webRequest's frameAncestors is incomplete when Fission enabled (subresource loads)
Categories
(WebExtensions :: Request Handling, defect, P1)
Tracking
(Fission Milestone:M6a, firefox76 disabled, firefox77 disabled, firefox78 disabled, firefox79 fixed)
People
(Reporter: robwu, Assigned: annyG)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
When Fission is enabled, the frameAncestors property of webRequest events is not properly set any more.
STR:
- Start Firefox with Fission enabled, i.e.
fission.autostart=trueandgfx.webrender.all=true - Load an extension that has the
webRequestpermission and host permissions. - Visit
about:debugging, inspect the extension and runbrowser.webRequest.onBeforeRequest.addListener(console.log, {urls:['*://*/*']}); - Load a page that has a frame from a different origin, which in turn loads a resource, e.g. https://jsfiddle.net/876o01eg/1/
(this example has<img src="https://www.mozilla.org/favicon.ico?loadedfromtheframe">) - Look at the console for the devtools from step 2.
Expected:
- The request for the subresource (
https://www.mozilla.org/favicon.ico?loadedfromtheframe) should have information on the parent frame:frameAncestors: [{frameId: 0, url: "https://jsfiddle.net/876o01eg/1/"}]
Actual:
- The request for the subresource has an empty list:
frameAncestors: []
This works without Fission. We do currently not have test coverage for this scenario, so the least that we should do for now is to add a unit test that loads nested frames from different origins, and check that the frameAncestors event detail has the expected values.
|
||
Comment 1•5 years ago
|
||
We need to fix this because this API is used by ad blockers and NoScript.
Anny says she'll investigate. She fixed a related bug for document loads (bug 1594529). This bug is about subresource loads.
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 2•5 years ago
|
||
While writing a test case for this (having a document load an OOP iframe that embeds an image in it) I also noticed that there a few other things that are broken:
parentFrameIdis incorrect for images loaded in an OOP iframe, so I will be fixing it in this bug as well.frameIdfor the OOP iframe and the image it embeds are different (it should be the same according to the description for onBeforeRequest listener). To fix this, we should not use outer Window ID's in LoadInfo objects at all and should replace those with corresponding browsing context IDs. Most usages of outer window IDs (mOuterWindowID,mFrameOuterWindowID,mParentOuterWindowID) within LoadInfo object can be removed easily, except formTopOuterWindowID.
Devtool's network observer uses outer window ID's from NetworkObserver filters (which are window objects) and compares them to LoadInfo's mTopOuterWindowID. If we add mTopBrowsingContextID to LoadInfo object, then network-observer could be changed to use browsing context IDs for NetworkObserver filters and compare them with mTopOuterWindowID instead.
|
|
Assignee | |
Comment 3•5 years ago
|
||
Keeping a list of ancestor principals in a LoadInfo object, that, at times,
exists in the content process, is not secure. Since ancestor principals are
only ever needed to create a list of frameAncestors, which, in turn, are only
ever accessed from the parent process, we can assemble lists of ancestor
principals and outer windowIDs whenever we are in the parent process and are
either 1) creating a LoadInfo object or 2) deserializing a LoadInfoArgs struct,
received from content process, into a LoadInfo object.
|
|
Assignee | |
Comment 4•5 years ago
|
||
Depends on D78406
|
|
Assignee | |
Comment 5•5 years ago
|
||
Depends on D78407
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/fe4de87e7c60
https://hg.mozilla.org/mozilla-central/rev/173abb1ddd8b
https://hg.mozilla.org/mozilla-central/rev/befaa5e5b3e6
|
|
Assignee | |
Comment 8•5 years ago
|
||
I did not fix parentFrameId for subresources in this bug as it is easier to fix it in bug 1642468.
Description
•