New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict AppCache to secure contexts #3440

Closed
annevk opened this Issue Feb 2, 2018 · 8 comments

Comments

8 participants
@annevk
Member

annevk commented Feb 2, 2018

Note that this whole feature is already marked deprecated.

Firefox is moving ahead with restricting this feature to secure contexts in Nightly/Beta and release with Firefox 62: https://www.fxsitecompat.com/en-CA/docs/2018/support-for-application-cache-on-insecure-sites-has-been-deprecated/. (Should have shipped by September 2018.)

Reportedly other browsers have similar plans.

Therefore, it might make sense to reflect this restriction in the standard (while still keeping the feature marked deprecated).

See also #151.

cc @whatwg/security @jonathanKingston

@wanderview

This comment has been minimized.

Member

wanderview commented Feb 2, 2018

Note, we are removing window.applicationCache when its disabled. An alternative that has been thrown around is leaving it there, but making it simply do nothing. I think we want to avoid that if we can, but I guess it depends on how breaking things are in practice.

Also note, we never exposed an ApplicationCache interface on the global. So if there are sites doing "ApplicationCache" in self for their feature detection then we were already getting false on firefox.

@mikewest

This comment has been minimized.

Member

mikewest commented Feb 2, 2018

I've started a Blink-side conversation in https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/ANnafFBhReY. The usage numbers Chrome users were reporting seem a bit higher than what Firefox's users showed, but based on some analysis of HTTP Archive, I'm hopeful that we'll be able to justify any potential breakage.

If we're able to follow Firefox's good example, I'd suggest that marking window.applicationCache, ApplicationCache and ApplicationCacheErrorEvent interfaces as [SecureContext] would be reasonable, as well as changing the language around the manifest attribute to impose a similar restriction. I think that's more or less the behavior Firefox has landed on as well.

@jonathanKingston

This comment has been minimized.

jonathanKingston commented Feb 2, 2018

more or less the behavior Firefox has landed on as well.

This sounds about right. These change are still behind the pref because of the phased roll-out but essentially the plan is to:

  • Parse manifest= in the HTML parser but ignore it's usage in insecure contexts
  • Hide all interfaces used by application cache in insecure contexts (I missed an internal one in this follow up bug)
@johnwilander

This comment has been minimized.

johnwilander commented Feb 2, 2018

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Mar 28, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Mar 29, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Mar 29, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Mar 29, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Mar 29, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
@annevk

This comment has been minimized.

Member

annevk commented Apr 4, 2018

FWIW, it seems in Firefox ApplicationCache is more akin to [NoInterfaceObject] as we simply never expose it. Other user agents might want to do that as well in order to make it easier to remove it down the line.

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Apr 5, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7

aarongable pushed a commit to chromium/chromium that referenced this issue Apr 5, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
Reviewed-on: https://chromium-review.googlesource.com/982625
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548391}

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Apr 5, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
Reviewed-on: https://chromium-review.googlesource.com/982625
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548391}

chromium-wpt-export-bot added a commit to web-platform-tests/wpt that referenced this issue Apr 5, 2018

Add a runtime flag to restrict AppCache to secure contexts.
This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
Reviewed-on: https://chromium-review.googlesource.com/982625
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548391}
@domenic

This comment has been minimized.

Member

domenic commented Apr 9, 2018

Should we move forward with spec changes on this, or wait until browsers see success, or...?

@annevk

This comment has been minimized.

Member

annevk commented Apr 10, 2018

I think we should wait until September at least, until someone else manages to ship in release before then. It would also be useful to know if [NoInterfaceObject] is reasonable for other browsers.

moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this issue Apr 15, 2018

Bug 1449546 [wpt PR 10210] - Add a runtime flag to restrict AppCache …
…to secure contexts., a=testonly

Automatic update from web-platform-testsAdd a runtime flag to restrict AppCache to secure contexts.

This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
Reviewed-on: https://chromium-review.googlesource.com/982625
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548391}

wpt-commits: bf17459a71ff4d1ea280bae54dd046ecf86e0628
wpt-pr: 10210
wpt-commits: bf17459a71ff4d1ea280bae54dd046ecf86e0628
wpt-pr: 10210


--HG--
rename : testing/web-platform/tests/html/browsers/offline/appcache/workers/appcache-worker.html => testing/web-platform/tests/html/browsers/offline/appcache/workers/appcache-worker.https.html
rename : testing/web-platform/tests/html/browsers/offline/application-cache-api/api_status_idle.html => testing/web-platform/tests/html/browsers/offline/application-cache-api/api_status_idle.https.html
rename : testing/web-platform/tests/html/browsers/offline/application-cache-api/api_status_uncached.html => testing/web-platform/tests/html/browsers/offline/application-cache-api/api_status_uncached.https.html
rename : testing/web-platform/tests/html/browsers/offline/application-cache-api/api_swapcache_error.html => testing/web-platform/tests/html/browsers/offline/application-cache-api/api_swapcache_error.https.html
rename : testing/web-platform/tests/html/browsers/offline/application-cache-api/api_update.html => testing/web-platform/tests/html/browsers/offline/application-cache-api/api_update.https.html
rename : testing/web-platform/tests/html/browsers/offline/application-cache-api/api_update_error.html => testing/web-platform/tests/html/browsers/offline/application-cache-api/api_update_error.https.html
rename : testing/web-platform/tests/html/browsers/offline/browser-state/navigator_online_event-manual.html => testing/web-platform/tests/html/browsers/offline/browser-state/navigator_online_event-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/browser-state/navigator_online_online.html => testing/web-platform/tests/html/browsers/offline/browser-state/navigator_online_online.https.html
rename : testing/web-platform/tests/html/browsers/offline/introduction-4/event_cached.html => testing/web-platform/tests/html/browsers/offline/introduction-4/event_cached.https.html
rename : testing/web-platform/tests/html/browsers/offline/introduction-4/event_checking.html => testing/web-platform/tests/html/browsers/offline/introduction-4/event_checking.https.html
rename : testing/web-platform/tests/html/browsers/offline/introduction-4/event_noupdate.html => testing/web-platform/tests/html/browsers/offline/introduction-4/event_noupdate.https.html
rename : testing/web-platform/tests/html/browsers/offline/introduction-4/event_progress.html => testing/web-platform/tests/html/browsers/offline/introduction-4/event_progress.https.html
rename : testing/web-platform/tests/html/browsers/offline/manifest_main_empty-manual.html => testing/web-platform/tests/html/browsers/offline/manifest_main_empty-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/manifest_notchanged_online-manual.html => testing/web-platform/tests/html/browsers/offline/manifest_notchanged_online-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/manifest_section_empty-manual.html => testing/web-platform/tests/html/browsers/offline/manifest_section_empty-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/manifest_section_many-manual.html => testing/web-platform/tests/html/browsers/offline/manifest_section_many-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/manifest_url_check.html => testing/web-platform/tests/html/browsers/offline/manifest_url_check.https.https.html
rename : testing/web-platform/tests/html/browsers/offline/no-appcache-in-shared-workers-historical.html => testing/web-platform/tests/html/browsers/offline/no-appcache-in-shared-workers-historical.https.html
rename : testing/web-platform/tests/html/browsers/offline/section_network_offline-manual.html => testing/web-platform/tests/html/browsers/offline/section_network_offline-manual.https.html
rename : testing/web-platform/tests/html/browsers/offline/section_network_online-manual.html => testing/web-platform/tests/html/browsers/offline/section_network_online-manual.https.html
rename : testing/web-platform/tests/html/browsers/the-window-object/window-properties.html => testing/web-platform/tests/html/browsers/the-window-object/window-properties.https.html
rename : testing/web-platform/tests/html/dom/dynamic-markup-insertion/opening-the-input-stream/009.html => testing/web-platform/tests/html/dom/dynamic-markup-insertion/opening-the-input-stream/009.https.html

mykmelez pushed a commit to mozilla/gecko that referenced this issue Apr 16, 2018

Bug 1449546 [wpt PR 10210] - Add a runtime flag to restrict AppCache …
…to secure contexts., a=testonly

Automatic update from web-platform-testsAdd a runtime flag to restrict AppCache to secure contexts.

This patch adjusts the `SecureContext` IDL attribute to take an argument,
as we need to restrict the relevant bits and pieces to secure contexts
iff a specific flag is set. We'll unfortunately need to keep that in place
until and unless we decide that we can reasonably remove an enterprise
opt-out.

Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ
Spec bug: whatwg/html#3440

Bug: 588931
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng
Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7
Reviewed-on: https://chromium-review.googlesource.com/982625
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548391}

wpt-commits: bf17459a71ff4d1ea280bae54dd046ecf86e0628
wpt-pr: 10210
wpt-commits: bf17459a71ff4d1ea280bae54dd046ecf86e0628
wpt-pr: 10210
@chrisdavidmills

This comment has been minimized.

chrisdavidmills commented Oct 31, 2018

We've marked this as secure context only in appropriate places, e.g. https://developer.mozilla.org/en-US/docs/Web/HTML/Using_the_application_cache

annevk added a commit that referenced this issue Oct 31, 2018

@domenic domenic closed this in #4149 Nov 9, 2018

domenic added a commit that referenced this issue Nov 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment