Make DocumentChannel CSP handling work entirely in the parent process
Categories
(Core :: DOM: Security, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox76 | --- | fixed |
People
(Reporter: mattwoodrow, Assigned: mattwoodrow)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(2 files)
Currently DocumentChannel handles CSP checks by forwarding them to the content process that created it.
We needed to do this since some tests rely on events being fired there.
In the future we might not always have an originating docshell (for parent-process initiated loads), and with Fission we might not want the old content process to see redirects that happened (from other origins).
We should try figure out exactly the hard requirements are for events are here, and see how much we can do from the parent process.
Updated•5 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
I think a good first step here is to run the checks in the parent, and forward any violation notifications to the content process.
That avoids needing to block on a cross process round-trip for redirects (which should be a good performance win for Fenix).
It still doesn't solve the problem of supporting Fission, where we try to use the embedder element/Document to fire events, and those might be in a different process.
I'll file a follow up bug for the latter.
Assignee | ||
Comment 2•4 years ago
|
||
Assignee | ||
Comment 3•4 years ago
|
||
Depends on D68496
Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d0a77f4a0ad8 Add an option to provide a custom violation event callback. ?rckerschb r=ckerschb https://hg.mozilla.org/integration/autoland/rev/e2bab42cfd60 Run DocumentChannel CSP checks in the parent, and send only the violations to the content process. r=nika,ckerschb
Comment 5•4 years ago
|
||
Backed out for bustages on dom/security
Backout link: https://hg.mozilla.org/integration/autoland/rev/503da3b5988c63459c5d9e48521bb5a0f471663d
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295701504&repo=autoland&lineNumber=35837
Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5f0e36f5e984 Add an option to provide a custom violation event callback. ?rckerschb r=ckerschb https://hg.mozilla.org/integration/autoland/rev/b054781355aa Run DocumentChannel CSP checks in the parent, and send only the violations to the content process. r=nika,ckerschb
Comment 7•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5f0e36f5e984
https://hg.mozilla.org/mozilla-central/rev/b054781355aa
Assignee | ||
Updated•4 years ago
|
Description
•