1590032 - Fix FirstPartyIsolation in Fission.

Status: RESOLVED FIXED

(Core :: DOM: Security, task, P1)

Description

[Tim Huang[:timhuang]]

There is one issue that breaks FirstPartyIsolation tests in Fission. The docShell doesn't have a FirstPartyDoaim in its OAs in the following two cases.

• The opened window through the window.open()
• The iframe

The root cause is that the First Party domain doesn't get updated while creating the browser in these two cases. We shall fix this.

Comment 1

[Tim Huang[:timhuang]]

Attachment: Bug 1590032 - Propagate the first party domain when creating new browser in Fission. r?smaug!

In this patch, we add the propagation of the first party domain through
the tabContext while creating OOP browsers. In the window.open() case,
we will propagate the first party domain from the opener's browser parent.
And in the frame case, we will propagate it from the manager of the
browserBridgeParent of the OOP frame.

Comment 2

[Pulsebot]

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4a0dc82465d2
Propagate the first party domain when creating new browser in Fission. r=smaug

Comment 3

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/4a0dc82465d2

Comment 4

[Chris Peterson [:cpeterson]]

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:

0ee3c76a-bc79-4eb2-8d12-05dc0b68e732