

Keywords: checkin-needed

Backed out changeset 8705284b50d4 (Bug 1584993) for test_report_uri_missing_in_report_only_header.html failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&fromchange=8705284b50d4905110df9b1fab7f00d9d77d06e6&tochange=9201fb4f420d953b2fe9e2a3e61221ec440ca2a9&selectedJob=272349703

Backout link: https://hg.mozilla.org/integration/autoland/rev/9201fb4f420d953b2fe9e2a3e61221ec440ca2a9

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=272349703&repo=autoland&lineNumber=6084

[task 2019-10-22T09:52:08.558Z] 09:52:08 INFO - TEST-START | dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
[task 2019-10-22T09:52:08.616Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 16 (0x110a47c00) [pid = 1697] [serial = 809] [outer = 0x122244f20]
[task 2019-10-22T09:52:08.659Z] 09:52:08 INFO - GECKO(1695) | ++DOCSHELL 0x110ba9800 == 7 [pid = 1697] [id = {47286e96-d2c1-d947-bbef-39640c0ac3b2}]
[task 2019-10-22T09:52:08.660Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 17 (0x1222454c0) [pid = 1697] [serial = 810] [outer = 0x0]
[task 2019-10-22T09:52:08.660Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 18 (0x110ac2c00) [pid = 1697] [serial = 811] [outer = 0x1222454c0]
[task 2019-10-22T09:52:08.680Z] 09:52:08 INFO - GECKO(1695) | --DOMWINDOW == 17 (0x1222456a0) [pid = 1697] [serial = 799] [outer = 0x0] [url = http://mochi.test:8888/tests/dom/security/test/csp/file_report_font_cache-2.html]
[task 2019-10-22T09:52:08.681Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 18 (0x110a46400) [pid = 1697] [serial = 812] [outer = 0x1222454c0]
[task 2019-10-22T09:52:08.724Z] 09:52:08 INFO - GECKO(1695) | MEMORY STAT | vsize 7446MB | residentFast 204MB | heapAllocated 31MB
[task 2019-10-22T09:52:08.725Z] 09:52:08 INFO - TEST-OK | dom/security/test/csp/test_report_uri_missing_in_report_only_header.html | took 175ms
[task 2019-10-22T09:52:08.725Z] 09:52:08 ERROR - /tests/dom/security/test/csp/test_report_uri_missing_in_report_only_header.html logged result after SimpleTest.finish(): report-uri not specified in Report-Only should throw a CSP warning.
[task 2019-10-22T09:52:08.725Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 19 (0x110b5e800) [pid = 1697] [serial = 813] [outer = 0x122244f20]
[task 2019-10-22T09:52:08.807Z] 09:52:08 INFO - TEST-START | dom/security/test/csp/test_sandbox.html

Flags: needinfo?(ckerschb)

(In reply to Bogdan Tara[:bogdan_tara] from comment #5)

Backed out changeset 8705284b50d4 (Bug 1584993) for test_report_uri_missing_in_report_only_header.html failures

Fixed - sorry about that!

Flags: needinfo?(ckerschb)
Keywords: checkin-needed

Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e21ad27bfd0a
Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Regressions: 1590777
Regressions: 1557712
Duplicate of this bug: 1586051
Depends on: 1595762
Depends on: 1596402

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:

0ee3c76a-bc79-4eb2-8d12-05dc0b68e732

Fission Milestone: --- → M5
Regressions: 1597606
Regressions: 1598362
You need to log in before you can comment on or make changes to this bug.