1598520 - Use DocumentChannel for srcdoc loads

Status: RESOLVED FIXED

(Core :: Networking, task, P3)

Description

[Matt Woodrow (:mattwoodrow)]

DocumentChannel currently is never used for srcdoc= loads.

DocumentChannelChild::RecvRedirectToRealChannel/ContentChild::RecvCrossProcessRedirect both only use NS_NewChannelInternal to create the final channel.

It looks like this doesn't work for srcdoc, so we need to add support for creating a channel using an input stream, like nsDocShell::CreateChannelForLoadState does.

Comment 1

[Matt Woodrow (:mattwoodrow)]

Attachment: Bug 1598520 - Don't require nsIChildChannel for process switching, as we don't need this for DocumentChannel either. r?mayhemer

Comment 2

[Matt Woodrow (:mattwoodrow)]

Attachment: Bug 1598520 - Allow DocumentChannel for srcdoc= loads. r?kmag

Depends on D57586

Comment 3

[Matt Woodrow (:mattwoodrow)]

Attachment: Bug 1598520 - Fix missing flags write. r?kmag

Depends on D57587

Comment 4

[Matt Woodrow (:mattwoodrow)]

Attachment: Bug 1598520 - Add more logging to DocumentChannel. r?mayhemer

Depends on D57588

Comment 5

[Matt Woodrow (:mattwoodrow)]

Attachment: Bug 1598520 - Remove crashtest that depended on specific load timing with srcdoc that wont work if we route through DocumentChannel. r?emilio

Depends on D57589

Comment 6

[Pulsebot]

Pushed by mwoodrow@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4a5d10759bf3
Don't require nsIChildChannel for process switching, as we don't need this for DocumentChannel either. r=mayhemer,kmag
https://hg.mozilla.org/integration/autoland/rev/10ad2e4d27c3
Allow DocumentChannel for srcdoc= loads. r=kmag
https://hg.mozilla.org/integration/autoland/rev/73c37ad27d18
Fix missing flags write. r=kmag
https://hg.mozilla.org/integration/autoland/rev/8e3b650d9313
Add more logging to DocumentChannel. r=mayhemer,jya
https://hg.mozilla.org/integration/autoland/rev/b4f71abf75fe
Remove crashtest that depended on specific load timing with srcdoc that wont work if we route through DocumentChannel. r=emilio

Comment 7

[Razvan Maries]

Backed out for Lint failure.

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedJob=281989548&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception&searchStr=linting%2Copt%2Cjavascript%2Cchecks%2Csource-test-mozlint-eslint%2Cjs%28es%29&revision=b4f71abf75feaf8703343341890d7acef1de5412

Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=281989548&repo=autoland

Backout: https://hg.mozilla.org/integration/autoland/rev/5960274234be7d62122c7cd74440d06049ec31b7

Comment 8

[Razvan Maries]

Relanded: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=d26936e3f756d28a3f480d902f3fb8af7283835e

Comment 9

[Pulsebot]

Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ddf722557c33
Don't require nsIChildChannel for process switching, as we don't need this for DocumentChannel either. r=mayhemer,kmag
https://hg.mozilla.org/integration/autoland/rev/59cff6014447
Allow DocumentChannel for srcdoc= loads. r=kmag
https://hg.mozilla.org/integration/autoland/rev/45287a2ec476
Fix missing flags write. r=kmag
https://hg.mozilla.org/integration/autoland/rev/c769e733f588
Add more logging to DocumentChannel. r=mayhemer,jya
https://hg.mozilla.org/integration/autoland/rev/583dac2feebc
Remove crashtest that depended on specific load timing with srcdoc that wont work if we route through DocumentChannel. r=emilio

Comment 10

[Razvan Maries]

Backed out for perma fails on test_enumerateDevices_navigation.html.

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedJob=281996003&resultStatus=testfailed%2Cbusted%2Cexception&revision=b4f71abf75feaf8703343341890d7acef1de5412&searchStr=os%2Cx%2C10.14%2Cdebug%2Cmochitests%2Cwith%2Csocket%2Cprocess%2Ctest-macosx1014-64%2Fdebug-mochitest-media-spi-e10s-1%2Cm-spi%28mda1%29

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=281996003&repo=autoland&lineNumber=16156

Later edit.
Also caused: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=281995996&repo=autoland&lineNumber=15994

Backout: https://hg.mozilla.org/integration/autoland/rev/c8ce8b91465a7192b056102481d633fef850fac6

Comment 11

[Matt Woodrow (:mattwoodrow)]

Hmm, looks like test_enumerateDevices_navigation.html and test_getUserMedia_trackEnded.html both fail.

These tests appear to be relying on srcdoc mutations loading immediately.

Both tests are expecting the srcdoc to be loaded when the test starts, which with my changes doesn't always happen. Setting the srcdoc attribute from the test code, and then waiting on the load event fixes those issues.

test_enumerateDevices_navigation.html is also expecting setting srcdoc="" to navigate the document away reliably before enumerateDevices() completes. This also isn't guaranteed, and these patches make it reliably not-true.

I'm not sure how to test this really, without a way to slow down enumerateDevices and ensure that it doesn't complete until later.

Maybe a test mode that blocks it internally somehow, and we wait for the srcdoc to fire a load event (for the new blank doc), and then unblock the enumerateDevices promise, and ensure that it remains blocked for the reason we're testing? Not sure if it's worth the effort.

Comment 12

[Alex Chronopoulos [:achronop]]

(In reply to Matt Woodrow (:mattwoodrow) from comment #11)

Setting the srcdoc attribute from the test code, and then waiting on the load event fixes those issues.

Sounds good, thanks!

Maybe a test mode that blocks it internally somehow, and we wait for the srcdoc to fire a load event (for the new blank doc), and then unblock the enumerateDevices promise, and ensure that it remains blocked for the reason we're testing? Not sure if it's worth the effort.

Yeah too much work for a corner case. Please, reverse the check for now in order to make sure that it's something that hardly ever or never happens from a mochitest. In addition to that open a bug, against me, to try excerising that code from gtests. I could simulate a delay there by using a moc cubeb backend.

Please let me know if you need help with any of those. Regarding reviews I am happy to take, keep in your mind I'll be on PTO for 2 weeks after today. I'll be available till late though.

Comment 13

[Matt Woodrow (:mattwoodrow)]

The other issue here is that the second and third subtests of html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter_srcdoc.html fail.

It looks like the second one of these sets document.domain within a srcdoc= iframe, and then checks that it can still access its parent document's content.

From what I can tell, the URI that we use for document.document is the same, so the only actual change is that we lose the port (:8000) from the principal.

We then fail a bunch of IsPlatformObjectSameOrigin checks.

With DocumentChannel enabled, the only difference between the two principals is that the objectPrincipal has the document.domain override removing the port.

With DocumentChannel disabled, they are literally the same instance of the same ContentPrincipal, so both have the override and the check passes.

My assumption (that I haven't fully checked) is that because we're doing an IPDL roundtrip for the LoadInfo when creating the DocumentChannel, we end up serializing the Principal, and thus the final one on the channel (and then the Document) isn't the same instance as we start with (from the load context).

What's not clear to me is why we're relying on that, and if that's a bug or not. Boris, does that sound expected to you?

Comment 14

[Boris Zbarsky [:bzbarsky]]

With DocumentChannel disabled, they are literally the same instance of the same ContentPrincipal

Yes, that is the right behavior, and an explicit spec requirement. See https://html.spec.whatwg.org/multipage/browsers.html#determining-the-origin step 5. The origin of the srcdoc document is literally the same object as the origin of the document containing the iframe.

Comment 15

[Matt Woodrow (:mattwoodrow)]

(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #14)

With DocumentChannel disabled, they are literally the same instance of the same ContentPrincipal

Yes, that is the right behavior, and an explicit spec requirement. See https://html.spec.whatwg.org/multipage/browsers.html#determining-the-origin step 5. The origin of the srcdoc document is literally the same object as the origin of the document containing the iframe.

Fascinating, thanks for that!

Given that, I think trying to serialize via the parent process for non-sandboxed srcdoc loads probably isn't going to work (without weird hacks to find the old principal instance when we get back to the old process).

I'll switch to just using DocumentChannel for sandboxed ones, since that's the only time that we might want to load them in a different process.

Comment 16

[Pulsebot]

Pushed by mwoodrow@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3f05a0cebcea
Don't require nsIChildChannel for process switching, as we don't need this for DocumentChannel either. r=mayhemer,kmag
https://hg.mozilla.org/integration/autoland/rev/4c86fb804a50
Allow DocumentChannel for srcdoc= loads. r=kmag
https://hg.mozilla.org/integration/autoland/rev/5ea7cfbd339a
Fix missing flags write. r=kmag
https://hg.mozilla.org/integration/autoland/rev/35c4ea0dd402
Add more logging to DocumentChannel. r=mayhemer,jya

Comment 17

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/3f05a0cebcea
https://hg.mozilla.org/mozilla-central/rev/4c86fb804a50
https://hg.mozilla.org/mozilla-central/rev/5ea7cfbd339a
https://hg.mozilla.org/mozilla-central/rev/35c4ea0dd402