The (non-normative) window.open spec does not specify what should happen when
window.open is called on a window with a null/discarded browsing context, but
in general the lookup and creation rules do not make sense when the window has
no BC. It does, however, specify that we should return null when a target BC
cannot be found or created, and gives us broad discretion over when we decide
to ignore a load request and return null. Since we can't trigger a
cross-process load from a discarded BC, simply aborting in that case seems
like the logical solution.
For Location objects, the spec is more specific, and requires that we ignore
load attempts on Location objects whose documents are null, which in our
implementation corresponds to a discarded BrowsingContext.
LocationBase::SetURI already enforces this, but a second check in
BrowsingContext::LoadURI is probably a good idea as well.
Differential Revision: https://phabricator.services.mozilla.com/D45635
To be able to reach all BrowsingContexts in
BrowsingContextGroup::EnsureSubscribed we need to make sure that if a
BrowsingContext is detached, we need to cache all of its children in
case we call BrowsingContextGroup::EnsureSubscribed before the
children in turn are detached.
Differential Revision: https://phabricator.services.mozilla.com/D45337
This is currently only available on the outer window, but needs to move to
BrowsingContext in order from us to remove redundant opener tracking from the
former.
Differential Revision: https://phabricator.services.mozilla.com/D43690
This is currently only available on the outer window, but needs to move to
BrowsingContext in order from us to remove redundant opener tracking from the
former.
Differential Revision: https://phabricator.services.mozilla.com/D43690
This patch cleans up remote outer window proxies when we navigate back
into the process.
It adds a flag to mDanglingRemoteOuterProxies that is set in between
BrowsingContext::SetDocShell(), where we can tell that the browsing
context is going from being remote to being local, to
nsGlobalWindowOuter::SetNewDocument(), where the local outer window
proxy is actually created. Once the outer window is created, the
remote window proxies can be cleaned up in
CleanUpDanglingRemoteOuterWindowProxies().
The clean up is done by a process that is similar to object
transplanting, except that instead of looking in the cross-compartment
wrapper table for each compartment to find objects to be turned into
CCWs to the new object, it looks in the remote proxy map for each
compartment. SpiderMonkey doesn't know about the proxy maps, so this
has to be done by a new callback object CompartmentTransplantCallback.
Now that this cleanup is being done, it shouldn't be possible to wrap
a remote outer window proxy when the browsing context is local, so
MaybeWrapWindowProxy() can be simplified. I had to drop the assert
here that the browsing context has a window proxy because during clean
up we call wrap on a local outer window proxy before the BC gets the
window proxy set on it. I had the assert because my original plan was
to implicitly fix remote proxies during wrapping, but that is no
longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D38343
I believe it's the right thing to do.
COEP inherits opener's COEP and is overwritten if COEP by response is stricter.
i.e., we no more need the inherited one.
Differential Revision: https://phabricator.services.mozilla.com/D40143
(a) Substitute Cross-Origin header with COEP
(b) Forcing cors in FetchDriver is removed since COEP doesn't need to IIUC
Differential Revision: https://phabricator.services.mozilla.com/D38788
This also renames the existing infallible nsDocShell:GetBrowsingContext()
getter to BrowsingContextRef(), and changes the return type, since several
callers rely on it returning a raw pointer rather than an already_AddRefed.
Differential Revision: https://phabricator.services.mozilla.com/D40312
This change is necessary in order to support named targeting of remote
BrowsingContexts, since the current arrangement only supports in-process
contexts. It also considerably simplifies the logic, since named targetting is
now restricted to the same TabGroup/BrowsingContextGroup, which in and of
itself guarantees that origin attributes will always match in the cases that
we care about.
Differential Revision: https://phabricator.services.mozilla.com/D39991
When a BrowsingContext changes from being local to remote, we have to
change all window proxies from being local to remote, using
transplanting. The actual window proxy becomes a remote window
proxy. Cross compartment wrappers (CCWs) to the window proxy also
become remote window proxies in their respective compartments, rather
than CCWs to a remote proxy in the old compartment of the window
proxy, because the window is no longer actually in that
compartment. This also avoids having to figure out what Xray behavior
for remote window proxies should be.
This patch uses the transplanting support I added to
GetRemoteOuterWindowProxy() in the previous patch to ensure that the
remote proxy map holds the correct value after transplanting finishes.
It drops the requirement that both arguments to JS_TransplantObject
have the same class, because we need to transplant a window proxy with
a remote window proxy. It also deals with this by not adding origobj
to the wrapper map unless it is a CCW, to handle transplanting to a
remote proxy.
The core design here, with the remote window proxies in every
compartment, is taken from a patch by peterv.
Differential Revision: https://phabricator.services.mozilla.com/D35730
When we call GetRemoteOuterWindowProxy in the middle of a transplant,
the remote proxy that the function returns will be almost immediately
swapped with some other object. Rather than trying to fix up the
remote proxy map when that happens, this patch adds a new argument
that is a pointer to the object, if any, that the remote proxy is
going to be swapped to. This will be used in the remote proxy map.
Having a value in the remote proxy map that is not a remote proxy
could cause issues if somebody ends up calling
GetRemoteOuterWindowProxy() a second time before the transplant has
finished. To avoid that, my patch asserts that we are returning an
object with the appropriate class.
Differential Revision: https://phabricator.services.mozilla.com/D37598
When a BrowsingContext changes from being local to remote, we have to
change all window proxies from being local to remote, using
transplanting. The actual window proxy becomes a remote window
proxy. Cross compartment wrappers (CCWs) to the window proxy also
become remote window proxies in their respective compartments, rather
than CCWs to a remote proxy in the old compartment of the window
proxy, because the window is no longer actually in that
compartment. This also avoids having to figure out what Xray behavior
for remote window proxies should be.
This patch uses the transplanting support I added to
GetRemoteOuterWindowProxy() in the previous patch to ensure that the
remote proxy map holds the correct value after transplanting finishes.
It drops the requirement that both arguments to JS_TransplantObject
have the same class, because we need to transplant a window proxy with
a remote window proxy. It also deals with this by not adding origobj
to the wrapper map unless it is a CCW, to handle transplanting to a
remote proxy.
The core design here, with the remote window proxies in every
compartment, is taken from a patch by peterv.
Differential Revision: https://phabricator.services.mozilla.com/D35730
When we call GetRemoteOuterWindowProxy in the middle of a transplant,
the remote proxy that the function returns will be almost immediately
swapped with some other object. Rather than trying to fix up the
remote proxy map when that happens, this patch adds a new argument
that is a pointer to the object, if any, that the remote proxy is
going to be swapped to. This will be used in the remote proxy map.
Having a value in the remote proxy map that is not a remote proxy
could cause issues if somebody ends up calling
GetRemoteOuterWindowProxy() a second time before the transplant has
finished. To avoid that, my patch asserts that we are returning an
object with the appropriate class.
Differential Revision: https://phabricator.services.mozilla.com/D37598
When searching for a target by name, don't select a window if its associated
BrowsingContext is closed, discarded, or cached.
Differential Revision: https://phabricator.services.mozilla.com/D37876
Renames IsActive to IsTargetable, and updates its implementation to check that
the current browsing context is neither closed nor cached.
Differential Revision: https://phabricator.services.mozilla.com/D36670
This should help us more easily identify where the crashing issues are coming
from. The issue in part 1 was found due to these assertion changes.
Differential Revision: https://phabricator.services.mozilla.com/D36996
This ensures that the object is not discarded while there are still in-flight
messages from the parent process, and vice-versa, which could cause crashes if a
CC was run before any pending messages have arrived.
Differential Revision: https://phabricator.services.mozilla.com/D36995
In the bug which introduced mIsDiscarded, the code was changed to not set
mClosed during Detach, and only set mIsDiscarded. This was a mistake because a
bunch of places are only reading mClosed. Specifically when creating a
BrowsingContext for an iframe, we check GetClosed() to see whether to skip
creating it. Not doing this check can lead to assertions like the one in this
bug.
This patch changes the behaviour to continue setting `mClosed`, and also updates
the relevant `GetClosed()` checks to correctly check `IsDiscarded()`
Differential Revision: https://phabricator.services.mozilla.com/D37267
Waiting for docshells and frameloaders to destroy will leave attached
browsing contexts attached too long. In case the children of a
browsing contexts cannot be cached we want to detach all of them as
soon as possible.
Also normalizes the use of BrowsingContext::mGroup.
Differential Revision: https://phabricator.services.mozilla.com/D33602
Waiting for docshells and frameloaders to destroy will leave attached
browsing contexts attached too long. In case the children of a
browsing contexts cannot be cached we want to detach all of them as
soon as possible.
Also normalizes the use of BrowsingContext::mGroup.
Differential Revision: https://phabricator.services.mozilla.com/D33602
This is sorta-part of the work for bug 1510760. Currently if you do a process
switch, the window proxy state is completely borked, and a lot of stuff doesn't
work.
This patch aims to make it so that, while not transplanted correctly, methods
generally don't return the wrong WindowProxy object anymore after a process
swap.
Differential Revision: https://phabricator.services.mozilla.com/D33082
This is sorta-part of the work for bug 1510760. Currently if you do a process
switch, the window proxy state is completely borked, and a lot of stuff doesn't
work.
This patch aims to make it so that, while not transplanted correctly, methods
generally don't return the wrong WindowProxy object anymore after a process
swap.
Differential Revision: https://phabricator.services.mozilla.com/D33082
