ServiceWorkerShutdownState encapsulates the shutdown progress for a particular
ServiceWorker. The shutdown process involves a "shutdown message" passing
multiple threads in both parent/content processes; we report a progress update
when it's known that a shutdown message has reached a particular thread. The
idea is that in the event of a shutdown timeout, ServiceWorkerShutdownBlocker
will be able to provide diagnostics for where shutdown processes are stalled.
Differential Revision: https://phabricator.services.mozilla.com/D60791
--HG--
extra : moz-landing-system : lando
This also adds an explicit warning when this happens so that the child processes don't crash without leaving a trace.
Differential Revision: https://phabricator.services.mozilla.com/D60650
--HG--
extra : moz-landing-system : lando
Under some (yet) unclear conditions it's possible for a content
process to send session storage data for a browsing context that's
already been discarded. This leads to an assertion failure when
deserializing the IPC message. This commit works around this issue
by sending the browsing context's ID over IPC and issuing a warning
instead of asserting that the browsing context still exists.
Differential Revision: https://phabricator.services.mozilla.com/D59096
--HG--
extra : moz-landing-system : lando
Modify IPC method to support notify `ControlledMediaState` to the media controller, and remove the previous implementation.
Differential Revision: https://phabricator.services.mozilla.com/D57572
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
This commit implements a simple data replication scheme, where
each content process receives a copy of the relevant session
storage data when navigating, and sending all its session storage
data to the parent process before shutting down.
Differential Revision: https://phabricator.services.mozilla.com/D55662
--HG--
extra : moz-landing-system : lando
* The parent needs to be able to request the child to provide its untrusted
modules telemetry. This is done via `GetUntrustedModulesData`.
* The child needs to be able to determine which of its module loads are trusted,
and which are not. Since the child is sandboxed, it must delegate that work
to the parent process. This is done via `GetModulesTrust`.
Differential Revision: https://phabricator.services.mozilla.com/D53681
--HG--
extra : moz-landing-system : lando
The inclusions were removed with the following very crude script and the
resulting breakage was fixed up by hand. The manual fixups did either
revert the changes done by the script, replace a generic header with a more
specific one or replace a header with a forward declaration.
find . -name "*.idl" | grep -v web-platform | grep -v third_party | while read path; do
interfaces=$(grep "^\(class\|interface\).*:.*" "$path" | cut -d' ' -f2)
if [ -n "$interfaces" ]; then
if [[ "$interfaces" == *$'\n'* ]]; then
regexp="\("
for i in $interfaces; do regexp="$regexp$i\|"; done
regexp="${regexp%%\\\|}\)"
else
regexp="$interfaces"
fi
interface=$(basename "$path")
rg -l "#include.*${interface%%.idl}.h" . | while read path2; do
hits=$(grep -v "#include.*${interface%%.idl}.h" "$path2" | grep -c "$regexp" )
if [ $hits -eq 0 ]; then
echo "Removing ${interface} from ${path2}"
grep -v "#include.*${interface%%.idl}.h" "$path2" > "$path2".tmp
mv -f "$path2".tmp "$path2"
fi
done
fi
done
Differential Revision: https://phabricator.services.mozilla.com/D55442
--HG--
extra : moz-landing-system : lando
* The parent needs to be able to request the child to provide its untrusted
modules telemetry. This is done via `GetUntrustedModulesData`.
* The child needs to be able to determine which of its module loads are trusted,
and which are not. Since the child is sandboxed, it must delegate that work
to the parent process. This is done via `GetModulesTrust`.
Differential Revision: https://phabricator.services.mozilla.com/D53681
--HG--
extra : moz-landing-system : lando
The inclusions were removed with the following very crude script and the
resulting breakage was fixed up by hand. The manual fixups did either
revert the changes done by the script, replace a generic header with a more
specific one or replace a header with a forward declaration.
find . -name "*.idl" | grep -v web-platform | grep -v third_party | while read path; do
interfaces=$(grep "^\(class\|interface\).*:.*" "$path" | cut -d' ' -f2)
if [ -n "$interfaces" ]; then
if [[ "$interfaces" == *$'\n'* ]]; then
regexp="\("
for i in $interfaces; do regexp="$regexp$i\|"; done
regexp="${regexp%%\\\|}\)"
else
regexp="$interfaces"
fi
interface=$(basename "$path")
rg -l "#include.*${interface%%.idl}.h" . | while read path2; do
hits=$(grep -v "#include.*${interface%%.idl}.h" "$path2" | grep -c "$regexp" )
if [ $hits -eq 0 ]; then
echo "Removing ${interface} from ${path2}"
grep -v "#include.*${interface%%.idl}.h" "$path2" > "$path2".tmp
mv -f "$path2".tmp "$path2"
fi
done
fi
done
Differential Revision: https://phabricator.services.mozilla.com/D55442
--HG--
extra : moz-landing-system : lando
Without DocumentChannel, nsExtProtocolChannel::OpenURL calls into nsExternalHelperAppService::LoadURI in the content process.
We then manually forward this to the parent process over PContent, create a RemoteWindowContext around the browser parent, and then call LoadURI again.
With DocumemntChannel, the nsExtProtocolChannel already lives in the parent, so we just need to provide a RemoteWindowContext directly (that the code accesses via GetInterface on the callbacks).
Differential Revision: https://phabricator.services.mozilla.com/D54247
--HG--
extra : moz-landing-system : lando
Without DocumentChannel, nsExtProtocolChannel::OpenURL calls into nsExternalHelperAppService::LoadURI in the content process.
We then manually forward this to the parent process over PContent, create a RemoteWindowContext around the browser parent, and then call LoadURI again.
With DocumemntChannel, the nsExtProtocolChannel already lives in the parent, so we just need to provide a RemoteWindowContext directly (that the code accesses via GetInterface on the callbacks).
Differential Revision: https://phabricator.services.mozilla.com/D54247
--HG--
extra : moz-landing-system : lando
Without DocumentChannel, nsExtProtocolChannel::OpenURL calls into nsExternalHelperAppService::LoadURI in the content process.
We then manually forward this to the parent process over PContent, create a RemoteWindowContext around the browser parent, and then call LoadURI again.
With DocumemntChannel, the nsExtProtocolChannel already lives in the parent, so we just need to provide a RemoteWindowContext directly (that the code accesses via GetInterface on the callbacks).
Differential Revision: https://phabricator.services.mozilla.com/D54247
--HG--
extra : moz-landing-system : lando
Without DocumentChannel, nsExtProtocolChannel::OpenURL calls into nsExternalHelperAppService::LoadURI in the content process.
We then manually forward this to the parent process over PContent, create a RemoteWindowContext around the browser parent, and then call LoadURI again.
With DocumemntChannel, the nsExtProtocolChannel already lives in the parent, so we just need to provide a RemoteWindowContext directly (that the code accesses via GetInterface on the callbacks).
Differential Revision: https://phabricator.services.mozilla.com/D54247
--HG--
extra : moz-landing-system : lando
This also converts MaybeCloseWindowHelper, and results in the window close operations being always run in the parent (even without DocumentChannel).
Differential Revision: https://phabricator.services.mozilla.com/D49528
--HG--
extra : moz-landing-system : lando
Right now, this constant has an equal sign in it. I want to use it in
C++ without the equal sign in the next patch. So, for consistency,
move the equal sign to the places that use this constant. Also, add
the constant to C++.
Differential Revision: https://phabricator.services.mozilla.com/D51751
--HG--
extra : moz-landing-system : lando
