Open Bug 1823937 Opened 2 years ago Updated 11 months ago

Service worker in a cross-origin iframe cannot intercept requests initiated by a web worker inside the iframe

Categories

(Core :: DOM: Service Workers, defect, P2)

Product:
Core
Component:
DOM: Service Workers
Version:
Firefox 111
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: emilis.baliukonis, Assigned: edenchuang)

Details

Steps to reproduce:

Let\s assume a site has the following structure:

example-a.com/index.html loads an iframe from example-b.com/app.html which spawns a service worker and a web worker.

A web worker makes a network request to example-b.com/intercept. The service worker, the web worker and network request destination URL all belong to the same origin (example-b.com) and the request url belongs to the service worker scope (they are both at the root of the domain).

On Safari and Chrome, the service worker can successfully intercept such requests coming from a web worker.
However, on Firefox such requests are not intercepted by SW.

It's worth mentioning that the service worker can successfully intercept requests made by the iframe document or regular scripts. The issue is specifically related to web workers.

Reproducible example: https://github.com/emilisb/ff-iframe-sw-test
Deployed example app (check console output for test result): https://ff-iframe-sw-test.netlify.app

Actual results:

  • Firefox - service worker does not intercept the request and an actual request to example-b.com/intercept is made.
  • Safari, Chrome - works as expected.

Expected results:

Service worker successfully intercepts the request and returns a modified response.

The Bugbug bot thinks this bug should belong to the 'DevTools::Netmonitor' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Netmonitor
Product: Firefox → DevTools
Component: Netmonitor → DOM: Service Workers
Product: DevTools → Core

Eden, would you mind helping with triage here? Thanks!

Flags: needinfo?(echuang)

Took a look at the case.

The reason for interception failure is that we fail to control the worker.

We try to control the worker while fetching it at this line.
https://searchfox.org/mozilla-central/rev/8433b62e54fd30663e82f090c4d31554531a2e66/dom/serviceworkers/ServiceWorkerManager.cpp#2202
But eventually, we fail to control it.

So the requests of the worker are also not intercepted by the ServiceWorker.

Keep ni on me to dig into the details of why we fail to control it.

I tried to load all the iframe/worker/serviceworker in the same-origin with the top-level page, the worker can be intercepted.
So I guess this is because the worker is a third-party worker.

Severity: -- → S3
Priority: -- → P2
Assignee: nobody → echuang
Flags: needinfo?(echuang)
You need to log in before you can comment on or make changes to this bug.