Closed Bug 1660452 Opened 1 year ago Closed 3 months ago

NullPrincipals need to know whether they were spun off of a Secure Context


(Core :: DOM: Security, defect, P3)




94 Branch
Tracking Status
firefox94 --- fixed


(Reporter: freddy, Assigned: ngogge)


(Blocks 3 open bugs)


(Whiteboard: [domsecurity-backlog1])


(1 file, 1 obsolete file)

Currently, the mixed content blocker is looking at NullPrincipals on their own, to decide whether blocking makes sense. NullPrincipals do not use an HTTPS URL-scheme and are therefore excluded from MCB checks.

We should to avoid finding a handle to the owning document of the NullPrincipal because that may pass process boundaries (and violate Site Isolation / Project Fission).

Instead, I am proposing to add that flag as a boolean flag to the NullPrincipal and change the Secure Context flag for the NullPrincipal (which currently is hardcoded false).

Yeah, I would like to get that fixed rather sooner than later actually - also because it would allow us to run more wpt tests in the tree.

Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

Fixing this involves:

  • adding a boolean member to the NullPrincipal class to say whether we are in a secure context.
  • adjust GetIsOriginPotentiallyTrustworthy to use that flag

Setting that flag is a bit tricky:
NullPrincipals are created using one of many NullPrincipal::Create... functions, which are then routed through the main Create() function, which all call the object constructor eventually.
We already lose most context inside of the various Create.. functions, so we need to modify all of them to take a value for the flag based on the current document that creates the NullPrincipal.

I'm merely hoping that we can get the info for that boolean flag in all callsites though.

Assignee: nobody → fbraun
See Also: → 1715167
Depends on: 1715167
Assignee: fbraun → ngogge
Pushed by
Use precusor URIs to determine if a NullPrincipal was spun off of a Secure Context. r=ckerschb

Backed out for causing failures on test_bug1660452_https.html

[task 2021-07-22T16:08:22.385Z] 16:08:22     INFO - TEST-PASS | dom/security/test/general/test_bug1660452_https.html | data uri window should be a secure context 
[task 2021-07-22T16:08:22.385Z] 16:08:22     INFO - Buffered messages finished
[task 2021-07-22T16:08:22.385Z] 16:08:22     INFO - TEST-UNEXPECTED-FAIL | dom/security/test/general/test_bug1660452_https.html | Test timed out. - 
[task 2021-07-22T16:08:23.265Z] 16:08:23     INFO - GECKO(4680) | MEMORY STAT vsizeMaxContiguous not supported in this build configuration.
[task 2021-07-22T16:08:23.268Z] 16:08:23     INFO - GECKO(4680) | MEMORY STAT | vsize 2524MB | residentFast 127MB | heapAllocated 5MB
[task 2021-07-22T16:08:23.275Z] 16:08:23     INFO - Not taking screenshot here: see the one that was previously logged
[task 2021-07-22T16:08:23.276Z] 16:08:23     INFO - TEST-UNEXPECTED-FAIL | dom/security/test/general/test_bug1660452_https.html | data uri frames should be a secure context 
[task 2021-07-22T16:08:23.277Z] 16:08:23     INFO - SimpleTest.ok@
[task 2021-07-22T16:08:23.278Z] 16:08:23     INFO - @
[task 2021-07-22T16:08:23.324Z] 16:08:23     INFO - TEST-OK | dom/security/test/general/test_bug1660452_https.html | took 301088ms
Flags: needinfo?(ngogge)
Attachment #9179572 - Attachment is obsolete: true
Pushed by
Use precusor URIs to determine if a NullPrincipal was spun off of a Secure Context. r=ckerschb
Flags: needinfo?(ngogge)

Backed out for causing web-tests failures on basic-popup-and-iframe-tests.https.html

Flags: needinfo?(ngogge)
Pushed by
Use precusor URIs to determine if a NullPrincipal was spun off of a Secure Context. r=ckerschb
Flags: needinfo?(ngogge)
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.