background image theme doesn't seem to apply
Categories
(Firefox :: Theme, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox118 | --- | unaffected |
| firefox119 | --- | verified |
| firefox120 | --- | verified |
People
(Reporter: nchevobbe, Assigned: emilio)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
on latest build, the Alpenglow theme does not apply properly (nor do https://addons.mozilla.org/en-US/firefox/addon/save-the-bees-plz/ for example)
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 1•2 years ago
|
||
Somehow a regression from bug 1854486... The computed style looks correct tho... wat.
|
|
Assignee | |
Comment 2•2 years ago
|
||
Just moving the rules from browser/content to browser/themes causes the images not to load...
|
|
Assignee | |
Comment 3•2 years ago
|
||
When loaded from there, the triggering principal is the system principal
and we go through:
Otherwise we fail the check because the triggering principal is a
ContentPrincipal with "chrome://browser/skin/browser.css" as the URI.
That seems a bit unexpected and deserves some looking into, but let's
unbreak themes in the meantime.
|
|
Assignee | |
Comment 4•2 years ago
|
||
Freddy, do you know if creating ContentPrincipals with chrome:// URIs is expected for @import-ed stylesheets?
I suspect the right fix is somehow propagating the triggering principal across @import or so.
|
|
Assignee | |
Comment 5•2 years ago
|
||
Actually just loading browser-shared.css from the top level doesn't quite fix it either. Will take a deeper look after lunch.
|
||
Comment 7•2 years ago
|
||
Reading the @import spec as I true to get a better understanding.
in https://www.w3.org/TR/css-cascade-3/#conditional-import:
The origin of an imported style sheet is the origin of the style sheet that imported it.
So that's like with JS? If A loads styles from B, then the code in B is being executed with the context (principal) from A?
Then I believe comment 4 is right that we want to inherit the principal across @import.
|
|
||
Comment 8•2 years ago
|
||
Are imports of nsContentPolicyType::TYPE_STYLESHEET? Surprised they did not get their own.
|
||
Comment 9•2 years ago
|
||
Set release status flags based on info from the regressing bug 1854486
|
|
Assignee | |
Comment 10•2 years ago
|
||
Okay, so I dug into what's going on and what makes chrome://browser/skin and chrome://browser/content different. This doesn't have to do with @import and such after all, just with the result of GetChannelResultPrincipal which is what we end up using.
The answer is this piece of code that comes all the way back from bug 221490.
So, thoughts:
- Wat, that's rather unexpected.
- Freddy, any reason we couldn't expand that to all
chrome://channels? - Alternatively, any reason why we shouldn't change this check to allow subresources from
chrome://principals? So something like:
index 3110a07b3177a..a855781d1170b 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -1647,8 +1647,11 @@ nsresult nsContentSecurityManager::CheckChannel(nsIChannel* aChannel) {
return NS_OK;
}
- // Allow subresource loads if TriggeringPrincipal is the SystemPrincipal.
- if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
+ // Allow subresource loads from chrome:// URIs or if TriggeringPrincipal is
+ // the SystemPrincipal.
+ nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
+ if ((triggeringPrincipal->IsSystemPrincipal() ||
+ triggeringPrincipal->SchemeIs("chrome")) &&
loadInfo->GetExternalContentPolicyType() !=
ExtContentPolicy::TYPE_DOCUMENT &&
loadInfo->GetExternalContentPolicyType() !=
Both approaches would work, afaict.
|
||
Comment 11•2 years ago
|
||
| bugherder | ||
|
||
Comment 16•2 years ago
|
||
Comment on attachment 9355036 [details]
Bug 1855151 - Move lwtheme rules back to browser/base/content/browser.css. r=dao
Beta/Release Uplift Approval Request
- User impact if declined:
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky):
- String changes made/needed:
- Is Android affected?: Yes
|
|
||
Comment 17•2 years ago
|
||
Comment on attachment 9355036 [details]
Bug 1855151 - Move lwtheme rules back to browser/base/content/browser.css. r=dao
Approved for 119.0b3
|
||
Comment 18•2 years ago
|
||
| uplift | ||
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Reproducible on a 2023-09-26 Nightly build on macOS 12.
Verified as fixed on Firefox 119.0b3(build ID: 20230929091427) and Nightly 120.0a1(build ID: 20231001214422) on macOS 12, Windows 10, Ubuntu 22.
Both Alpenglow and Save the Bees themes are now applied correctly.
|
|
||
Comment 20•2 years ago
|
||
Discussion to be continued in review of bug 1855225 w/ dveditz.
Description
•