Closed Bug 1859532 Opened 2 years ago Closed 2 years ago

Cache interface is undefined in content scripts

Categories

(Core :: Storage: Cache API, defect, P3)

Product:
Core
Component:
Storage: Cache API
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- wontfix
firefox118 --- wontfix
firefox119 --- wontfix
firefox120 --- fixed

People

(Reporter: gregp, Assigned: saschanaz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1859532 - Use IsSecureContextOrObjectIsFromSecureContext to match `[SecureContext]` behavior r=asuth
48 bytes, text/x-phabricator-request
Details | Review

See bug 1859236 comment 4

Does anyone know if this was on purpose? If it is, we should document it.

See Also: → 1859236

Set release status flags based on info from the regressing bug 1112134

:saschanaz, since you are the author of the regressor, bug 1112134, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

status-firefox118: --- → affected
status-firefox119: --- → affected
status-firefox120: --- → affected
status-firefox-esr115: --- → affected
Flags: needinfo?(krosylight)

Bug 1112134 definitely was not about hiding it from content scripts, it was to hide it from non-secure contexts. Can content script see any of [SecureContext] interfaces?

Flags: needinfo?(krosylight) → needinfo?(gregp)

Can content script see any of [SecureContext] interfaces?

Yes, content scripts can normally see [SecureContext] interfaces. Bug 1859236 comment 4 contains some analysis looking at why this specific one is not visible. Thank you for confirming that it was not intentional !

Flags: needinfo?(gregp)

Edit: Ignore this, I was looking at this bug too quickly and misunderstood the situation.

I think our behavior for the Cache API makes sense here. If the content script is accessing storage APIs through the underlying content global, it makes sense to expose the storage as experienced by the underlying content global, which includes restrictions experienced by the underlying content global.

Can you elaborate more on the restrictions experienced by the underlying content global?

This bug is just about the fact that Cache/CacheStorage interfaces are not being exposed to content scripts. My limited understanding is that this isn't much of an issue in practice because you can't actually construct them. It's just an interesting difference between content scripts and normal page scripts that I noticed while working on bug 1859236

Apologies, my comment 4 is wrong; we should be consistent with what the binding checks normally do per the codegen which is use IsSecureContextOrObjectIsFromSecureContext. Thank you very much for your detailed investigation in bug 1859236 and taking the time to file this follow-up and provide context.

I think this is just an oversight from the changes in that bug as :saschanaz says in comment 2, so I'm moving this bug to Cache API and tentatively assigning to :saschanaz.

Assignee: nobody → krosylight
Severity: -- → S3
Status: NEW → ASSIGNED
Component: General → Storage: Cache API
Priority: -- → P3
Product: WebExtensions → Core

It seems service worker also uses IsSecureContextOrObjectIsFromSecureContext instead, so maybe it makes sense to let cache api use the same function. (I think I used GetIsSecureContext because it works for WPT at least)

Pushed by krosylight@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ab349c95356f Use IsSecureContextOrObjectIsFromSecureContext to match `[SecureContext]` behavior r=asuth

https://hg.mozilla.org/mozilla-central/rev/ab349c95356f

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox120: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: