When we let the WebIDL callback wrapper report exceptions, it returns an error
result of NS_ERROR_UNEXPECTED, which winds up getting set as a promise
rejection reason or re-reported to the console. This just causes unnecessary
confusion for callers, especially since the error has no location information.
Differential Revision: https://phabricator.services.mozilla.com/D57657
--HG--
extra : moz-landing-system : lando
Splits WebGLContext into ClientWebGLContext and HostWebGLContext. The Client enables the JS-control of a WebGL context in a content procecss while the Host executes the WebGL graphics operations (via a WebGLContext that maintains much of the existing code) in the compositor process. At this point, the cross-process behavior is disabled -- this series of patches is an incremental step toward that final goal.
Differential Revision: https://phabricator.services.mozilla.com/D54018
--HG--
extra : moz-landing-system : lando
Under some (yet) unclear conditions it's possible for a content
process to send session storage data for a browsing context that's
already been discarded. This leads to an assertion failure when
deserializing the IPC message. This commit works around this issue
by sending the browsing context's ID over IPC and issuing a warning
instead of asserting that the browsing context still exists.
Differential Revision: https://phabricator.services.mozilla.com/D59096
--HG--
extra : moz-landing-system : lando
* Makes it possible to selectively enable TRR for pbmode/container/window/etc
Differential Revision: https://phabricator.services.mozilla.com/D48363
--HG--
extra : moz-landing-system : lando
Note that this also implicitly adds support for the view-source+srcdoc configuration, and setting of the BaseURI, which were both in the nsDocShell version but not the others.
Differential Revision: https://phabricator.services.mozilla.com/D57887
--HG--
extra : moz-landing-system : lando
Now that we have UTF8String in the WebIDL, we can remove quite a few of the
conversions. Do that, and lift the remaining string conversions up as needed.
Also deindent Servo_ComputeColor while touching it.
Most of the remaining copies are because either bug 1606994, or because they're
WebIDL attributes that we still need to serialize back as UTF-16 (bug 1606995).
Differential Revision: https://phabricator.services.mozilla.com/D58687
--HG--
extra : moz-landing-system : lando
Note that this also implicitly adds support for the view-source+srcdoc configuration, and setting of the BaseURI, which were both in the nsDocShell version but not the others.
Differential Revision: https://phabricator.services.mozilla.com/D57887
--HG--
extra : moz-landing-system : lando
This makes clear where the information comes from, and also that there are some
bits of information that we should pass down from the child that we don't, like
allowfullscreen and the frame name.
Differential Revision: https://phabricator.services.mozilla.com/D58535
--HG--
extra : moz-landing-system : lando
Introduce `ControlledMediaState` to media controller, so now we can now how many controlled media are playing, which allow us to update `mIsPlaying` correctly.
Differential Revision: https://phabricator.services.mozilla.com/D57574
--HG--
extra : moz-landing-system : lando
Modify IPC method to support notify `ControlledMediaState` to the media controller, and remove the previous implementation.
Differential Revision: https://phabricator.services.mozilla.com/D57572
--HG--
extra : moz-landing-system : lando
When a content or plug-in process crashes too early we haven't initialized the
CrashReporterHost for that process. This will cause the crash to be orphaned,
i.e. to miss most of its crash annotations. We added code to finalize those
crashes in bug 1282776 so that we wouldn't miss them entirely. This ensured
that crash reports would have both their .dmp and .extra files but the patch
failed to modify the code that notified various listeners about the crash
report's presence.
This changes always send the crash ID alongside the crash notifications, even
for orphaned crashes, so that listeners such as the content crash handler or
the test harnesses can always find the minidump and .extra file. Additionally
orphaned crashes are recorded in the CrashManager and in telemetry just like
normal crashes.
This also re-enables dom/ipc/tests/process_error.xul which failed frequently
because of this bug.
Differential Revision: https://phabricator.services.mozilla.com/D57634
--HG--
extra : moz-landing-system : lando
When we open a new window from a content process, we create a nested event
loop to wait for it to be initialized by the parent. The problem with this is
that the OpenWindow code which calls the window provider expects the window to
be in-process and uninitialized, so that it can load its own initial URI into
it, and correctly fulfil the spec-codified contract of window.open(). If
another caller initiates a load in the new window during the nested event
loop, those invariants are broken, and any manner of undefined behavior can
occur.
This patch adds a new flag to the BrowsingContext, marking it as uninitialized
until the end of the nested event loop, and blocking any attempts to load a
new URI into it in the meantime.
Differential Revision: https://phabricator.services.mozilla.com/D57667
--HG--
extra : moz-landing-system : lando
This doesn't solve all problems with potential reentrancy during window.open
nested event loops, but it does improve the situation somewhat. Since any
window in the same BrowsingContextGroup can target any window in the same
group, we need to suspend all windows in the group, not just the root of the
new window's parent. We also need to make sure we suspend all in-process
windows, even if we have out-of-process frames somewhere in the parent chain.
This patch takes care of suspending timeouts and input event handling in all
of these cases. It doesn't block all potential paths for running code in the
suspended windows, though, so the next patch explicitly prevents the
problematic reentrancy.
Differential Revision: https://phabricator.services.mozilla.com/D57666
--HG--
extra : moz-landing-system : lando
IPC crashes if you try to send large messages. The message manager
already drops messages that are too big (and used to collect telemetry
for which messages were being dropped).
I think that some message manager messages have been ported over to JS
window actors and started crashing on beta, so let's just give the
same behavior for JS window actors as we do for the message manager.
Differential Revision: https://phabricator.services.mozilla.com/D57583
--HG--
extra : moz-landing-system : lando
When we open a new window from a content process, we create a nested event
loop to wait for it to be initialized by the parent. The problem with this is
that the OpenWindow code which calls the window provider expects the window to
be in-process and uninitialized, so that it can load its own initial URI into
it, and correctly fulfil the spec-codified contract of window.open(). If
another caller initiates a load in the new window during the nested event
loop, those invariants are broken, and any manner of undefined behavior can
occur.
This patch adds a new flag to the BrowsingContext, marking it as uninitialized
until the end of the nested event loop, and blocking any attempts to load a
new URI into it in the meantime.
Differential Revision: https://phabricator.services.mozilla.com/D57667
--HG--
extra : moz-landing-system : lando
This doesn't solve all problems with potential reentrancy during window.open
nested event loops, but it does improve the situation somewhat. Since any
window in the same BrowsingContextGroup can target any window in the same
group, we need to suspend all windows in the group, not just the root of the
new window's parent. We also need to make sure we suspend all in-process
windows, even if we have out-of-process frames somewhere in the parent chain.
This patch takes care of suspending timeouts and input event handling in all
of these cases. It doesn't block all potential paths for running code in the
suspended windows, though, so the next patch explicitly prevents the
problematic reentrancy.
Differential Revision: https://phabricator.services.mozilla.com/D57666
--HG--
extra : moz-landing-system : lando
There is no functional change with this commit. The default implementation for GetCanceled() is still to check if the status code is a failure.
However, it can be argued that as you had to call Cancel() on the nsIChannel, having to check the nsIHttpChannelInternal interface to determine if you had been canceled in the past was rather a non obvious path.
It makes more sense to check the nsIChannel interface to determine if it's been canceled already and this allows for finer granularity if needed in the future.
Differential Revision: https://phabricator.services.mozilla.com/D55268
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.
For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.
Differential Revision: https://phabricator.services.mozilla.com/D57493
--HG--
extra : moz-landing-system : lando
This makes LoginManagerPrompter.jsm and LoginManagerAuthPrompter.jsm easier to maintain and switches
LoginManagerPrompter.jsm to be a service with static methods which is easier for GeckoView to implement and is cleaner.
Differential Revision: https://phabricator.services.mozilla.com/D57400
--HG--
rename : toolkit/components/passwordmgr/LoginManagerPrompter.jsm => toolkit/components/passwordmgr/LoginManagerAuthPrompter.jsm
rename : toolkit/components/passwordmgr/nsILoginManagerPrompter.idl => toolkit/components/passwordmgr/nsILoginManagerAuthPrompter.idl
extra : moz-landing-system : lando
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
There is no functional change with this commit. The default implementation for GetCanceled() is still to check if the status code is a failure.
However, it can be argued that as you had to call Cancel() on the nsIChannel, having to check the nsIHttpChannelInternal interface to determine if you had been canceled in the past was rather a non obvious path.
It makes more sense to check the nsIChannel interface to determine if it's been canceled already and this allows for finer granularity if needed in the future.
Differential Revision: https://phabricator.services.mozilla.com/D55268
--HG--
extra : moz-landing-system : lando
foo ? true : false
or:
foo ? false : true
Have always a nicer way to be written.
Differential Revision: https://phabricator.services.mozilla.com/D56842
--HG--
extra : moz-landing-system : lando
This is generally pretty straightforward, and rewrites nearly all calls. It
skips the ones that it can detect using frame script globals like
`sendAsyncMessage`, though.
Differential Revision: https://phabricator.services.mozilla.com/D53740
--HG--
extra : moz-landing-system : lando
This commit implements a simple data replication scheme, where
each content process receives a copy of the relevant session
storage data when navigating, and sending all its session storage
data to the parent process before shutting down.
Differential Revision: https://phabricator.services.mozilla.com/D55662
--HG--
extra : moz-landing-system : lando
The OnContentBlockingEvent is no longer needed once we make the
OnContentBlockingEvent parent only.
Differential Revision: https://phabricator.services.mozilla.com/D55788
--HG--
extra : moz-landing-system : lando
This patch adds an IPC message which allows content process to notify
the OnContentBlockingEvent in the parent process. This is needed because
there are some situations that the content blocking happens in content
processes, so we need to tell the parent process to notify it. Such as,
AntiTrackingCommon::AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor().
Differential Revision: https://phabricator.services.mozilla.com/D55648
--HG--
extra : moz-landing-system : lando
This patch makes the WindowGlobalParent to be able to send the
OnContentBlockingEvent in the parent process.
Differential Revision: https://phabricator.services.mozilla.com/D55645
--HG--
extra : moz-landing-system : lando
This adds a ContentBlockingLog into the WindowGlobalParent. This
ContentBlockingLog is bascially a copy of the log in the content
process. This log in parent is needed for the OnContentBlockingEvent in
parent process since we need an overview of the content blocking events
for OnContentBlockingEvent. And the ContentBlockingLog exits in the
content process in this stage, so we need to maintain a copy of it to
get the overview of the blocking events in parent.
Differential Revision: https://phabricator.services.mozilla.com/D54929
--HG--
extra : moz-landing-system : lando
This is generally pretty straightforward, and rewrites nearly all calls. It
skips the ones that it can detect using frame script globals like
`sendAsyncMessage`, though.
Differential Revision: https://phabricator.services.mozilla.com/D53740
--HG--
extra : moz-landing-system : lando
If `nsGlobalWindowOuter::ResizeTo()` etc is called before receiving
`BrowserChild::RecvUIResolutionChanged()`, the `aX`, `aY`, `aCx` and `aCy`
values are computed with old scale.
This patch makes `BrowserChild::SendSetDimensions()` set scale in the
remote process and `BrowserParent::RecvSetDimensions()` recompute each
value with current scale.
Differential Revision: https://phabricator.services.mozilla.com/D54150
--HG--
extra : moz-landing-system : lando
This intended to fix some windows builds, but that didn't end up working.
This removes some unused members and such, and fixes some missing includes
that they uncover (whoops).
This was needed because some windows headers used in the sandbox redefine STRICT
(which is used by `StyleContain`) and `TRANSPARENT`, which is used by some WR
stuff.
Differential Revision: https://phabricator.services.mozilla.com/D56317
--HG--
extra : moz-landing-system : lando
This is generally pretty straightforward, and rewrites nearly all calls. It
skips the ones that it can detect using frame script globals like
`sendAsyncMessage`, though.
Differential Revision: https://phabricator.services.mozilla.com/D53740
--HG--
extra : moz-landing-system : lando
This makes it much simpler to track down the source of message handler errors
by linking the cross-process caller chains which sent the problematic message.
Differential Revision: https://phabricator.services.mozilla.com/D50883
--HG--
extra : moz-landing-system : lando
In order to be able to reasonably debug error results from things like
JSWindowActor.sendQuery, we need to be able to clone errors across process
boundaries, so that they can be propagated to the caller that initiated a
query. The standard for the structured clone algorithm does not allow cloning
errors directly, so this patch instead adds a chrome-only wrapper object which
supports structured clone writing, and on reading, automatically decodes to
the error object it wraps. Callers who wish to clone an Error or Exception
object simply need to wrap it in a ClonedErrorHolder before sending.
Differential Revision: https://phabricator.services.mozilla.com/D50881
--HG--
extra : moz-landing-system : lando
This makes it much simpler to track down the source of message handler errors
by linking the cross-process caller chains which sent the problematic message.
Differential Revision: https://phabricator.services.mozilla.com/D50883
--HG--
extra : moz-landing-system : lando
In order to be able to reasonably debug error results from things like
JSWindowActor.sendQuery, we need to be able to clone errors across process
boundaries, so that they can be propagated to the caller that initiated a
query. The standard for the structured clone algorithm does not allow cloning
errors directly, so this patch instead adds a chrome-only wrapper object which
supports structured clone writing, and on reading, automatically decodes to
the error object it wraps. Callers who wish to clone an Error or Exception
object simply need to wrap it in a ClonedErrorHolder before sending.
Differential Revision: https://phabricator.services.mozilla.com/D50881
--HG--
extra : moz-landing-system : lando
* The parent needs to be able to request the child to provide its untrusted
modules telemetry. This is done via `GetUntrustedModulesData`.
* The child needs to be able to determine which of its module loads are trusted,
and which are not. Since the child is sandboxed, it must delegate that work
to the parent process. This is done via `GetModulesTrust`.
Differential Revision: https://phabricator.services.mozilla.com/D53681
--HG--
extra : moz-landing-system : lando
Kris Maglione
Andrea Marchesini
David Parks
Yaron Tausky
Valentin Gosu
Matt Woodrow
Emilio Cobos Álvarez
Bogdan Tara
Jean-Yves Avenard
Brian Hackett
Dorel Luca
alwu
Boris Zbarsky
Ciure Andrei
shindli
shravanrn@gmail.com
Gabriele Svelto
Razvan Maries
Andrew McCreight
David Teller
Hiroyuki Ikezoe
Ehsan Akhgari
Gurzau Raul
Thomas Wisniewski
Matthew Noorenberghe
Cosmin Sabou
Noemi Erli
John Dai
Oana Pop Rus
pbz
Tim Huang
Johann Hofmann
Masayuki Nakano
Kagami Sascha Rosylight
Daniel Varga
Aaron Klotz