This patch builds the foundation for the ability to relocate HTTP channels from one content process to another in order to ensure that origins are properly isolated. This relocation would normally occur when the response to an HTTP request is a redirect to a different origin.
The patch merely adds the mechanism for relocating the channel, rather than the logic of doing so. This will be provided in a follow-up patch by a specialized service. Right now that functionality is mocked in the test.
How this works:
In nsHttpChannel::OnStartRequest we will query the service that decides whether we need to direct the response to another process. If so, it will return a promise that resolves to a TabParent.
When the promise resolves, in HttpChannelParentListener::TriggerCrossProcessRedirect we call NeckoParent::SendCrossProcessRedirect passing along the required information to recreate the channel in the new process. The NeckoChild in the new process will then instantiate a new channel, call ConnectParent() which creates the associated parent channel, and connects it with the existing nsHttpChannel.
A listener in the new process is then notified of the existence of the new channel. It is required to call completeRedirectSetup on the channel, passing an nsIStreamListener to the call.
We then finish the entire operation with a call to HttpChannelChild::SendCrossProcessRedirectDone which causes us to close the old HttpChannelChild in the previous process and to resume the nsHttpChannel in the main process.
Differential Revision: https://phabricator.services.mozilla.com/D2958
--HG--
rename : netwerk/test/browser/browser_cookie_sync_across_tabs.js => netwerk/test/browser/browser_cross_process_redirect.js
rename : dom/media/test/redirect.sjs => netwerk/test/browser/redirect.sjs
extra : moz-landing-system : lando
This patch builds the foundation for the ability to relocate HTTP channels from one content process to another in order to ensure that origins are properly isolated. This relocation would normally occur when the response to an HTTP request is a redirect to a different origin.
The patch merely adds the mechanism for relocating the channel, rather than the logic of doing so. This will be provided in a follow-up patch by a specialized service. Right now that functionality is mocked in the test.
How this works:
In nsHttpChannel::OnStartRequest we will query the service that decides whether we need to direct the response to another process. If so, it will return a promise that resolves to a TabParent.
When the promise resolves, in HttpChannelParentListener::TriggerCrossProcessRedirect we call NeckoParent::SendCrossProcessRedirect passing along the required information to recreate the channel in the new process. The NeckoChild in the new process will then instantiate a new channel, call ConnectParent() which creates the associated parent channel, and connects it with the existing nsHttpChannel.
A listener in the new process is then notified of the existence of the new channel. It is required to call completeRedirectSetup on the channel, passing an nsIStreamListener to the call.
We then finish the entire operation with a call to HttpChannelChild::SendCrossProcessRedirectDone which causes us to close the old HttpChannelChild in the previous process and to resume the nsHttpChannel in the main process.
Differential Revision: https://phabricator.services.mozilla.com/D2958
--HG--
rename : netwerk/test/browser/browser_cookie_sync_across_tabs.js => netwerk/test/browser/browser_cross_process_redirect.js
rename : dom/media/test/redirect.sjs => netwerk/test/browser/redirect.sjs
extra : moz-landing-system : lando
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant C++ functions are updated to take a typed enum. JavaScript
calls are unaffected but they will throw if the string argument does not
correspond to one of the known entries in the C++ enum. The existing whitelists
and blacklists of annotations are also generated from the YAML file and all
duplicate code related to them has been consolidated. Once written out to the
.extra file the annotations are converted in string form and are no different
than the existing ones.
All existing annotations have been included in the list (and some obsolete ones
have been removed) and all call sites have been updated including tests where
appropriate.
--HG--
extra : source : 4f6c43f2830701ec5552e08e3f1b06fe6d045860
This patch is an automatic replacement of s/NS_NOTREACHED/MOZ_ASSERT_UNREACHABLE/. Reindenting long lines and whitespace fixups follow in patch 6b.
MozReview-Commit-ID: 5UQVHElSpCr
--HG--
extra : rebase_source : 4c1b2fc32b269342f07639266b64941e2270e9c4
extra : source : 907543f6eae716f23a6de52b1ffb1c82908d158a
This was done automatically replacing:
s/mozilla::Move/std::move/
s/ Move(/ std::move(/
s/(Move(/(std::move(/
Removing the 'using mozilla::Move;' lines.
And then with a few manual fixups, see the bug for the split series..
MozReview-Commit-ID: Jxze3adipUh
This fixes the "Assertion failure: PermissionAvailable(prin, aType), at nsPermissionManager.cpp:2341 when loading FTP URLs on debug builds"
MozReview-Commit-ID: 4eRGQ3hrUWo
--HG--
extra : rebase_source : 36516275b1fe0f266a08394484e19e0aecfbd671
the id was a b2g feature only settable via chrome privd xhr and is no
longer active in the code base
MozReview-Commit-ID: 84GPNvhvjNb
--HG--
extra : rebase_source : ab5c2229b98e1407b8b74ef2ee00dcfea45e046a
This cleanup basically reverts the remaining bits of 93dcf59ff87
MozReview-Commit-ID: 9zimpjAkZyj
--HG--
extra : rebase_source : 7c2d573a0cd067f529f096472c1d543d8d598635
When writing to alt-data output stream fails for whatever reason, we now try to
truncate alternative data and keep the original data instead of dooming the
whole entry. The patch also changes how is the predicted size passed to the
cache. Instead of a dedicated method it's now an argument of openOutputStream
and openAlternativeOutputStream methods which fail in case the entry would
exceed the allowed limit.
This patch was reviewed in parts, however the intermediate states would not build:
Bug 1443954 - Part 3A: Strip pointers from the argument to WriteParam and WriteIPDLParam before selecting the ParamTraits impl, r=froydnj
Bug 1443954 - Part 3B: Move nsIAlertNotification serialization to the refcounted system, r=bz
Bug 1443954 - Part 3C: Move geolocation serialization to the refcounted system, r=bz
Bug 1443954 - Part 3D: Move nsIInputStream serialization to the refcounted system, r=baku
Bug 1443954 - Part 3E: Move BlobImpl serialization to the refcounted system, r=baku
Bug 1443954 - Part 3F: Correctly implement ParamTraits for actors after the ParamTraits changes, r=froydnj
This issue is triggered by off-main-thread ODA listener that return error cause from OnDataAvailable callback.
A CancelEvent will be prepend to event queue and trigger race condition between CompleteResume and EndForceEnqueueing.
The `mFlushing` is checked and set in separate critical sections, therefore two threads that executing MayFlushQueue
might both pass the `mFlushing` check and trying to call FlushQueue simultaneously.
The solution is to check and set `mFlushing` in single critical section, so we can guarantee that only one FlushQueue
can be executed at anytime.
In addition, resumption is postponed until no AutoEventEnqueuer is activated. Therefore, CompleteResume will only be
triggered while all the suspension requests and auto enqueue requests are finished.
MozReview-Commit-ID: HpxzgUqYm8C
--HG--
extra : rebase_source : 9be0d37bb4475a0817dafb6270585263160a9da1
This removes an unnecessary level of indirection by replacing all
nsStringGlue.h instances with just nsString.h.
--HG--
extra : rebase_source : 340989240af4018f3ebfd92826ae11b0cb46d019
These were originally exposed directly as static methods on nsGlobalWindow, but
as they are clearly associated with either the inner or outer window, it makes
more sense for them to be called as such.
MozReview-Commit-ID: LFq8EfnhDlo
This is a large patch which tries to switch many of the external consumers of
nsGlobalWindow to instead use the new Inner or Outer variants.
MozReview-Commit-ID: 99648Lm46T5
And remove unreachable code after MOZ_CRASH_UNSAFE_OOL().
MOZ_CRASH_UNSAFE_OOL causes data collection because crash strings are annotated to crash-stats and are publicly visible. Firefox data stewards must do data review on usages of this macro. However, all the crash strings this patch collects with MOZ_CRASH_UNSAFE_OOL are already collected with NS_RUNTIMEABORT.
MozReview-Commit-ID: IHmJfuxXSqw
--HG--
extra : rebase_source : 031f30934b58a7b87f960e57179641d44aefe5c5
extra : source : fe9f638a56a53c8721eecc4273dcc074c988546e
The WebRequest API needs to know if a given window ID is at the top level, for
various reasons. It currently figures this out by mapping a channel's load
context to a <browser> element, which tracks its current top outer window ID.
But this is inefficient, and not friendly to C++ callers.
Adding the top window ID to the load info simplifies things considerably.
MozReview-Commit-ID: Fy0gxTqQZMZ
--HG--
extra : rebase_source : bb5b1e1b3294004ca5e713fc88c4e20652296e53
This patch removes the ability to select which protocols you want
included in necko, a wholly untested configuration that is broken in
practice. We have no need of this kind of configurability in necko.
In addition, this removes the final vestiges of rtsp support, which was
originally removed in bug 1295885 but still had some stuff hanging
around behind some ifdefs (that were never true).
MozReview-Commit-ID: KOEaDmit2IL
--HG--
extra : rebase_source : f6c2fdb972aaba46e922cda801252dc953550b94
This flags is added in the http channel interface by which developers can control the TLS
connections from JavaScript code (e.g. Add-ons). Basically, all the changes accounted for
plumbing this TLS flags from JavaScript level to C++ code responsible for calling NSS
module. We also added a unit test to make sure that separate connections are created if we
use different tlsFlags. Basically we used a concrete set of flag values that covers the
edge cases and check the hashkey generated in the connection info.
--HG--
rename : netwerk/test/unit/test_separate_connections.js => netwerk/test/unit/test_tls_flags_separate_connections.js
Implements PerformanceTiming, nsITimedChannel, and devtools 'tls setup'
Also captures telemetry on this as we do for all other attributes of timedChannel
Also propogates some null transaction timings onto first real
transaction of a connection
MozReview-Commit-ID: 47TQJYVHnKC
--HG--
extra : rebase_source : a7723962986de0c2ab00d479a22c3f5fd185c8b2
Changes ExtensionProtocolHandler to use remote streams for
moz-extension loads of file and JAR URI's to allow for
filesystem read-access sandboxing.
Adds messaging to PNecko to allow child processes to
request an input stream or file descriptor for moz-extension
URI's.
Add ExtensionProtocolHandler singleton so that NeckoParent can
call methods directly and ExtensionProtocolHandler::NewFD
can use a new member variable |mFileOpenerThread| to open files.
Adds FileDescriptorFile, a limited implementation of nsIFile
that wraps a file descriptor, to be sideloaded into
nsJARChannels so that extension JAR files can be read
using a file descriptor without accessing the filesystem
directly.
MozReview-Commit-ID: 1pcnIpjz2yR
--HG--
extra : rebase_source : 9d7334778fc81837b11b98d4e32603f7e5eb3a27
Changes ExtensionProtocolHandler to use remote streams for
moz-extension loads of file and JAR URI's to allow for
filesystem read-access sandboxing.
Adds messaging to PNecko to allow child processes to
request an input stream or file descriptor for moz-extension
URI's.
Add ExtensionProtocolHandler singleton so that NeckoParent can
call methods directly and ExtensionProtocolHandler::NewFD
can use a new member variable |mFileOpenerThread| to open files.
Adds FileDescriptorFile, a limited implementation of nsIFile
that wraps a file descriptor, to be sideloaded into
nsJARChannels so that extension JAR files can be read
using a file descriptor without accessing the filesystem
directly.
MozReview-Commit-ID: 1pcnIpjz2yR
--HG--
extra : rebase_source : c3f2ede3dbfb29d98af6b194dbe58669d93d4197
Collect telemetry for all requests to get an exact percentage of
requests that are subject to HSTS priming, and how many result in an
HSTS Priming request being sent. Clean up telemetry to remove instances
of double counting requests if a priming request was sent.
HSTSPrimingListener::ReportTiming was using mCallback to calculate
timing telemetry, but we were calling swap() on the nsCOMPtr. Give it an
explicit argument for the callback.
Add tests for telemetry values to all of the HSTS priming tests. This
tests for the minimum as telemetry may be gathered on background or
other requests.
MozReview-Commit-ID: 5V2Nf0Ugc3r
--HG--
extra : rebase_source : daa357219a77d912a78b95a703430f39d884c6ab
This patch contains two parts below:
1. mNeckoTarget
Since almost all child channels in necko need mNeckoTarget to dispatch runnables to main thread, it seems worth to have a holder class of mNeckoTarget and ask child channels to inherit it.
2. ChannelEvent
A lot of classes in FTPChannelChild and HttpChannelChild inheriting ChannelEvent and override GetEventTarget. It should be worth to extract the same code and put it in the same space.
In order to provide more details context of how client arrived at the unsafe
page, particularly in redirect case, we may have to add more information to
redirect chains including:
- referrer (if any)
- remote address.
- URL
We may want to use an idl interface instead of nsIPrincipal to store these
information
MozReview-Commit-ID: 3Uh4r06w60C
If HttpChannelChild::Cancel is triggered off main thread while flushing channel event queue,
CompleteResume might be executed while the flush is about to be finished. In this case, queue resumption
will not be able to trigger the second queue flush because the previous one is not finished yet.
Therefore, the HttpChannelChild::Cancel will be sitted in the queue without executing.
MozReview-Commit-ID: GxnkiDUmEnw
--HG--
extra : rebase_source : d04268a04ab24c38bf6fa436526a04f77cd64805
PStunAddrsRequest.ipdl defines the new IPC protocol to get stun
addrs on the main process.
StunAddrsRequestChild requests the stun addrs from the parent.
StunAddrsRequestParent uses a static method on NrIceCtx to get the
stun addrs from the STS thead and sends the addrs back to the
child process.
NrIceStunAddr (nricestunaddr.{cpp|h}) wraps nr_local_addr and makes
it easier to serialize/deserialize over IPC.
NrIceStunAddrMessageUtils follows the pattern used by other Necko
IPC classes to define top-level serialization/deserialization
calls used by the IPC framework.
Modifications under netwerk/ipc are to connect the new IPC
protocol to get stun addrs to PNecko since it is a network
related IPC protocol.
MozReview-Commit-ID: GyEapBe5krl
--HG--
extra : rebase_source : c650d6aa4f7928bcae6032424303869074a755d4
HTTP/1.1 pipelines have been subsumed by the more effective mux of spdy, h2, and soon quic.
The feature was never able to overcome the limitations of HoL blocking
and TCP reset, and their impact on performance and reliability.
Fundamentally mux is the only way we should be approaching that problem.
The massive amount of code - mostly heuristics to try and deal with
the HoL problem (by classifying things onto different transactions,
timers for broken servers, etc..) has become a maintenance burden with
minimal value given the default off state of the feature.
h2 is the new (working) strategy.
--HG--
extra : rebase_source : 5794957c1f078ca435480724d3caf9bdd861b7de
This patch adds (and hooks up) a new service so that HTTP channels marked as
"Throttleable" will periodically be Suspend()ed and Resume()d when more
important operations are going (such as a page load).
While this patch is not responsible for marking channels as "Throttleable",
the general idea is that these would be less-important channels - background
downloads, beacons, etc, and perhaps even resources known to be trackers.
MozReview-Commit-ID: HEZsxS04rRK
--HG--
extra : rebase_source : 03cce85fe7df782e1f6e2da9e5a99997b796aba2
Dragana Damjanovic
Ehsan Akhgari
Sylvestre Ledru
Valentin Gosu
Gurzau Raul
Andrea Marchesini
Liang-Heng Chen
Gabriele Svelto
Brian Hackett
Margareta Eliza Balazs
Chris Peterson
Andi-Bogdan Postelnicu
Ben Kelly
Alex Gaynor
Cosmin Sabou
Emilio Cobos Álvarez
Honza Bambas
Patrick McManus
Rob Wu
Michal Novotny
Sebastian Hengst
Tristan Bourvon
Nika Layzell
Christoph Kerschbaumer
Jonathan Kingston
Kate McKinley
Shih-Chiang Chien
Amy Chung
Eric Rahm
Tom Tung
shindli
evilpies@gmail.com
Wes Kocher
Ryan VanderMeulen
Kris Maglione
Nicholas Hurley
Michael Layzell
Sajjad Arshad
Carsten "Tomcat" Book
Shane Caraveo
Kershaw Chang
Nathan Froyd
Haik Aftandilian
Bill McCloskey
Phil Ringnalda
Junior Hsu
Thomas Nguyen
Ho-Pang Hsu
Michael Froman
Tim Huang
Emanuel Hoogeveen
Nicholas Hurley