Closed Bug 1589275 Opened 5 years ago Closed 4 years ago

Make DocumentChannel CSP handling work entirely in the parent process

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla76
Project Flags:
Fission Milestone Future
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: mattwoodrow, Assigned: mattwoodrow)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(2 files)

Bug 1589275 - Add an option to provide a custom violation event callback. ?rckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1589275 - Run DocumentChannel CSP checks in the parent, and send only the violations to the content process. r?nika,ckerschb
47 bytes, text/x-phabricator-request
Details | Review

Currently DocumentChannel handles CSP checks by forwarding them to the content process that created it.

We needed to do this since some tests rely on events being fired there.

In the future we might not always have an originating docshell (for parent-process initiated loads), and with Fission we might not want the old content process to see redirects that happened (from other origins).

We should try figure out exactly the hard requirements are for events are here, and see how much we can do from the parent process.

See Also: → 1589276
Fission Milestone: --- → Future
Component: Security → DOM: Security
Blocks: fission-dom-security
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Assignee: nobody → matt.woodrow

I think a good first step here is to run the checks in the parent, and forward any violation notifications to the content process.

That avoids needing to block on a cross process round-trip for redirects (which should be a good performance win for Fenix).

It still doesn't solve the problem of supporting Fission, where we try to use the embedder element/Document to fire events, and those might be in a different process.

I'll file a follow up bug for the latter.

Blocks: 1625366
Pushed by mwoodrow@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d0a77f4a0ad8
Add an option to provide a custom violation event callback. ?rckerschb r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/e2bab42cfd60
Run DocumentChannel CSP checks in the parent, and send only the violations to the content process. r=nika,ckerschb
Pushed by mwoodrow@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5f0e36f5e984
Add an option to provide a custom violation event callback. ?rckerschb r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/b054781355aa
Run DocumentChannel CSP checks in the parent, and send only the violations to the content process. r=nika,ckerschb

https://hg.mozilla.org/mozilla-central/rev/5f0e36f5e984
https://hg.mozilla.org/mozilla-central/rev/b054781355aa

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76
Flags: needinfo?(matt.woodrow)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: