Closed Bug 1587394 Opened 3 months ago Closed 3 months ago

Add Nightly/Beta-only preference to bypass postMessage() COOP+COEP check

Categories

(Core :: DOM: Core & HTML, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: annevk, Assigned: tt)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

When bug 1562663 was fixed, bug 1586217 got filed as some folks are using SharedArrayBuffer in combination with postMessage() for various purposes. To aid in transitioning to the COOP+COEP world we should offer a preference that does not function in Firefox Release to bypass the COOP+COEP check in postMessage().

This would result in a different processing model as cross-origin subresources for instance would not be required to use Cross-Origin-Resource-Policy. The upside is that it makes experimenting with SharedArrayBuffer significantly less involved.

Something like

dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled

would match some existing naming conventions.

(In reply to Anne (:annevk) from comment #0)

This would result in a different processing model as cross-origin subresources for instance would not be required to use Cross-Origin-Resource-Policy. The upside is that it makes experimenting with SharedArrayBuffer significantly less involved.

Quickly check the code, it seems that we don't have an existing flag for the Release version. The closet flag is MOZ_DIAGNOIS_ASSERT_ENABLED which refers to DEV version and the nightly.

(In reply to Tom Tung [:tt, :ttung] from comment #1)

Quickly check the code, it seems that we don't have an existing flag for the Release version. The closet flag is MOZ_DIAGNOIS_ASSERT_ENABLED which refers to DEV version and the nightly.

I meant MOZ_DIAGNOSTIC_ASSERT_ENABLED, but it seems that it doesn't work with the StaticPrefList.yaml somehow. The alternative option is to provide the pref only on Nightly.

I'm waiting for feedback from nika to see if there is a way to meet requirements easily, but, meanwhile, I would like to check if it's okay to only have the pref on Nightly. So that we can push this patch to central as soon as possible (because the current patch is enough to provide an ability to test SAB with the check on Nightly).

Note:
If I apply this patch and set:
javascript.options.shared_memory: ture
dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled: ture
, the https://www.qt.io/web-assembly-example-mandelbrot works for me.

Flags: needinfo?(annevk)
Status: NEW → ASSIGNED

From https://wiki.mozilla.org/Platform/Channel-specific_build_defines I think we want this to work for NIGHTLY_BUILD and MOZ_DEV_EDITION. That's not quite the same as beta though and beta can basically not work as it is at times identical to release. alonzakai, would that work for you?

Flags: needinfo?(annevk) → needinfo?(alonzakai)

Andrew McCreight pointed out https://hg.mozilla.org/releases/mozilla-beta/rev/6d5726d82182 (bug 1561950) as another thing we can adopt here to avoid having folks manually set this preference. That's probably a good idea.

Beta would be best for our CI, but having this pref in Dev and Nightly would still be very useful!

Flags: needinfo?(alonzakai)

(In reply to Anne (:annevk) from comment #6)

Andrew McCreight pointed out https://hg.mozilla.org/releases/mozilla-beta/rev/6d5726d82182 (bug 1561950) as another thing we can adopt here to avoid having folks manually set this preference. That's probably a good idea.

I will try that.

Note that njn in https://bugzilla.mozilla.org/show_bug.cgi?id=1574090#c1 pointed out adding the pref on StaticPrefList.yaml and being overridden all.js is not well tested. It seems to work fine with "fission.autostart", though.

I guess we might need QA to test it for us if this idea is r+'d.

Attachment #9099906 - Attachment description: Bug 1587394 - Provide a pref to bypass postMessage COOP and COEP check on Nightly and Beta; → Bug 1587394 - Provide a pref to bypass postMessage COOP and COEP check on Nightly and Dev;

alonzakai, note that Dev is essentially Beta these days, with slightly different branding (and this different define). It used to be Aurora, but that was removed a while back.

Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/667e16c6814c
Provide a pref to bypass postMessage COOP and COEP check on Nightly and Dev; r=nika

Backed out changeset 667e16c6814c (Bug 1587394) for pref lint failure

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=667e16c6814c28d3b17e2da084d7ba70f31b0739&selectedJob=271723826

Backout link: https://hg.mozilla.org/integration/autoland/rev/9e4ac936c60847dcc3c37f767bf186b68b210eb6

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=271723826&repo=autoland&lineNumber=51

[setup 2019-10-17T15:30:58.034Z] GECKO_PATH is /builds/worker/checkouts/gecko
[task 2019-10-17T15:30:58.034Z] executing ['bash', '-cx', './mach lint -l lintpref -f treeherder -f json:/builds/worker/mozlint.json']in /builds/worker/checkouts/gecko
[task 2019-10-17T15:30:58.036Z] + ./mach lint -l lintpref -f treeherder -f json:/builds/worker/mozlint.json
[task 2019-10-17T15:30:58.966Z] Using base prefix '/usr'
[task 2019-10-17T15:30:58.966Z] New python executable in /builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/bin/python3
[task 2019-10-17T15:30:58.966Z] Also creating executable in /builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/bin/python
[task 2019-10-17T15:31:01.252Z] Installing setuptools, pip, wheel...done.
[task 2019-10-17T15:31:02.419Z] b"running build_ext\nbuilding 'psutil._psutil_linux' extension\ncreating build\ncreating build/temp.linux-x86_64-3.5\ncreating build/temp.linux-x86_64-3.5/psutil\nx86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.5m -I/builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/include/python3.5m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_common.o\nx86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.5m -I/builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/include/python3.5m -c psutil/_psutil_posix.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_posix.o\nx86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.5m -I/builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/include/python3.5m -c psutil/_psutil_linux.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_linux.o\ncreating build/lib.linux-x86_64-3.5\ncreating build/lib.linux-x86_64-3.5/psutil\nx86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-Bsymbolic-functions -Wl,-z,relro -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.5/psutil/_psutil_common.o build/temp.linux-x86_64-3.5/psutil/_psutil_posix.o build/temp.linux-x86_64-3.5/psutil/_psutil_linux.o -o build/lib.linux-x86_64-3.5/psutil/_psutil_linux.cpython-35m-x86_64-linux-gnu.so\nbuilding 'psutil._psutil_posix' extension\nx86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.5m -I/builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/include/python3.5m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_common.o\nx86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.5m -I/builds/worker/checkouts/gecko/obj-x86_64-pc-linux-gnu/_virtualenvs/init_py3/include/python3.5m -c psutil/_psutil_posix.c -o build/temp.linux-x86_64-3.5/psutil/_psutil_posix.o\nx86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-Bsymbolic-functions -Wl,-z,relro -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.5/psutil/_psutil_common.o build/temp.linux-x86_64-3.5/psutil/_psutil_posix.o -o build/lib.linux-x86_64-3.5/psutil/_psutil_posix.cpython-35m-x86_64-linux-gnu.so\ncopying build/lib.linux-x86_64-3.5/psutil/_psutil_linux.cpython-35m-x86_64-linux-gnu.so -> psutil\ncopying build/lib.linux-x86_64-3.5/psutil/_psutil_posix.cpython-35m-x86_64-linux-gnu.so -> psutil\n"
[task 2019-10-17T15:31:02.419Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-10-17T15:31:03.423Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/tools/lint/lintpref.yml:4942 | pref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); (lintpref)
[taskcluster 2019-10-17 15:31:03.747Z] === Task Finished ===
[taskcluster 2019-10-17 15:31:04.387Z] Unsuccessful task run with exit code: 1 completed in 24.265 seconds

Flags: needinfo?(ttung)

Sorry, will take a look tomorrow

Flags: needinfo?(ttung)
Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4f8232cb3be9
Provide a pref to bypass postMessage COOP and COEP check on Nightly and Dev; r=nika
https://hg.mozilla.org/integration/autoland/rev/8d412f5619c0
Bypass the lint check for the pref; r=nika
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.