Failure to load html in frame with frame-ancestors directive
Categories
(Core :: DOM: Security, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox83 | --- | fixed |
People
(Reporter: scottsd, Assigned: ckerschb)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(3 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
Steps to reproduce:
We have a content security policy with a frame-src and frame-ancestors directive, but while Chrome loads the iframe successfully, Firefox doesn't.
Here's our full CSP Policy (notice the settings for frame-ancestors):
frame-ancestors: *.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com 'self'; default-src 'self'; connect-src 'self' https://*.kampyle.com https://*.ibm.com https://*.bluemix.net wss://*.ibmcloud.com https://*.medallia.eu https://*.segment.io https://admin.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com https://*.braze.com; script-src 'self' https://*.kampyle.com https://*.ibm.com https://*.bluemix.net https://*.braze.com https://*.medallia.eu https://*.lpsnmedia.net https://*.segment.com https://*.truste.com https://*.trustarc.com https://admin.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: blob: https://*.kampyle.com https://*.ibm.com https://*.walkmeusercontent.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' blob: https://*.ibm.com; font-src 'self' https://fonts.gstatic.com https://*.ibm.com data: https://1.www.s81c.com https://*.medallia.eu https://*.s81c.com; frame-src 'self' https://*.trustarc.com https://*.truste.com https://admin.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com;
Actual results:
I turned up debugging to show the CSPContext logs from Firefox when trying to determine whether this page should load or not and have it attached in the log
If I turn off the frame-ancestors setting (and X-Frame-Options) entirely the frame loads fine, but this of course causes a security hole in our app, so I would like to prevent this.
Expected results:
I believe the frame should have loaded successfully with these frame-ancestors. Instead it shows the error page for about:blank with an CSP error highlighed
I'm also seeing this in the logs
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
CDhiddenIframe.compress.html
This error page has no error code in its security info aboutNetError.js:585:13
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
dashboardpins
Reporter | ||
Comment 1•4 years ago
|
||
this is the error page that's shown in the hidden iFrame pointing to CSP issues
Reporter | ||
Comment 2•4 years ago
|
||
sorry, that frame-ancestor setting was an old one we were trying, here's our actual frame ancestors:
frame-ancestors https://*.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com 'self'
Reporter | ||
Comment 3•4 years ago
|
||
and the content we're trying to load in our iframe is:
aContentLocation: https://admin.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com/walkme/0f21b9448aaa4c3f8d6c65dd07b66dc3/player/lib/20200916-221929-1d6dd52b/resources/CD/CDhiddenIframe.compress.html
And our current hosts name is
https://workspace1.monitor.walkmetest.apps.suite-ocp-dev.cp.fyre.ibm.com/walkme/0f21b9448aaa4c3f8d6c65dd07b66dc3/player/lib/20200916-221929-1d6dd52b/resources/CD/CDhiddenIframe.compress.html
So it should match the frame-ancestors setting of https://*.walkmetest
Comment 4•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Updated•4 years ago
|
Assignee | ||
Comment 5•4 years ago
|
||
Thank you for reporting - that one seems valid - I'll take a look ASAP.
Assignee | ||
Comment 6•4 years ago
|
||
Hey Scott, thanks again for reporting. I do think this is a valid bug though given the information provided I was not able to reproduce it as of now. I see that in your provided CSP-log it seems that permitsInternal
blocks about:blank
before even cehcking the actual URI - so potentially Firefox is incorrectly accounting for a blank iframe first.
Is it possible in any way that you provide a live testcase which would allow me to reproduce the problem? Having a shared testcase would be best to identify and fix the problem. If that is not possible for any reason, could you maybe share a code snipped on how you exactly create the iframe that is blocked?
Assignee | ||
Updated•4 years ago
|
Reporter | ||
Comment 7•4 years ago
|
||
it's a bit tricky unfortunately because we're relying on Walkme's library for tutorials, and they own the actual code adding the iframe that's failing, I'll reach out to support@walkme.com for more information but let me send you what I can see in their code in the meantime.
This appears to be the function that initializes the iFrame the first time
var n="walkme-proxy-iframe";(t=document.getElementById(n))?e():t=J("about:blank",n,!1,e,null,null,!0)}(function(){try{ne("initProxyHiddenIframeDone",{mark:!0,level:1,measureName:"initProxyIframe",startMark:"initProxyHiddenIframeStart"});var e=mtjQuery(t).contents(),n=t.contentWindow||t.window;q(e.find("body")[0]),ne("initIframeMessageSenderStart",{mark:!0,level:1}),function(e,n,t){if(n.document.getElementById("wm-hidden-iframe-script"))return;var r=n.document.createElement("script");r.type="text/javascript",r.id="wm-hidden-iframe-script",r.async=!0,r.src=$(),window._walkmeInternals.hiddenIframeCallback=t,e.find("head")[0].appendChild(r)}(e,n,function(){ne("initIframeMessageSenderDone",{level:1,measureName:"injectMessageSender",startMark:"initIframeMessageSenderStart"}),window._walkmeInternals.hiddenIframeCallbackCalled=!0})}catch(e){}})):n&&q()}(),r.WaitDocumentReady?(p("wdr"),mtjQuery(document).ready(function(){ne("jQueryDocumentReadyEvent",{measureName:"jQueryDocumentReady",startMark:"jQueryScriptLoaded"}),b(r)})):(p("ndr"),b(r))}function b(e){ne("jQueryDocumentReady");try{(t=I(n=e))&&""!=t?(ne("preLibStartLoad",{mark:!0}),window["walkme_pre_lib_loaded"]=function(){window["walkme_pre_lib_loaded"]=function(){try{console.log("walkme_pre_lib_loaded was called twice.")}catch(e){}},E(n)},z(t)):E(n)}catch(e){}var n,t}function S(e){try{var n=Z("wm_load_test_"+g+"_"+f),t=parseInt(n);if(t)return ne("startLoadingTest"),_walkmeInternals.loadingTestDone=function(){ne("endLoadingTest"),_walkmeInternals.loadingTestDone=void 0,e&&e()},
Where as the J function is this
function J(e,n,t,r,i,a,o,s){a=a||document.body;var l=document.createElement("iframe");try{a.appendChild(l)}catch(e){l=a.ownerDocument.createElement("iframe"),a.appendChild(l)}if(l.id=n,o||(l.className="walkme-to-remove"),t||(l.style.cssText="display:none;visibility:hidden;"),s)for(var d in s)s.hasOwnProperty(d)&&l.setAttribute(d,s[d]);return l.addEventListener("load",function e(n){l.removeEventListener&&l.removeEventListener("load",e),r&&r(n)},!1),l.src=e,l}
This is the content of the actual html that's trying to be loaded into the iFrame
<!doctype html><html><body><script type="text/javascript">var _walkmeEv={Ev:function(src){return eval(src)}};!function(){var l="WalkMe_testStorage",i={Cookies:"cookies",LocalStorage:"localStorage",IndexedDB:"indexedDB"},n=/^[a-zA-Z\d]{1,45}$/,r={checkCanSave:"checkCanSave",getAllMultiple:"getAllMultiple",set:"set",delete:"delete",add:"add",addSet:"addSet",get:"get",setSession:"setSession",getSession:"getSession",increment:"increment",getOrSetAndGet:"getOrSetAndGet",terminate:"terminate",remove:"remove",initBroadcastChannel:"initBroadcastChannel"},k={};"object"!=typeof JSON&&(JSON={}),function(){"use strict";function e(e){return e<10?"0"+e:e}"function"!=typeof Date.prototype.toJSON&&(Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+e(this.getUTCMonth()+1)+"-"+e(this.getUTCDate())+"T"+e(this.getUTCHours())+":"+e(this.getUTCMinutes())+":"+e(this.getUTCSeconds())+"Z":null},String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(){return this.valueOf()});var f,l,g,n=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,t=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,r={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"};function d(e){return t.lastIndex=0,t.test(e)?'"'+e.replace(t,function(e){var t=r[e];return"string"==typeof t?t:"\\u"+("0000"+e.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+e+'"'}"function"!=typeof JSON.stringify&&(JSON.stringify=function(e,t,n){var r;if(l=f="","number"==typeof n)for(r=0;r<n;r+=1)l+=" ";else"string"==typeof n&&(l=n);if((g=t)&&"function"!=typeof t&&("object"!=typeof t||"number"!=typeof t.length))throw new Error("stringify");return function e(t,n){var r,i,o,s,a,u=f,c=n[t];switch(c&&"object"==typeof c&&"function"==typeof c.toJSON&&(c=c.toJSON(t)),"function"==typeof g&&(c=g.call(n,t,c)),typeof c){case"string":return d(c);case"number":return isFinite(c)?String(c):"null";case"boolean":case"null":return String(c);case"object":if(!c)return"null";if(f+=l,a=[],"[object Array]"===Object.prototype.toString.apply(c)){for(s=c.length,r=0;r<s;r+=1)a[r]=e(r,c)||"null";return o=0===a.length?"[]":f?"[\n"+f+a.join(",\n"+f)+"\n"+u+"]":"["+a.join(",")+"]",f=u,o}if(g&&"object"==typeof g)for(s=g.length,r=0;r<s;r+=1)"string"==typeof g[r]&&(o=e(i=g[r],c))&&a.push(d(i)+(f?": ":":")+o);else for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(o=e(i,c))&&a.push(d(i)+(f?": ":":")+o);return o=0===a.length?"{}":f?"{\n"+f+a.join(",\n"+f)+"\n"+u+"}":"{"+a.join(",")+"}",f=u,o}}("",{"":e})}),"function"!=typeof JSON.parse&&(JSON.parse=function(e,s){var t;if(e=String(e),n.lastIndex=0,n.test(e)&&(e=e.replace(n,function(e){return"\\u"+("0000"+e.charCodeAt(0).toString(16)).slice(-4)})),/^[\],:{}\s]*$/.test(e.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return t=_walkmeEv.Ev("("+e+")"),"function"==typeof s?function e(t,n){var r,i,o=t[n];if(o&&"object"==typeof o)for(r in o)Object.prototype.hasOwnProperty.call(o,r)&&(void 0!==(i=e(o,r))?o[r]=i:delete o[r]);return s.call(t,n,o)}({"":t},""):t;throw new SyntaxError("parse")})}();var y,o,s,a,I=JSON,e=(y=String.fromCharCode,o="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-$",s={},a={compressToEncodedURIComponent:function(e){return null==e?"":a._compress(e,6,function(e){return o.charAt(e)})},decompressFromEncodedURIComponent:function(t){return null==t?"":""==t?null:(t=t.replace(/ /g,"+"),a._decompress(t.length,32,function(e){return function(e,t){if(!s[e]){s[e]={};for(var n=0;n<e.length;n++)s[e][e.charAt(n)]=n}return s[e][t]}(o,t.charAt(e))}))},compress:function(e){return a._compress(e,16,function(e){return y(e)})},_compress:function(e,t,n){if(null==e)return"";var r,i,o,s={},a={},u="",c="",f="",l=2,g=3,d=2,p=[],v=0,h=0;for(o=0;o<e.length;o+=1)if(u=e.charAt(o),Object.prototype.hasOwnProperty.call(s,u)||(s[u]=g++,a[u]=!0),c=f+u,Object.prototype.hasOwnProperty.call(s,c))f=c;else{if(Object.prototype.hasOwnProperty.call(a,f)){if(f.charCodeAt(0)<256){for(r=0;r<d;r++)v<<=1,h==t-1?(h=0,p.push(n(v)),v=0):h++;for(i=f.charCodeAt(0),r=0;r<8;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1}else{for(i=1,r=0;r<d;r++)v=v<<1|i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i=0;for(i=f.charCodeAt(0),r=0;r<16;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1}0==--l&&(l=Math.pow(2,d),d++),delete a[f]}else for(i=s[f],r=0;r<d;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1;0==--l&&(l=Math.pow(2,d),d++),s[c]=g++,f=String(u)}if(""!==f){if(Object.prototype.hasOwnProperty.call(a,f)){if(f.charCodeAt(0)<256){for(r=0;r<d;r++)v<<=1,h==t-1?(h=0,p.push(n(v)),v=0):h++;for(i=f.charCodeAt(0),r=0;r<8;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1}else{for(i=1,r=0;r<d;r++)v=v<<1|i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i=0;for(i=f.charCodeAt(0),r=0;r<16;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1}0==--l&&(l=Math.pow(2,d),d++),delete a[f]}else for(i=s[f],r=0;r<d;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1;0==--l&&(l=Math.pow(2,d),d++)}for(i=2,r=0;r<d;r++)v=v<<1|1&i,h==t-1?(h=0,p.push(n(v)),v=0):h++,i>>=1;for(;;){if(v<<=1,h==t-1){p.push(n(v));break}h++}return p.join("")},decompress:function(t){return null==t?"":""==t?null:a._decompress(t.length,32768,function(e){return t.charCodeAt(e)})},_decompress:function(e,t,n){var r,i,o,s,a,u,c,f=[],l=4,g=4,d=3,p="",v=[],h={val:n(0),position:t,index:1};for(r=0;r<3;r+=1)f[r]=r;for(o=0,a=4,u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;switch(o){case 0:for(o=0,a=256,u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;c=y(o);break;case 1:for(o=0,a=65536,u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;c=y(o);break;case 2:return""}for(i=f[3]=c,v.push(c);;){if(h.index>e)return"";for(o=0,a=Math.pow(2,d),u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;switch(c=o){case 0:for(o=0,a=256,u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;f[g++]=y(o),c=g-1,l--;break;case 1:for(o=0,a=65536,u=1;u!=a;)s=h.val&h.position,h.position>>=1,0==h.position&&(h.position=t,h.val=n(h.index++)),o|=(0<s?1:0)*u,u<<=1;f[g++]=y(o),c=g-1,l--;break;case 2:return v.join("")}if(0==l&&(l=Math.pow(2,d),d++),f[c])p=f[c];else{if(c!==g)return null;p=i+i.charAt(0)}v.push(p),f[g++]=i+p.charAt(0),i=p,0==--l&&(l=Math.pow(2,d),d++)}}});function b(e){try{console.log("Error: "+e)}catch(e){}}function t(t,n){var r=function(){n&&n(!1)};try{t.setItem(l,l,l,function(){t.getItem(l,l,function(e){t.removeItem(l,l,void 0,void 0,!0),n(e==l)},r,!0)},r,!1,!0)}catch(e){r()}}function T(t,n,r,i,o,s,a){t.getItem(n,r,function(e){(e=e||{value:0}).value!==o&&e.value++,e.saveTime=(new Date).getTime(),e.expireSeconds=i,t.setItem(n,r,e,function(){s&&s(e.value)},a)},a)}function x(t,n,r,i,o,s,a){t.getItem(n,r,function(e){e?s&&s(I.parse(e.value)):(e={value:I.stringify(o),saveTime:(new Date).getTime(),expireSeconds:i},t.setItem(n,r,e,function(){s&&s(o)},a))},a)}function u(e,t){return t.extraData&&t.extraData.envName&&n.test(t.extraData.envName)?e+"_"+t.extraData.envName:e}k.Compressor=e;var c,f,g;function d(){var d,s=this,p=";path=/",n=";domain=",r=";expires=",i=";secure",o=";SameSite=None",a=";SameSite=Lax",u="=",v="***DEL***",h="WalkMeStorage_",y=63072e3,m=4096,c="";function f(){return"https:"===window.location.protocol}function l(e,t,n,r){var i=h+e;!function(e,t){var n,r,i=document.cookie.split(";");for(r=0;r<i.length;r++)0===(n=(n=i[r].substr(0,i[r].indexOf("="))).replace(/^\s+|\s+$/g,"")).indexOf(e)&&S(n,v,-1*y,t)}(i,r);var o=I.stringify(t);d&&(o=d.compressToEncodedURIComponent(o)),"string"!=typeof o&&(o=o.toString()),-1<o.indexOf(";")&&o.replace(";","");for(var s,a,u,c,f=function(e,t){for(var n=[],r=0,i=e.length;r<i;r+=t)n.push(e.substring(r,r+t));return n}(o,(s=i,a=r,u=w(n),c=b(a),m-(s.length+3+u.length+c.length+p.length))),l=0;l<f.length;l++){var g=i;0<l&&(g+="_"+l),S(g,f[l],n,r)}}function S(e,t,n,r){var i=w(n),o=b(r),s=t+i+p+o;document.cookie=e+u+s+c}function w(e){var t="";if(0!=e&&!isNaN(e)){var n=new Date;n.setTime(n.getTime()+1e3*e),t=r+n.toUTCString()}return t}function b(e){var t="";return e&&0<e.length&&(t=n+e),t}function g(e){var t,n=document.cookie.split(";"),r=h+e;if(t=function(e,t){var n,r="";for(n=0;n<O(e);n++){var i=0===n?t:t+"_"+n;e.hasOwnProperty(i)&&(r+=e[i])}return r}(function(e,t){var n,r,i,o={};for(i=0;i<e.length;i++)n=e[i].substr(0,e[i].indexOf("=")),r=e[i].substr(e[i].indexOf("=")+1),0===(n=n.replace(/^\s+|\s+$/g,"")).indexOf(t)&&(o[n]=r);return o}(n,r),r),d&&(t=d.decompressFromEncodedURIComponent(t)),!t||t==v)return{};try{return I.parse(t)||{}}catch(e){return{}}}function O(e){var t=0;for(var n in e)e.hasOwnProperty(n)&&t++;return t}s.init=function(e,t){t&&t()},s.testConnection=function(e){t(s,e)},this.setItem=function(e,t,n,r,i){try{var o=g(e);o[t]=n,l(e,o,y),r&&r()}catch(e){i&&i(e)}},this.getItem=function(e,t,n,r){try{var i=g(e);n&&n(i[t])}catch(e){r&&r(e)}},this.getAll=function(e,t,n){try{var r=g(e),i=[];for(var o in r){var s=r[o];void 0!==s&&i.push({key:o,saveObj:s})}t&&t(i)}catch(e){n&&n(e)}},this.removeItem=function(e,t,n,r){try{var i=g(e);delete i[t],l(e,i,y),n&&n()}catch(e){r&&r(e)}},this.increment=function(e,t,n,r,i,o){T(s,e,t,n,r,i,o)},this.getOrSetAndGet=function(e,t,n,r,i,o){x(s,e,t,n,r,i,o)},function(){d=k.Compressor;var e,t=((e={init:function(){this.browser=this.searchString(this.dataBrowser)||"An unknown browser",this.version=this.searchVersion(navigator.userAgent)||this.searchVersion(navigator.appVersion)||"an unknown version",this.OS=this.searchString(this.dataOS)||"an unknown OS"},searchString:function(e){for(var t=0;t<e.length;t++){var n=e[t].string,r=e[t].prop;if(this.versionSearchString=e[t].versionSearch||e[t].identity,n){if(-1!=n.indexOf(e[t].subString))return e[t].identity}else if(r)return e[t].identity}},searchVersion:function(e){var t=e.indexOf(this.versionSearchString);if(-1!=t)return parseFloat(e.substring(t+this.versionSearchString.length+1))},dataBrowser:[{string:navigator.userAgent,subString:"Chrome",identity:"Chrome"},{string:navigator.userAgent,subString:"OmniWeb",versionSearch:"OmniWeb/",identity:"OmniWeb"},{string:navigator.vendor,subString:"Apple",identity:"Safari",versionSearch:"Version"},{prop:window.opera,identity:"Opera",versionSearch:"Version"},{string:navigator.vendor,subString:"iCab",identity:"iCab"},{string:navigator.vendor,subString:"KDE",identity:"Konqueror"},{string:navigator.userAgent,subString:"Firefox",identity:"Firefox"},{string:navigator.vendor,subString:"Camino",identity:"Camino"},{string:navigator.userAgent,subString:"Netscape",identity:"Netscape"},{string:navigator.userAgent,subString:"MSIE",identity:"Explorer",versionSearch:"MSIE"},{string:navigator.userAgent,subString:"Trident",identity:"Explorer",versionSearch:" rv"},{string:navigator.userAgent,subString:"Edge",identity:"Edge"},{string:navigator.userAgent,subString:"Gecko",identity:"Mozilla",versionSearch:"rv"},{string:navigator.userAgent,subString:"Mozilla",identity:"Netscape",versionSearch:"Mozilla"}],dataOS:[{string:navigator.platform,subString:"Win",identity:"Windows"},{string:navigator.platform,subString:"Mac",identity:"Mac"},{string:navigator.userAgent,subString:"iPhone",identity:"iPhone/iPod"},{string:navigator.platform,subString:"Linux",identity:"Linux"}]}).init(),e);c="Safari"===t.browser?f()?i:a:f()?o+i:a}.apply(null,arguments)}function p(){var l,g,s=this,d=/\[guid=(.+) dict=(.+) key=([\s\S]+)\]$/,p=/\[guid=(.+) key=([\s\S]+)\]$/,v=1;function n(){g=!1}function u(e,t){for(var n=h(e),r=0;r<n.length;r++){var i=n[r],o=d.exec(i);o&&o[v]==e&&o[2]==t&&(y(e,i),l.removeItem(i))}}s.testConnection=function(e){t(s,e)},s.init=function(e,t){try{!function(e){var t="WalkMeStorage_"+e,n=l.getItem(t);if(n){var r=I.parse(n);for(var i in r)r.hasOwnProperty(i)&&s.setItem(e,i,r[i])}l.removeItem(t)}(e)}catch(e){b("error upgrading old data error="+e)}window.addEventListener?window.addEventListener("storage",n,!1):window.attachEvent&&document.attachEvent("onstorage",n),t&&t()},s.terminate=function(){window.removeEventListener?window.removeEventListener("storage",n,!1):window.attachEvent&&document.detachEvent("onstorage",n)},s.setItem=function(e,t,n,r,i,o,s){try{var a;s?a=t:f(e,a=S(e,t)),l.setItem(a,I.stringify(n)),(o||void 0===o)&&u(e,t),r&&r()}catch(e){i&&i(e)}},this.getItem=function(e,t,n,r,i){try{var o=i?t:S(e,t),s=l.getItem(o);s&&(s=I.parse(s)),n&&n(s)}catch(e){r&&r(e)}},this.getAll=function(e,t,n){if(g)t&&t();else try{for(var r=[],i=function(e,t){for(var n={},r=h(e),i=0;i<r.length;i++){var o=r[i],s=d.exec(o);s&&s[v]==e&&(n[s[2]]||(n[s[2]]={}),n[s[2]][s[3]]=I.parse(l.getItem(o)))}return n}(e),o=h(e),s=0;s<o.length;s++){var a=o[s],u=p.exec(a);if(u&&u[v]==e){var c=u[2],f=I.parse(l.getItem(a));c&&null!=f&&(i[c]&&(f.value=I.stringify(i[c])),r.push({key:c,saveObj:f}))}}g=!0,t&&t(r)}catch(e){n&&n(e)}},this.removeItem=function(e,t,n,r,i){try{var o;i?o=t:y(e,o=S(e,t)),l.removeItem(o),i||u(e,t),n&&n()}catch(e){r&&r(e)}},this.increment=function(e,t,n,r,i,o){T(s,e,t,n,r,i,o)},this.getOrSetAndGet=function(e,t,n,r,i,o){x(s,e,t,n,r,i,o)},this.addToDictionary=function(e,t,n,r){var i=w(e,t,n);f(e,i),l.setItem(i,I.stringify(r))},this.removeFromDictionary=function(e,t,n){var r=w(e,t,n);y(e,r),l.removeItem(r)};var r="-keys",i="-keysV2",o=";|~",a=new RegExp(";","g");function h(e){var t=l.getItem(e+i);return t||(t=l.getItem(e+r))&&(t=t.replace(a,o),l.removeItem(e+r),l.setItem(e+i,t)),t?t=t.split(o):c(e,t=function(e){for(var t,n=[],r=0;r<l.length;r++){t=l.key(r);var i=/\[guid=(.+) .+\]$/.exec(t);i&&i[v]==e&&n.push(t)}return n}(e)),t}function c(e,t){l.setItem(e+i,t.join(o))}function f(e,t){var n=h(e);-1==m(t,n)&&(n.push(t),c(e,n))}function y(e,t){var n=h(e),r=m(t,n);-1<r&&(n.splice(r,1),c(e,n))}function m(e,t){for(var n=0;n<t.length;n++)if(t[n]==e)return n;return-1}function S(e,t){return"WMS[guid="+e+" key="+t+"]"}function w(e,t,n){return"WMS[guid="+e+" dict="+t+" key="+n+"]"}(function(){try{l=window.localStorage}catch(e){b("local storage is blocked by browser settings error="+e)}}).apply(null,arguments)}function v(){var s,a,o,n,e=this,u=0,c=0;function f(e,t,n,r,i){1e4<++u&&(u=0);var o=I.stringify({action:e,guid:t,obj:n,num:u});a[u]={success:r,failed:i},c++,s.postMessage(o)}function r(e){if(!o){var t=I.parse(e.data);if("ready"==t){for(var n=0;n<a.init.length;n++)a.init[n]();a.init.length=0}else{c--;var r=t.num,i=a[r];delete a[r],t.success?i&&i.success&&i.success(t.obj):i&&i.failed&&i.failed(t.obj)}}}function i(){0<c&&function(e){for(var t=(new Date).getTime(),n=0;n<1e7&&!((new Date).getTime()-t>e);n++);}(150)}e.init=function(e,t){s||((s=new Worker("indexedDbManager.js")).onmessage=r,window.onbeforeunload=i),t&&(n?t():a.init.push(t))},e.testConnection=function(e){e&&f("test",l,null,function(){e(!0)},function(){e(!1)})},e.terminate=function(){o=!0,s&&s.terminate()},e.setItem=function(e,t,n,r,i,o){f("set",e,{key:t,value:n,clearDict:o},r,i)},e.getItem=function(e,t,n,r){f("get",e,{key:t},n,r)},e.getAll=function(e,t,n){f("all",e,null,t,n)},e.removeItem=function(e,t,n,r){f("del",e,{key:t},n,r)},e.addToSet=function(e,t,n,r,i){f("addSet",e,{key:t,value:n},r,i)},this.addToDictionary=function(e,t,n,r,i,o){f("add",e,{dict:t,key:n,value:r},i,o)},this.removeFromDictionary=function(e,t,n,r,i){f("rem",e,{dict:t,key:n},r,i)},this.increment=function(e,t,n,r,i,o){f("inc",e,{key:t,ttl:n,lastValue:r},i,o)},this.getOrSetAndGet=function(e,t,n,r,i,o){f("getOrSet",e,{key:t,ttl:n,fallbackValue:r},i,o)},function(){a={init:[function(){n=!0}]}}.apply(null,arguments)}function h(){c||((c=new BroadcastChannel("wm-channel")).onmessage=function(e){var t,n=Object.assign({},e.data);delete n.toBC,t=Object.assign({fromBC:!0},n),window.parent.postMessage(t,"*")},window.onbeforeunload=function(){c.close()})}var m=new function(){var r;this.set=function(e){var t="WMS_"+e.userGuid+e.key;r.setItem(t,e.value)},this.get=function(e){var t="WMS_"+e.userGuid+e.key,n=r.getItem(t);return void 0===n&&(n=e.defaultValue),n},function(){r=window.sessionStorage}.apply(null,arguments)};function S(e,t,n,r){try{if(!f||f!=e)switch(f=e){case i.Cookies:g=new d;break;case i.IndexedDB:g=new v;break;default:g=new p}g.init(t,n)}catch(e){r&&r(e)}}function w(e){try{var t=I.parse(e.data);if(t.toBC&&c)return void c.postMessage(t);if(n=t.requestType,!r[n])return;t.plainUserGuid=t.userGuid,t.userGuid=u(t.userGuid,t),O(t,e)}catch(e){}var n}function O(t,n){if(t.requestType===r.checkCanSave)S(t.saveMode,t.userGuid,function(){var e;e=function(e){n.source.postMessage(I.stringify({key:t.requestType,canSave:e}),"*")},g.testConnection(e)});else if(t.requestType===r.getAllMultiple)!function(e,t,n){var r=function(){n&&n()};try{var i={};g.getAll(e,function(e){e&&(i[t]=e),n&&n(i)},r)}catch(e){b(e),r()}}(t.userGuid,t.plainUserGuid,function(e){n.source.postMessage(I.stringify({key:t.requestType,allValues:e}),"*")});else if(t.requestType===r.set)g.setItem(t.userGuid,t.key,t.saveObj);else if(t.requestType===r.delete)g.removeItem(t.userGuid,t.key);else if(t.requestType===r.add)!function(r,i,o,s){if(g.addToDictionary)for(var e in g.setItem(r,i,s,null,null,!1),o)o.hasOwnProperty(e)&&g.addToDictionary(r,i,e,o[e]);else g.getItem(r,i,function(e){var t={};for(var n in e&&e.value&&(t=I.parse(e.value)||{}),o)o.hasOwnProperty(n)&&(t[n]=o[n]);s.value=I.stringify(t),g.setItem(r,i,s)})}(t.userGuid,t.key,t.keyValues,t.saveObj);else if(t.requestType===r.addSet)i=t.userGuid,o=t.key,s=t.saveObj,g.addToSet?g.addToSet(i,o,s):g.getItem(i,o,function(e){var t=[];e&&e.value&&(t=I.parse(e.value)||[]);for(var n=s.value,r=0;r<n.length;r++)-1==t.indexOf(n[r])&&t.push(n[r]);s.value=I.stringify(t),g.setItem(i,o,s)});else if(t.requestType===r.get)S(t.saveMode,t.userGuid,function(){g.getItem(t.userGuid,t.key,function(e){e&&n.source.postMessage(I.stringify({key:t.requestType,dataKey:t.key,saveObj:e}),"*")})});else if(t.requestType===r.setSession)m.set(t);else if(t.requestType===r.getSession){var e=m.get(t);n.source.postMessage(I.stringify({key:t.requestType,value:e,actionId:t.actionId}),"*")}else if(t.requestType===r.increment)g.increment(t.userGuid,t.key,t.ttl,t.lastValue,function(e){n.source.postMessage(I.stringify({key:t.requestType,value:e,actionId:t.actionId}),"*")});else if(t.requestType===r.getOrSetAndGet)g.getOrSetAndGet(t.userGuid,t.key,t.ttl,t.fallbackValue,function(e){n.source.postMessage(I.stringify({key:t.requestType,value:e,actionId:t.actionId}),"*")});else if(t.requestType===r.terminate)g.terminate&&g.terminate(),n.source.postMessage(I.stringify({key:t.requestType}),"*");else if(t.requestType===r.remove)!function(o,s,a,u){if(g.removeFromDictionary){g.setItem(o,s,u,null,null,!1);for(var e=0;e<a.length;e++)g.removeFromDictionary(o,s,a[e])}else g.getItem(o,s,function(e){var t={};e&&e.value&&(t=I.parse(e.value)||{});for(var n=!1,r=0;r<a.length;r++){var i=a[r];void 0!==t[i]&&(delete t[i],n=!0)}n&&(u.value=I.stringify(t),g.setItem(o,s,u))})}(t.userGuid,t.key,t.keysToRemove,t.saveObj);else if(t.requestType===r.initBroadcastChannel)return h();var i,o,s}window.addEventListener?window.addEventListener("message",w,!1):window.attachEvent&&window.attachEvent("onmessage",w),window.onload=function(){window.postMessage&&window.parent.postMessage("frameOrigin","*")}}()</script></body></html>
Assignee | ||
Comment 8•4 years ago
|
||
Comment 10•4 years ago
|
||
Backed outfor build bustages on nsCSPContext.cpp.
Backout link: https://hg.mozilla.org/integration/autoland/rev/41912ec7f19d78cb4103b31d32653b9ef526d15f
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=318568437&repo=autoland&lineNumber=18203
Assignee | ||
Comment 11•4 years ago
|
||
Ahhh, I forgot to push that latest change of casting to basePrincipal, sorry about that - will fix instantly.
Comment 12•4 years ago
|
||
Assignee | ||
Updated•4 years ago
|
Comment 13•4 years ago
|
||
bugherder |
Description
•