Closed Bug 1625366 Opened 4 years ago Closed 4 years ago

Support fission and OOP embedder elements for CSP checks

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Project Flags:
Fission Milestone M6
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: mattwoodrow, Assigned: mattwoodrow)

References

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(4 files, 1 obsolete file)

Bug 1625366 - Add cross-process violation event via WindowGlobal, fire violation events via WindowGlobal if they are for a window in a different process. r?ckerschb,nika
47 bytes, text/x-phabricator-request
Details | Review
Bug 1625366 - Don't specify a callback for CSP redirect checks form DocumentLoadListener, so that events are handled in the parent. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1625366 - Remove support for custom violation callbacks on nsCSPContext since it should no longer be needed. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1625366 - Remove CSPViolation from DocumentChannel. r?jya
47 bytes, text/x-phabricator-request
Details | Review

Currently AsyncReportViolation runs in the content process, and tries to use the embedder Element/Document to fire violation events. Bug 1589275 is moving the CSP redirect checks to run in the parent, but we still dispatch the report to the content process.

In the case where the embedder is cross-process (and fission is enabled), the embedder will be in a different process, and we won't have access to the Node/Element/Document for it.

I think we'll need to replace references to single-process objects (like nsCSPContex:: mLoadingContext) with objects that can be referenced cross-process (like WindowContext). That way a serialized CSP can still have references to its embedder.

I think we then would want to run AsyncReportViolation in the parent (maybe as well as content), sending messages to the right process as needed.

We should be able to send a message to the parent (if not there already) over PContent referencing the desired WindowContext, and then forward the message to the desired content process via PWindowGlobal (WindowContext can be cast to WindowGlobalParent in the parent process).

Blocks: fission-dom-security
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

Tracking for Fission Nightly milestone (M6)

Fission Milestone: --- → M6
Assignee: nobody → matt.woodrow
Attachment #9139307 - Attachment is obsolete: true
Pushed by mwoodrow@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8a652661a80f
Add cross-process violation event via WindowGlobal, fire violation events via WindowGlobal if they are for a window in a different process. r=ckerschb,nika
https://hg.mozilla.org/integration/autoland/rev/20e0435a51db
Don't specify a callback for CSP redirect checks form DocumentLoadListener, so that events are handled in the parent. r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/02bc984b5cd3
Remove support for custom violation callbacks on nsCSPContext since it should no longer be needed. r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/0c1282c8e9e9
Remove CSPViolation from DocumentChannel. r=jya
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: