зеркало из https://github.com/mozilla/gecko-dev.git
448f596abf
Installing a Webapp is an asynchronous job, and there is a pocket of time between when web content requests to install an app and before the browser displays an installation prompt that the outer window of the content can browse away. This pocket of time is typically used by XHR to request the web app resources and verify their contents. This pocket of time is, essentially, bug 771294, and is a bit of a security problem. This problem was originally patched over on Desktop by checking in the parent process that the outer window was still at the same URI as it had been when it made the request. I'm not entirely sure if Android / B2G made similar checks. With separated content processes, however, the browser front-end can no longer performantly check to ensure that the outer window is at the same URI. We solve this problem by sending up a message in the content process when the location of an outer window making use of navigator.mozApps changes. We hold a Map of "actions" mapping to in-flight installs mapped by the outer window ID of the requesting content. When we notice a location change, we mark those actions as cancelled. When the XHR returns, we have it check the state of its actions, and if they're cancelled, it aborts further action. Normally, this wouldn't be necessary, since any XHR initiated by the content window would be cancelled once the location changed, but in this case, the XHR is occurring in Webapps.jsm, and is not influenced by the outer window of the content. --HG-- extra : rebase_source : 5f95002a21c96c5cbf3dca8ca265400448251b43 |
||
|---|---|---|
| .. | ||
| ajax | ||
| beacon | ||
| bugs | ||
| chrome | ||
| crypto | ||
| dom-level0 | ||
| dom-level1-core | ||
| dom-level2-core | ||
| dom-level2-html | ||
| fetch | ||
| gamepad | ||
| general | ||
| geolocation | ||
| localstorage | ||
| notification | ||
| orientation | ||
| pointerlock | ||
| sessionstorage | ||
| storageevent | ||
| webapps | ||
| webcomponents | ||
| whatwg | ||