Open Bug 1653681 Opened 4 years ago Updated 2 years ago

ExtensionPageContextParent's principal may differ from the ExtensionPageContextChild's principal (missing origin attributes)

Categories

(WebExtensions :: General, defect, P2)

defect

Tracking

(Not tracked)

People

(Reporter: robwu, Assigned: zombie)

References

(Blocks 1 open bug)

Details

ExtensionPageContextChild has a principal that is based on the contentWindow with which it's associated.

ExtensionPageContextParent's principal is extension.principal, which does not have any origin attributes.

This difference is the root cause of bug 1649463, where the downloads.download API is unable to download a blob:-URL from an extension page with custom origin attributes:

  • The child side validates whether an extension can access the URL via the url schema type, which passes because a blob:-URL created in the extension page has the same origin attributes as the page.
  • When loadingPrincipal is set (which is the case in the downloads.download API since bug 1579911), the downloads implementation checks whether the URL can be loaded by the given principal, and otherwise refuses the request. blob:-URLs have an associated principal, and can only be loaded by same-origin principals. Unlike the child, the principal at the parent's side doesn't have origin attributes, so the principal of the blob and the extension principal are considered cross-origin and the download fails.

To fix this issue, the ExtensionPageContextParent should have the same principal as the child's. This may impact APIs in the main process that use the context principals:

  • context.principal are mostly triggeringPrincipal. Only the downloads API uses loadingPrincipal.
  • The sandbox of ProxyContextParent uses this.principal. This is used by the contentScripts.register API implementations (for which I haven't checked the impact of changing the origin attributes).

Changing principal may cause unexpected regressions, so this change cannot be uplifted, so bug 1649463 will be fixed independently of this.

This could be a problem, though we don't know if it actually affects anything now.

Assignee: nobody → tomica
Severity: -- → S3
Priority: -- → P2
Blocks: 1747283

I sketched the implementation plan at https://bugzilla.mozilla.org/show_bug.cgi?id=1747283#c3

Note: there is a comment that references this bug at https://searchfox.org/mozilla-central/rev/7271a078fa0c1b858a52614ea60ac82fdd8b3d23/toolkit/components/extensions/parent/ext-downloads.js#961-972.
After fixing this bug, we could address that comment.

You need to log in before you can comment on or make changes to this bug.