Make CSP frame-ancestors work with fission enabled
Categories
(Core :: DOM: Security, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
(Depends on 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 1•6 years ago
|
||
Hey Nika, within the code for CSPs frame-ancestors we basically traverse the docshell-chain all the way up to the top-level parent, see
https://searchfox.org/mozilla-central/rev/23f836a71cfe961373c8bd0d0219ec60a64b3c8f/dom/security/nsCSPContext.cpp#1559
Obviously that is broken within fission and hence I wanted to verify something:
A potential solution would be to store an |ancestor-uri[]| on the loadinfo for subdocument loads. Basically whenever we create a new iframe, we copy the ancestor-uri of the parent and append the current-uri and hence pass that info all the way down nested iframes. Question is, does that defeat the purpose of fission? Because that ancestor-uri[] would be loaded cross process and hence could leak information about the parent or would that be fine?
|
||
Comment 2•6 years ago
|
||
Yeah, that would kinda defeat the purpose. We don't want to include the URIs of principals of your frame ancestors in the new fission content process.
You probably need to do CSP frame-ancestors checks within the parent process, so that the information doesn't need to be sent down to the content process at all. You can probably do this by getting the window which we're loading into from the loadinfo in the parent process, and reading the document principal information off of WindowGlobalParent actors there.
|
|
Assignee | |
Comment 3•6 years ago
|
||
|
||
Updated•6 years ago
|
|
|
Assignee | |
Updated•6 years ago
|
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8705284b50d4
Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin
|
||
Comment 5•6 years ago
|
||
Backed out changeset 8705284b50d4 (Bug 1584993) for test_report_uri_missing_in_report_only_header.html failures
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&fromchange=8705284b50d4905110df9b1fab7f00d9d77d06e6&tochange=9201fb4f420d953b2fe9e2a3e61221ec440ca2a9&selectedJob=272349703
Backout link: https://hg.mozilla.org/integration/autoland/rev/9201fb4f420d953b2fe9e2a3e61221ec440ca2a9
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=272349703&repo=autoland&lineNumber=6084
[task 2019-10-22T09:52:08.558Z] 09:52:08 INFO - TEST-START | dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
[task 2019-10-22T09:52:08.616Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 16 (0x110a47c00) [pid = 1697] [serial = 809] [outer = 0x122244f20]
[task 2019-10-22T09:52:08.659Z] 09:52:08 INFO - GECKO(1695) | ++DOCSHELL 0x110ba9800 == 7 [pid = 1697] [id = {47286e96-d2c1-d947-bbef-39640c0ac3b2}]
[task 2019-10-22T09:52:08.660Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 17 (0x1222454c0) [pid = 1697] [serial = 810] [outer = 0x0]
[task 2019-10-22T09:52:08.660Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 18 (0x110ac2c00) [pid = 1697] [serial = 811] [outer = 0x1222454c0]
[task 2019-10-22T09:52:08.680Z] 09:52:08 INFO - GECKO(1695) | --DOMWINDOW == 17 (0x1222456a0) [pid = 1697] [serial = 799] [outer = 0x0] [url = http://mochi.test:8888/tests/dom/security/test/csp/file_report_font_cache-2.html]
[task 2019-10-22T09:52:08.681Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 18 (0x110a46400) [pid = 1697] [serial = 812] [outer = 0x1222454c0]
[task 2019-10-22T09:52:08.724Z] 09:52:08 INFO - GECKO(1695) | MEMORY STAT | vsize 7446MB | residentFast 204MB | heapAllocated 31MB
[task 2019-10-22T09:52:08.725Z] 09:52:08 INFO - TEST-OK | dom/security/test/csp/test_report_uri_missing_in_report_only_header.html | took 175ms
[task 2019-10-22T09:52:08.725Z] 09:52:08 ERROR - /tests/dom/security/test/csp/test_report_uri_missing_in_report_only_header.html logged result after SimpleTest.finish(): report-uri not specified in Report-Only should throw a CSP warning.
[task 2019-10-22T09:52:08.725Z] 09:52:08 INFO - GECKO(1695) | ++DOMWINDOW == 19 (0x110b5e800) [pid = 1697] [serial = 813] [outer = 0x122244f20]
[task 2019-10-22T09:52:08.807Z] 09:52:08 INFO - TEST-START | dom/security/test/csp/test_sandbox.html
|
|
Assignee | |
Comment 6•6 years ago
|
||
(In reply to Bogdan Tara[:bogdan_tara] from comment #5)
Backed out changeset 8705284b50d4 (Bug 1584993) for test_report_uri_missing_in_report_only_header.html failures
Fixed - sorry about that!
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e21ad27bfd0a
Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin
|
||
Comment 8•6 years ago
|
||
| bugherder | ||
|
||
Comment 10•6 years ago
|
||
Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.
This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:
0ee3c76a-bc79-4eb2-8d12-05dc0b68e732
Description
•