Open Bug 1813789 Opened 2 months ago Updated 18 days ago

See if the translations worker can be moved from a ChromeWorker to an unprivileged Worker


(Firefox :: Translation, task, P3)





(Reporter: gregtatum, Unassigned)


(Blocks 2 open bugs)


Any worker created in a chrome-privileged principal will inherit the privileges. The translations worker doesn't need chrome privileges since it's just running a wasm blob that transforms a string into a string.

Here you can see the various ChromeUtils a ChromeWorker has access to:

It would be nice if we could figure out a way to load a Worker without the privileges. One immediate issue with accomplishing this is the same-origin rule gets in the way of loading a resource:// URL from a content page.

For instance, in about:translations the origin is reported as "null" and invoking the worker on the content-side of the page causes a same-origin error to be thrown when loading the worker at a resource:// or chrome:// URL.

While about:translations we are in control of the content side of the page, on the general web we are not, and so this may not be feasible for the Worker to run on the content side, but I'm not sure. This needs to be investigated, as it would be a clear security win if we can lock down the Worker.

This blocks MVP so that we can at least decide on this through a security review, plus check on the feasibility.

Blocks: 1820214
Blocks: 1820240
No longer blocks: 1820240
You need to log in before you can comment on or make changes to this bug.