Fix FirstPartyIsolation in Fission.
Categories
(Core :: DOM: Security, task, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: timhuang, Assigned: timhuang)
References
(Regressed 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
There is one issue that breaks FirstPartyIsolation tests in Fission. The docShell doesn't have a FirstPartyDoaim in its OAs in the following two cases.
- The opened window through the window.open()
- The iframe
The root cause is that the First Party domain doesn't get updated while creating the browser in these two cases. We shall fix this.
Assignee | ||
Comment 1•5 years ago
|
||
In this patch, we add the propagation of the first party domain through
the tabContext while creating OOP browsers. In the window.open() case,
we will propagate the first party domain from the opener's browser parent.
And in the frame case, we will propagate it from the manager of the
browserBridgeParent of the OOP frame.
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4a0dc82465d2 Propagate the first party domain when creating new browser in Fission. r=smaug
Comment 3•5 years ago
|
||
bugherder |
Comment 4•5 years ago
|
||
Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.
This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:
0ee3c76a-bc79-4eb2-8d12-05dc0b68e732
Description
•