corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1780614 - Track potential crossoriginisolated status on BCG, r=smaug,kmag

Browse Source 
This patch changes how BrowsingContextGroups track CrossOriginIsolated
status such that it should be more consistently tracked and easier to
assert in the places which depend on it. In the new state of the world,
a flag is stored within the BCG's ID which tracks whether it was
created for cross-origin isolated documents, and that is also checked
when making decisions about how to isolate initial about:blank
documents, and whether to allow certain changes to
CrossOriginOpenerPolicy.

This flag is stashed within the ID, as it needs to be preserved if the
BCG is destroyed and then re-created from the ID (which may be e.g.
round-tripped through JS code). I also considered making the ID be a
string instead, to make it easier to include extra information like
this, and more clear where the information is stored, however :kmag
generally preferred using a bit within the integer ID.

These new assertions should now be less likely to spuriously fail due to
a DocShell disappearing or similar as well, which should help fix the
original issue.

Differential Revision: https://phabricator.services.mozilla.com/D152695
This commit is contained in:
Nika Layzell
2022-08-03 15:58:27 +00:00
parent d5deb3c009
commit 4df4c3621e
10 changed files with 163 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docshell/base/BrowsingContext.cpp
View File

@@ -371,12 +371,25 @@ already_AddRefed<BrowsingContext> BrowsingContext::CreateDetached(
// origin is same origin with the creator's top-level origin.
// If it is cross origin we should not inherit the CrossOriginOpenerPolicy
fields.mOpenerPolicy = aOpener->Top()->GetOpenerPolicy();
// If we inherit a policy which is potentially cross-origin isolated, we
// must be in a potentially cross-origin isolated BCG.
bool isPotentiallyCrossOriginIsolated =
fields.mOpenerPolicy ==
nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP;
MOZ_RELEASE_ASSERT(isPotentiallyCrossOriginIsolated ==
group->IsPotentiallyCrossOriginIsolated());
} else if (aOpener) {
// They are not same origin
auto topPolicy = aOpener->Top()->GetOpenerPolicy();
MOZ_RELEASE_ASSERT(topPolicy == nsILoadInfo::OPENER_POLICY_UNSAFE_NONE ||
topPolicy ==
nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_ALLOW_POPUPS);
} else if (!aParent && group->IsPotentiallyCrossOriginIsolated()) {
// If we're creating a brand-new toplevel BC in a potentially cross-origin
// isolated group, it should start out with a strict opener policy.
fields.mOpenerPolicy =
nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP;
}
fields.mHistoryID = nsID::GenerateUUID();
@@ -752,6 +765,11 @@ void BrowsingContext::Attach(bool aFromIPC, ContentParent* aOriginProcess) {
MOZ_DIAGNOSTIC_ASSERT(mGroup);
MOZ_DIAGNOSTIC_ASSERT(!mIsDiscarded);
MOZ_DIAGNOSTIC_ASSERT(
mGroup->IsPotentiallyCrossOriginIsolated() ==
(Top()->GetOpenerPolicy() ==
nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP));
AssertCoherentLoadContext();
// Add ourselves either to our parent or BrowsingContextGroup's child list.
@@ -3018,6 +3036,21 @@ void BrowsingContext::DidSet(FieldIndex<IDX_IsActiveBrowserWindowInternal>,
});
}
bool BrowsingContext::CanSet(FieldIndex<IDX_OpenerPolicy>,
nsILoadInfo::CrossOriginOpenerPolicy aPolicy,
ContentParent* aSource) {
// A potentially cross-origin isolated BC can't change opener policy, nor can
// a BC become potentially cross-origin isolated. An unchanged policy is
// always OK.
return GetOpenerPolicy() == aPolicy ||
(GetOpenerPolicy() !=
nsILoadInfo::
OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP &&
aPolicy !=
nsILoadInfo::
OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP);
}
auto BrowsingContext::CanSet(FieldIndex<IDX_AllowContentRetargeting>,
const bool& aAllowContentRetargeting,
ContentParent* aSource) -> CanSetResult {