Cannot load frames with external content in extensions on Android; "ASSERTION: Attempt to load a non-authorised load in the parent process"
Categories
(WebExtensions :: Android, defect, P3)
Tracking
(firefox120 fixed)
Tracking | Status | |
---|---|---|
firefox120 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
(Depends on 1 open bug)
Details
The following features together prevent extensions from loading external content in iframes:
- Extensions on GeckoView run in the main process.
- External content cannot be loaded in the parent process, according to the rules defined by
nsDocShell::CanLoadInParentProcess
. Otherwise the request is rejected (and a crash on debug builds: "ASSERTION: Attempt to load a non-authorised load in the parent process:") by https://searchfox.org/mozilla-central/rev/064a1e6a2a6f6aa30be8bf4edea2f8408f779d4d/netwerk/ipc/ParentProcessDocumentChannel.cpp#58-70
STR: Example of failing unit test:
- command:
./mach xpcshell-test --verbose toolkit/components/extensions/test/xpcshell/test_ext_cookieBehaviors.js --tag=in-process-webextensions
- expected: document loads and
iframe.onload
is called. - actual: document does not load and
iframe.onerror
is called. - actual (debug build): crash, ASSERTION: Attempt to load a non-authorised load in the parent process:
###!!! ASSERTION: Attempt to load a non-authorised load in the parent process: http://example.com/page-with-tracker.html: 'false', file /path/to/gecko/netwerk/ipc/ParentProcessDocumentChannel.cpp:66
- test source: https://searchfox.org/mozilla-central/rev/4b49a0dc50104e03ecadd1fd1902b27be6b9c0c8/toolkit/components/extensions/test/xpcshell/test_ext_cookieBehaviors.js#375-385
STR: manual test on mobile:
-
Start a Fenix build, and enable remote debugging in the settings.
-
Visit
about:debugging
on desktop, enable devices, connect to the device. -
Select an extension (one of the built-in ones), inspect it and run the following code in the background page:
f = document.createElement("iframe"); f.src = "https://example.com/"; f.onload = f.onerror = e => console.log(e.type); document.body.append(f);
-
Look at the console.
-
Use the DOM inspector to inspect the iframe.
Expected:
- Step 4 prints "load".
- Step 5 shows a loaded document.
Actual:
- Step 4 prints "error".
- Step 5 shows an empty document (empty
<head>
and<body>
).
Alternative STR (desktop):
- Start Firefox with
extensions.webextensions.remote
=false (restart the browser if you're usingabout:config
). - Install an extension.
- Visit
about:debugging
and inspect the extension. - See step 4 and 5 from the other STR, with the same Expected/actual
Assignee | ||
Comment 1•3 years ago
|
||
Out-of-process frames are not supported in the main process by Fission (and besides, Fission isn't even enabled by default in GeckoView).
Non-e10s (single-process mode) is not supported on GeckoView either (and we wouldn't want that anyway).
So the only feasible path towards a fix for this bug is to enable out-of-process extensions on Android - bug 1535365.
Assignee | ||
Comment 2•3 years ago
|
||
I can get xpcshell tests to pass with the following prefs:
Services.prefs.setBoolPref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", true);
Services.prefs.setBoolPref("security.allow_unsafe_parent_loads", true);
The first pref is used to get xpc::IsInAutomation
to be true, since it isn't true by default in xpcshell tests (bug 1598804).
The second pref is to force nsDocShell::CanLoadInParentProcess
to accept requests to external URLs used in the test.
While this trick can be used to re-enable some tests, I'm not sure whether we should use it, since it's a non-standard test configuration.
Assignee | ||
Comment 3•3 years ago
|
||
A fix for the root cause is not near (comment 1), and the current set of recommended extensions do seemingly not depend on the ability to load remote frames, so we decided to partially address this bug for the failing unit tests only using the test-only prefs from comment 2. A new issue could be filed for the actual issue.
(Or equivalently, we could file a bug to land the test-only changes and link this bug.)
Comment 5•2 years ago
|
||
Rob, this bug is about extensions running in GeckoView's main process and content in Fission OOP iframes. Is this bug relevant for Android Addons GA? Or can this bug wait until we implement Android Fission?
Assignee | ||
Comment 6•2 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #5)
Rob, this bug is about extensions running in GeckoView's main process and content in Fission OOP iframes.
This bug is about extensions not being able to load remote content in their (moz-extension:
) documents. This is because extensions currently run in the main process. When extensions run in their own process (bug 1535365), this bug will be resolved.
Is this bug relevant for Android Addons GA? Or can this bug wait until we implement Android Fission?
This is relevant for GA, but mainly as a bug to point to when extension authors run into the issue described here.
The engineering tasks itself are tracked in bug 1535365.
Once that bug is fixed by turning on the feature (not just on Nightly or Beta, but on release), this bug can be closed. And along with that, we can re-enable some tests - bug 1700482.
Assignee | ||
Comment 7•1 year ago
|
||
Note: tests were re-enabled using the trick from comment 2 in https://hg.mozilla.org/mozilla-central/rev/80b8b7daaa90.
Once out-of-process WebExtensions are enabled (bug 1535365), this bug will be fixed for real.
Comment 8•1 year ago
|
||
Looks like this bug should be fixed in 120.
Updated•1 year ago
|
Updated•1 year ago
|
Description
•