Closed Bug 1792229 Opened 2 years ago Closed 2 years ago

COEP:credentialless Origin-Trial has no effect on process selection

Categories

(Core :: DOM: Core & HTML, defect)

defect

Tracking

()

RESOLVED FIXED
108 Branch
Tracking Status
firefox108 --- fixed

People

(Reporter: niklas.fiekas, Assigned: sefeng)

Details

Attachments

(1 file)

The following document is served on https://lichess.dev/coep:

<!doctype html>
<html>
  <head>
    <meta http-equiv="Origin-Trial" content="A11R4+BYwN6OiQqdWQQGBgNOtCTUAyhw3BRHhHxngWJmEmJNDBtNbTbnEXU/W645BTQKd+iHKXPGPFNKTnS9AB0AAABTeyJvcmlnaW4iOiJodHRwczovL2xpY2hlc3MuZGV2IiwiZmVhdHVyZSI6IkNvZXBDcmVkZW50aWFsbGVzcyIsImV4cGlyeSI6MTY3NTIwNTk0MH0=">
  </head>
  <body>
    <script>
      document.body.style.background = window.crossOriginIsolated ? "green" : "red"; 
    </script>
  </body>
</html>

Headers include:

Cross-Origin-Embedder-Policy: credentialless
Cross-Origin-Opener-Policy: same-origin

The page is expected to be green, because the window is expected to be crossOriginIsolated.

However the page is red on Firefox 104 and 105, despite the Origin-Trial token obtained from https://bugzilla.mozilla.org/show_bug.cgi?id=1790181.

Manually toggling browser.tabs.remote.coep.credentialless in about:config works as expected.

looking

Looks like this is another case where COEP is used before the meta is parsed, so the opener policy was set to OPENER_POLICY_SAME_ORIGIN rather than OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP

So crossOriginIsolated reads the opener policy which expects it to be OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP. However, since this is the initial load and the policy is set very early and we haven't parsed the <meta> yet, so the opener policy is OPENER_POLICY_SAME_ORIGIN.

This is fine I think, the subsequent resource loads are going to use OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP. So we can just modify the check to either opener policy is OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP or

mCurrentWindowContext->GetEmbedderPolicy() ==  
  nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS &&
  Top()->GetOpenerPolicy() == nsILoadInfo::OPENER_POLICY_SAME_ORIGIN;

However this fix still fails because the remote type is webIsolated not webCOOP+COEP=. I don't know if we can just ignore the remote type here or...?

Wdyt Emilio?

Flags: needinfo?(emilio)

I don't think we can ignore the remote type here. If we're not in the right process kind we don't have the isolation guarantees, and switching processes at the point we're already parsing the meta tag is not really feasible. Does using the trial in a header work Sean (barring the crash we fixed)?

Flags: needinfo?(emilio) → needinfo?(sefeng)

Does using the trial in a header work Sean (barring the crash we fixed)?

I created a second page using the header at https://lichess.dev/coep2, but Firefox 105 remains red.

I think using the trial in the header can work, though we need to make a patch to check the header in HttpBaseChannel::ComputeCrossOriginOpenerPolicy, I am working on the patch.

Summary: COEP:credentialless Origin-Trial has no effect → COEP:credentialless Origin-Trial has no effect on process selection

Currently, if users enabled COEP:Credentialless by Origin-Trial,
it won't put the document into an isolated process, this patch
fixes.

Though the caveat is this only works for enabling Origin-Trial
in the response header, setting it via <meta> still won't work.

Assignee: nobody → sefeng
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Flags: needinfo?(sefeng)
Severity: -- → S2
Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/58efdf0fa43c Make Origin-Trial COEP:Credentialless works on process selection r=emilio,necko-reviewers,valentin
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: