Closed Bug 1659500 Opened 5 years ago Closed 2 months ago

Disable contextualIdentities API until GeckoView's container feature is implemented correctly

Categories

(GeckoView :: Extensions, task, P2)

Product:
GeckoView
Component:
Extensions
Platform:
Unspecified
All
Type:
task

Tracking

(firefox138 fixed)

Status:
RESOLVED FIXED
Milestone:
138 Branch
Tracking Flags:
Tracking Status
firefox138 --- fixed

People

(Reporter: robwu, Assigned: willdurand)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed, Whiteboard: [geckoview:2022h2?][addons-jira])

Attachments

(2 files)

Bug 1659500 - Disable contextualIdentities API on GeckoView builds. r?robwu!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1659500 - Explicitly enable contextualIdentities API. r?john.bieling!
48 bytes, text/x-phabricator-request
Details | Review

The contextualIdentities API is implemented in toolkit/, so it's enabled by default on GeckoView.

Unfortunately, GeckoView's "containers" implementation deviates from toolkit/ (discussion in bug 1643688), and consequently the contextualIdentities API can currently not be used to do anything meaningful. We should disable the contextualIdentities API on GeckoView until this is settled.

Containers are disabled by default (privacy.userContext.enabled pref is disabled), so to resolve this issue we could just ensure that the following pref is skipped on Android: https://searchfox.org/mozilla-central/rev/2f9eacd9d3d995c937b4251a5557d95d494c9be1/toolkit/components/extensions/parent/ext-contextualIdentities.js#134

Priority: -- → P2
Severity: -- → N/A

still relevant

Whiteboard: [geckoview:2022h2?]
Whiteboard: [geckoview:2022h2?] → [geckoview:2022h2?][addons-jira]
See Also: → 1948114
Assignee: nobody → wdurand
Status: NEW → ASSIGNED

I guess my recently opened issue (https://bugzilla.mozilla.org/show_bug.cgi?id=1948114) triggered a change here.

To keep things brief:
Over the past few months, I’ve been working on a side project that heavily relies on the contextId for cookie jars. I developed a UI to manage the containers externally, where only the contextId is passed when creating new tabs. In my tests, the cookie isolation itself has been working well. The final step was to add contextual proxy handling, which I just completed yesterday. My app is just before going into alpha testing and relies on official Mozilla Android Components builds.

I just came across this recent commit: https://phabricator.services.mozilla.com/D238525

If this change renders my work unusable, it would be very unfortunate news...

(In reply to github from comment #3)

I’ve been working on a side project that heavily relies on the contextId for cookie jars. I developed a UI to manage the containers externally,

How does that look like? Are you using the contextualIdentities extension API? That is not working correctly on Android.

I use AddNewTabUseCase provided by the tabs feature to pass the contextId: https://searchfox.org/mozilla-central/source/mobile/android/android-components/components/feature/tabs/src/main/java/mozilla/components/feature/tabs/TabsUseCases.kt#117

The passed contextId then gets (somewhere) prepended with firefox-container- and put as cookieStoreId, which can get confirmed with browser.tabs.get using extension API.

I spent quite some time figuring out how and when contextId becomes cookieStoreId but failed to do so (using searchfox only). That's also why I do not know if this issue actually affects my use case as described.

All I can say is the cookie isolation works as intended for me.

(permalink to AddNewTabUseCase for future reference)

The ability to specify a container in cookieStoreId is gated on the "cookies" permission (and the pref for the containers feature), not the contextualIdentities permission.

The contextualIdentities permission serves two purposes currently:

The problem as I expressed before is that Gecko's view of what a "contextual identity" is, is distinct from GeckoView's (and thus Android Components). Consequently, some features may work accidentally while others don't.

Due to the implementation, isolation works mostly. However, many extension APIs that support containers fail to recognize the GeckoView-specific contextual identity.

Per Comment 6, it sounds like what you're trying to accomplish doesn't strictly need the contextualIdentities WebExtensions API, could you confirm or tell us a bit more about your use case w.r.t. to this API, specifically? Thanks!

Flags: needinfo?(github)

Unless this does change the current behavior of the Android Components internally (e.g. test), it will not affect my use case as I do not use the contextualIdentities permission in my extension. I just need the cookie isolation as described above. Thanks for double checking with me!

Flags: needinfo?(github)
Keywords: dev-doc-needed

:robwu what dev docs is needed here? The BCD already indicates that the API isn't supported and notes "contextualIdentities is defined but not functional in Firefox for Android." providing https://bugzil.la/1638878 as the implementation link.

Flags: needinfo?(rob)

(In reply to rbloor from comment #10)

:robwu what dev docs is needed here? The BCD already indicates that the API isn't supported and notes "contextualIdentities is defined but not functional in Firefox for Android." providing https://bugzil.la/1638878 as the implementation link.

Once the patch above lands (next week), the contextualIdentities API will not even be defined on Android.

Flags: needinfo?(rob)
Pushed by wdurand@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/612702715c10 Disable contextualIdentities API on GeckoView builds. r=robwu

https://hg.mozilla.org/mozilla-central/rev/612702715c10

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox138: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 138 Branch
Pushed by wdurand@mozilla.com: https://hg.mozilla.org/comm-central/rev/f96f40f414d1 Explicitly enable contextualIdentities API. r=john.bieling

At Thunderbird startup I get this in the (native) console:

JavaScript error: resource://gre/modules/ExtensionCommon.sys.mjs, line 1597: Error: Module 'contextualIdentities' already registered

(In reply to Magnus Melin [:mkmelin] from comment #16)

At Thunderbird startup I get this in the (native) console:

JavaScript error: resource://gre/modules/ExtensionCommon.sys.mjs, line 1597: Error: Module 'contextualIdentities' already registered

:mkmelin can you please file a new bug for that in https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird&component=Add-Ons%3A%20Extensions%20API? Thanks

See Also: → 1951980
See Also: → 1954616
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: