Closed Bug 1590032 Opened 2 years ago Closed 2 years ago

Fix FirstPartyIsolation in Fission.

Categories

(Core :: DOM: Security, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla72
Fission Milestone M4
Tracking Status
firefox72 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

(Regressed 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

There is one issue that breaks FirstPartyIsolation tests in Fission. The docShell doesn't have a FirstPartyDoaim in its OAs in the following two cases.

  • The opened window through the window.open()
  • The iframe

The root cause is that the First Party domain doesn't get updated while creating the browser in these two cases. We shall fix this.

In this patch, we add the propagation of the first party domain through
the tabContext while creating OOP browsers. In the window.open() case,
we will propagate the first party domain from the opener's browser parent.
And in the frame case, we will propagate it from the manager of the
browserBridgeParent of the OOP frame.

Blocks: 1586726
Blocks: 1586725
Blocks: 1586723
Blocks: 1586721
Blocks: 1586719
Blocks: 1586716
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4a0dc82465d2
Propagate the first party domain when creating new browser in Fission. r=smaug
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Regressions: 1591129

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:

0ee3c76a-bc79-4eb2-8d12-05dc0b68e732

Fission Milestone: --- → M4
Regressions: 1608651
You need to log in before you can comment on or make changes to this bug.