webRequest's frameAncestors is incomplete when Fission enabled (subresource loads)
Categories
(WebExtensions :: Request Handling, defect, P1)
Tracking
(Fission Milestone:M6a, firefox76 disabled, firefox77 disabled, firefox78 disabled, firefox79 fixed)
People
(Reporter: robwu, Assigned: annyG)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
When Fission is enabled, the frameAncestors
property of webRequest
events is not properly set any more.
STR:
- Start Firefox with Fission enabled, i.e.
fission.autostart=true
andgfx.webrender.all=true
- Load an extension that has the
webRequest
permission and host permissions. - Visit
about:debugging
, inspect the extension and runbrowser.webRequest.onBeforeRequest.addListener(console.log, {urls:['*://*/*']});
- Load a page that has a frame from a different origin, which in turn loads a resource, e.g. https://jsfiddle.net/876o01eg/1/
(this example has<img src="https://www.mozilla.org/favicon.ico?loadedfromtheframe">
) - Look at the console for the devtools from step 2.
Expected:
- The request for the subresource (
https://www.mozilla.org/favicon.ico?loadedfromtheframe
) should have information on the parent frame:frameAncestors: [{frameId: 0, url: "https://jsfiddle.net/876o01eg/1/"}]
Actual:
- The request for the subresource has an empty list:
frameAncestors: []
This works without Fission. We do currently not have test coverage for this scenario, so the least that we should do for now is to add a unit test that loads nested frames from different origins, and check that the frameAncestors
event detail has the expected values.
Comment 1•5 years ago
|
||
We need to fix this because this API is used by ad blockers and NoScript.
Anny says she'll investigate. She fixed a related bug for document loads (bug 1594529). This bug is about subresource loads.
Updated•4 years ago
|
Updated•4 years ago
|
Assignee | ||
Comment 2•4 years ago
|
||
While writing a test case for this (having a document load an OOP iframe that embeds an image in it) I also noticed that there a few other things that are broken:
parentFrameId
is incorrect for images loaded in an OOP iframe, so I will be fixing it in this bug as well.frameId
for the OOP iframe and the image it embeds are different (it should be the same according to the description for onBeforeRequest listener). To fix this, we should not use outer Window ID's in LoadInfo objects at all and should replace those with corresponding browsing context IDs. Most usages of outer window IDs (mOuterWindowID
,mFrameOuterWindowID
,mParentOuterWindowID
) within LoadInfo object can be removed easily, except formTopOuterWindowID
.
Devtool's network observer uses outer window ID's from NetworkObserver filters (which are window objects) and compares them to LoadInfo's mTopOuterWindowID
. If we add mTopBrowsingContextID
to LoadInfo object, then network-observer could be changed to use browsing context IDs for NetworkObserver filters and compare them with mTopOuterWindowID
instead.
Assignee | ||
Comment 3•4 years ago
|
||
Keeping a list of ancestor principals in a LoadInfo object, that, at times,
exists in the content process, is not secure. Since ancestor principals are
only ever needed to create a list of frameAncestors, which, in turn, are only
ever accessed from the parent process, we can assemble lists of ancestor
principals and outer windowIDs whenever we are in the parent process and are
either 1) creating a LoadInfo object or 2) deserializing a LoadInfoArgs struct,
received from content process, into a LoadInfo object.
Assignee | ||
Comment 4•4 years ago
|
||
Depends on D78406
Assignee | ||
Comment 5•4 years ago
|
||
Depends on D78407
Comment 7•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/fe4de87e7c60
https://hg.mozilla.org/mozilla-central/rev/173abb1ddd8b
https://hg.mozilla.org/mozilla-central/rev/befaa5e5b3e6
Assignee | ||
Comment 8•4 years ago
|
||
I did not fix parentFrameId
for subresources in this bug as it is easier to fix it in bug 1642468.
Description
•