Origin isolation: a new strategy for window.originIsolationRestricted #24616
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2300237
branch
from
76a2d65
to
cfb5a0d
Compare
wpt-pr-bot
approved these changes
Jul 21, 2020
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2300237
branch
from
cfb5a0d
to
e4cfbb6
Compare
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2300237
branch
3 times, most recently
from
59c45a7
to
b10cad3
Compare
In https://chromium-review.googlesource.com/c/chromium/src/+/2243994 I introduced an implementation for window.originIsolationRestricted which pipes the isolation state from NavigationRequest to the navigated-to LocalDOMWindow. However, this does not work for the case of the initial about:blank, where no navigation is performed. Furthermore, it does not match the spec, where the Window property just reflects an agent cluster-wide property. This CL introduces an alternate approach, more similar to what is done for self.crossOriginIsolated in https://chromium-review.googlesource.com/c/chromium/src/+/2247463, which is another agent cluster-wide value. The origin isolation state is stored in the renderer-side Agent class. Then the LocalDOMWindow getter can just pick it up from the surrounding agent, as in the spec. Note that unlike the implementation for self.crossOriginIsolated, the value is per-Agent instead of static (process-wide). Currently the value is set several times per agent (roughly once on every navigation). This is redundant, but we don't yet have a good place to set it once (i.e., we don't have a browser-side "time of agent creation"). If that gets fixed, we can likely stop piping the value through navigation params. See https://docs.google.com/document/d/1MTnmyWAoAIKDH4yWaRthIUdi05MsjlML8gctvKP7-h8/edit for discussions around fixing that. This fixes the issue with about:blank iframes embedded in origin-isolated pages reporting false, because the agent's origin-isolated boolean was previously set to true by the containing frame. This does not yet fix the issue with data: URLs reporting false, tested in external/wpt/origin-isolation/getter-special-cases/data-url.https.html. However, that will be doable as a followup, by changing the navigation-time computation to pass true for them instead of false. (Currently it passes false because data: URLs don't get their own process, but it should pass true because they _do_ get their own agent cluster.) Bug: 1095653 Change-Id: I8dfa8fc4a4766efc0611d43a255673662c422776 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2300237 Commit-Queue: Domenic Denicola <domenic@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#793799}
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2300237
branch
from
b10cad3
to
f650f7f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In https://chromium-review.googlesource.com/c/chromium/src/+/2243994 I
introduced an implementation for window.originIsolationRestricted which
pipes the isolation state from NavigationRequest to the navigated-to
LocalDOMWindow. However, this does not work for the case of the initial
about:blank, where no navigation is performed. Furthermore, it does not
match the spec, where the Window property just reflects an agent
cluster-wide property.
This CL introduces an alternate approach, more similar to what is done
for self.crossOriginIsolated in
https://chromium-review.googlesource.com/c/chromium/src/+/2247463, which
is another agent cluster-wide value. The origin isolation state is
stored in the renderer-side Agent class. Then the LocalDOMWindow getter
can just pick it up from the surrounding agent, as in the spec. Note
that unlike the implementation for self.crossOriginIsolated, the value
is per-Agent instead of static (process-wide).
Currently the value is set several times per agent (roughly once on
every navigation). This is redundant, but we don't yet have a good place
to set it once (i.e., we don't have a browser-side "time of agent
creation"). If that gets fixed, we can likely stop piping the value
through navigation params. See
https://docs.google.com/document/d/1MTnmyWAoAIKDH4yWaRthIUdi05MsjlML8gctvKP7-h8/edit
for discussions around fixing that.
This fixes the issue with about:blank iframes embedded in origin-isolated
pages reporting false, because the agent's origin-isolated boolean was
previously set to true by the containing frame.
This does not yet fix the issue with data: URLs reporting false, tested in
external/wpt/origin-isolation/getter-special-cases/data-url.https.html.
However, that will be doable as a followup, by changing the
navigation-time computation to pass true for them instead of false.
(Currently it passes false because data: URLs don't get their own
process, but it should pass true because they do get their own agent
cluster.)
Bug: 1095653
Change-Id: I8dfa8fc4a4766efc0611d43a255673662c422776
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2300237
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793799}