Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reland "Origin isolation: a new strategy for window.originIsolationRestricted" #24842

Merged
merged 1 commit into from Aug 1, 2020

Conversation

@chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Aug 1, 2020

This is a reland of 7ac0b9ed68d57270b680e39b9e21e1ede1b8c774

Navigation test flakiness continues, so relanding.

Original change's description:

Origin isolation: a new strategy for window.originIsolationRestricted

In https://chromium-review.googlesource.com/c/chromium/src/+/2243994 I
introduced an implementation for window.originIsolationRestricted which
pipes the isolation state from NavigationRequest to the navigated-to
LocalDOMWindow. However, this does not work for the case of the initial
about:blank, where no navigation is performed. Furthermore, it does not
match the spec, where the Window property just reflects an agent
cluster-wide property.

This CL introduces an alternate approach, more similar to what is done
for self.crossOriginIsolated in
https://chromium-review.googlesource.com/c/chromium/src/+/2247463, which
is another agent cluster-wide value. The origin isolation state is
stored in the renderer-side Agent class. Then the LocalDOMWindow getter
can just pick it up from the surrounding agent, as in the spec. Note
that unlike the implementation for self.crossOriginIsolated, the value
is per-Agent instead of static (process-wide).

Currently the value is set several times per agent (roughly once on
every navigation). This is redundant, but we don't yet have a good place
to set it once (i.e., we don't have a browser-side "time of agent
creation"). If that gets fixed, we can likely stop piping the value
through navigation params. See
https://docs.google.com/document/d/1MTnmyWAoAIKDH4yWaRthIUdi05MsjlML8gctvKP7-h8/edit
for discussions around fixing that.

This fixes the issue with about:blank iframes embedded in origin-isolated
pages reporting false, because the agent's origin-isolated boolean was
previously set to true by the containing frame.

This does not yet fix the issue with data: URLs reporting false, tested in
external/wpt/origin-isolation/getter-special-cases/data-url.https.html.
However, that will be doable as a followup, by changing the
navigation-time computation to pass true for them instead of false.
(Currently it passes false because data: URLs don't get their own
process, but it should pass true because they do get their own agent
cluster.)

Bug: 1095653
Change-Id: I8dfa8fc4a4766efc0611d43a255673662c422776
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2300237
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793799}

Bug: 1095653
Change-Id: Ib061cd0832353bee4f77219628534b64d7a3637e
No-Presubmit: True
No-Tree-Checks: True
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2333750
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793905}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

The review process for this patch is being conducted in the Chromium project.

…stricted"

This is a reland of 7ac0b9ed68d57270b680e39b9e21e1ede1b8c774

Navigation test flakiness continues, so relanding.

Original change's description:
> Origin isolation: a new strategy for window.originIsolationRestricted
>
> In https://chromium-review.googlesource.com/c/chromium/src/+/2243994 I
> introduced an implementation for window.originIsolationRestricted which
> pipes the isolation state from NavigationRequest to the navigated-to
> LocalDOMWindow. However, this does not work for the case of the initial
> about:blank, where no navigation is performed. Furthermore, it does not
> match the spec, where the Window property just reflects an agent
> cluster-wide property.
>
> This CL introduces an alternate approach, more similar to what is done
> for self.crossOriginIsolated in
> https://chromium-review.googlesource.com/c/chromium/src/+/2247463, which
> is another agent cluster-wide value. The origin isolation state is
> stored in the renderer-side Agent class. Then the LocalDOMWindow getter
> can just pick it up from the surrounding agent, as in the spec. Note
> that unlike the implementation for self.crossOriginIsolated, the value
> is per-Agent instead of static (process-wide).
>
> Currently the value is set several times per agent (roughly once on
> every navigation). This is redundant, but we don't yet have a good place
> to set it once (i.e., we don't have a browser-side "time of agent
> creation"). If that gets fixed, we can likely stop piping the value
> through navigation params. See
> https://docs.google.com/document/d/1MTnmyWAoAIKDH4yWaRthIUdi05MsjlML8gctvKP7-h8/edit
> for discussions around fixing that.
>
> This fixes the issue with about:blank iframes embedded in origin-isolated
> pages reporting false, because the agent's origin-isolated boolean was
> previously set to true by the containing frame.
>
> This does not yet fix the issue with data: URLs reporting false, tested in
> external/wpt/origin-isolation/getter-special-cases/data-url.https.html.
> However, that will be doable as a followup, by changing the
> navigation-time computation to pass true for them instead of false.
> (Currently it passes false because data: URLs don't get their own
> process, but it should pass true because they _do_ get their own agent
> cluster.)
>
> Bug: 1095653
> Change-Id: I8dfa8fc4a4766efc0611d43a255673662c422776
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2300237
> Commit-Queue: Domenic Denicola <domenic@chromium.org>
> Reviewed-by: Charlie Reis <creis@chromium.org>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#793799}

Bug: 1095653
Change-Id: Ib061cd0832353bee4f77219628534b64d7a3637e
No-Presubmit: True
No-Tree-Checks: True
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2333750
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793905}
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2333750 branch from b2d9dce to f429f73 Aug 1, 2020
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit fe13f0a into master Aug 1, 2020
22 checks passed
22 checks passed
staging.wpt.fyi - firefox[experimental] Firefox results
Details
wpt.fyi - firefox[experimental] Firefox results
Details
Azure Pipelines Build #20200801.15 succeeded
Details
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
download-firefox-nightly Community-TC (pull_request)
Details
lint Community-TC (pull_request)
Details
sink-task Community-TC (pull_request)
Details
staging.wpt.fyi - chrome[experimental] Chrome results
Details
staging.wpt.fyi - safari[experimental] Safari results
Details
wpt-chrome-dev-results Community-TC (pull_request)
Details
wpt-chrome-dev-results-without-changes Community-TC (pull_request)
Details
wpt-chrome-dev-stability Community-TC (pull_request)
Details
wpt-decision-task Community-TC (pull_request)
Details
wpt-firefox-nightly-results Community-TC (pull_request)
Details
wpt-firefox-nightly-results-without-changes Community-TC (pull_request)
Details
wpt-firefox-nightly-stability Community-TC (pull_request)
Details
wpt.fyi - chrome[experimental] Chrome results
Details
wpt.fyi - safari[experimental] Safari results
Details
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2333750 branch Aug 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants