Closed Bug 1645987 Opened 4 months ago Closed 3 months ago

New style sheet cache should use partitioned principal

Categories

(Core :: Layout, defect)

defect

Tracking

()

RESOLVED FIXED
mozilla79
Tracking Status
firefox79 --- fixed

People

(Reporter: annevk, Assigned: emilio, NeedInfo)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Otherwise it can be used to circumvent dFPI.

Flags: needinfo?(emilio)

So should it be the storage principal? The partitioned principal? Something else? I planned to crib from the image cache but it doesn't seem to use any of these.

This would effectively disable the cache for cross-origin iframes right Andrea? That seems a bit unfortunate tbh, but...

Flags: needinfo?(emilio) → needinfo?(amarchesini)

Also, is the partitioned principal suitable for regular security checks? The current principal we use to differentiate stuff is the triggering principal, which allows the document that started the load to access the rules. I'd prefer not having to thread around two different principals. Also presumably we would want to share stylesheet loads triggered by e.g. extensions between origins, right?

In reply to comment 1, it should be partitioned principal. I would have expected the image cache to already use that, but maybe that's not implemented yet. Andrea can hopefully clarify further.

I'm not sure we properly evaluated what to do around extensions and dFPI.

Flags: needinfo?(senglehardt)
Flags: needinfo?(arthur)

This would effectively disable the cache for cross-origin iframes right Andrea? That seems a bit unfortunate tbh, but...

Yeah, the correct principal is the partition principal. We already use it for network cache, image cache, DNS cache, and so on.
And yes, we basically disable the cache for cross-origin iframes, except if they have the same top-level origin.

I'm not sure we properly evaluated what to do around extensions and dFPI.

Extensions are treated as different origin if they don't have special permissions. Right?

In reply to comment 1, it should be partitioned principal. I would have expected the image cache to already use that, but maybe that's not implemented yet.

Yes, it does. image and network caches are already isolated in nightly.

Flags: needinfo?(amarchesini)

(In reply to Andrea Marchesini [:baku] from comment #4)

Extensions are treated as different origin if they don't have special permissions. Right?

Right, my question is that, right now, we can share stylesheets created by the same extension in different origins, because we key off the triggering principal. But if we also key on the document's partitioned principal unconditionally, then we'd lose that, which seems unnecessary as the load has been triggered by an extension.

Assignee: nobody → emilio
Status: NEW → ASSIGNED
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/30f4a8d02e85
Isolate sheet cache by partitioned principal. r=baku
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla79

(In reply to Emilio Cobos Álvarez (:emilio) from comment #5)

(In reply to Andrea Marchesini [:baku] from comment #4)

Extensions are treated as different origin if they don't have special permissions. Right?

Right, my question is that, right now, we can share stylesheets created by the same extension in different origins, because we key off the triggering principal. But if we also key on the document's partitioned principal unconditionally, then we'd lose that, which seems unnecessary as the load has been triggered by an extension.

That makes sense to me. FWIW we don't set the partitionKey origin attribute for moz-extension uris (see https://searchfox.org/mozilla-central/rev/cfaa250d14e344834932de4c2eed0061701654da/caps/OriginAttributes.cpp#78-83).

Flags: needinfo?(senglehardt)
You need to log in before you can comment on or make changes to this bug.