COEP:credentialless Origin-Trial has no effect on process selection
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox108 | --- | fixed |
People
(Reporter: niklas.fiekas, Assigned: sefeng)
Details
Attachments
(1 file)
The following document is served on https://lichess.dev/coep:
<!doctype html>
<html>
<head>
<meta http-equiv="Origin-Trial" content="A11R4+BYwN6OiQqdWQQGBgNOtCTUAyhw3BRHhHxngWJmEmJNDBtNbTbnEXU/W645BTQKd+iHKXPGPFNKTnS9AB0AAABTeyJvcmlnaW4iOiJodHRwczovL2xpY2hlc3MuZGV2IiwiZmVhdHVyZSI6IkNvZXBDcmVkZW50aWFsbGVzcyIsImV4cGlyeSI6MTY3NTIwNTk0MH0=">
</head>
<body>
<script>
document.body.style.background = window.crossOriginIsolated ? "green" : "red";
</script>
</body>
</html>
Headers include:
Cross-Origin-Embedder-Policy: credentialless
Cross-Origin-Opener-Policy: same-origin
The page is expected to be green, because the window is expected to be crossOriginIsolated
.
However the page is red on Firefox 104 and 105, despite the Origin-Trial token obtained from https://bugzilla.mozilla.org/show_bug.cgi?id=1790181.
Manually toggling browser.tabs.remote.coep.credentialless
in about:config
works as expected.
Assignee | ||
Comment 1•2 years ago
|
||
looking
Assignee | ||
Comment 2•2 years ago
•
|
||
Looks like this is another case where COEP is used before the meta is parsed, so the opener policy was set to OPENER_POLICY_SAME_ORIGIN
rather than OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP
Assignee | ||
Comment 3•2 years ago
|
||
So crossOriginIsolated reads the opener policy which expects it to be OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP
. However, since this is the initial load and the policy is set very early and we haven't parsed the <meta> yet, so the opener policy is OPENER_POLICY_SAME_ORIGIN
.
This is fine I think, the subsequent resource loads are going to use OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP
. So we can just modify the check to either opener policy is OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP
or
mCurrentWindowContext->GetEmbedderPolicy() ==
nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS &&
Top()->GetOpenerPolicy() == nsILoadInfo::OPENER_POLICY_SAME_ORIGIN;
However this fix still fails because the remote type is webIsolated
not webCOOP+COEP=
. I don't know if we can just ignore the remote type here or...?
Wdyt Emilio?
Comment 4•2 years ago
|
||
I don't think we can ignore the remote type here. If we're not in the right process kind we don't have the isolation guarantees, and switching processes at the point we're already parsing the meta tag is not really feasible. Does using the trial in a header work Sean (barring the crash we fixed)?
Reporter | ||
Comment 5•2 years ago
|
||
Does using the trial in a header work Sean (barring the crash we fixed)?
I created a second page using the header at https://lichess.dev/coep2, but Firefox 105 remains red.
Assignee | ||
Comment 6•2 years ago
|
||
I think using the trial in the header can work, though we need to make a patch to check the header in HttpBaseChannel::ComputeCrossOriginOpenerPolicy, I am working on the patch.
Updated•2 years ago
|
Assignee | ||
Comment 7•2 years ago
|
||
Currently, if users enabled COEP:Credentialless by Origin-Trial,
it won't put the document into an isolated process, this patch
fixes.
Though the caveat is this only works for enabling Origin-Trial
in the response header, setting it via <meta> still won't work.
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Comment 9•2 years ago
|
||
bugherder |
Description
•