Bug 1521542 - Disable Process Switching for Sandboxed Contexts r=ckerschb,nika
authorSebastian Streich <sstreich@mozilla.com>
Thu, 04 Jun 2020 10:46:48 +0000
changeset 597959 2cf1d4f4d8c6e0c421a692db893bf4d1c350ae98
parent 597958 4cfcf5a973dafee5b00447dddaca479e3f92dc1b
child 597960 604346d2f6dade76d63d499532ce9a1c5d50d9cb
push id13310
push userffxbld-merge
push dateMon, 29 Jun 2020 14:50:06 +0000
treeherdermozilla-beta@15a59a0afa5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, nika
bugs1521542
milestone79.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1521542 - Disable Process Switching for Sandboxed Contexts r=ckerschb,nika Differential Revision: https://phabricator.services.mozilla.com/D76704
dom/ipc/ContentChild.cpp
testing/web-platform/meta/html/cross-origin-opener-policy/coop-sandbox.https.html.ini
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -114,16 +114,17 @@
 #include "Geolocation.h"
 #include "audio_thread_priority.h"
 #include "nsIConsoleService.h"
 #include "audio_thread_priority.h"
 #include "nsIURIMutator.h"
 #include "nsIInputStreamChannel.h"
 #include "nsFocusManager.h"
 #include "nsIOpenWindowInfo.h"
+#include "nsSandboxFlags.h"
 
 #if !defined(XP_WIN)
 #  include "mozilla/Omnijar.h"
 #endif
 
 #ifdef MOZ_GECKO_PROFILER
 #  include "ChildProfilerController.h"
 #endif
@@ -875,23 +876,31 @@ nsresult ContentChild::ProvideWindowComm
     Preferences::AddBoolVarCache(&sNoopenerNewProcess,
                                  "dom.noopener.newprocess.enabled");
     sNoopenerNewProcessInited = true;
   }
 
   bool useRemoteSubframes =
       aChromeFlags & nsIWebBrowserChrome::CHROME_FISSION_WINDOW;
 
+  uint32_t parentSandboxFlags = parent->SandboxFlags();
+  if (Document* doc = parent->GetDocument()) {
+    parentSandboxFlags = doc->GetSandboxFlags();
+  }
+
+  bool sandboxFlagsPropagate =
+      parentSandboxFlags & SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS;
+
   // Check if we should load in a different process. Under Fission, we never
   // want to do this, since the Fission process selection logic will handle
   // everything for us. Outside of Fission, we always want to load in a
   // different process if we have noopener set, but we also might if we can't
   // load in the current process.
-  bool loadInDifferentProcess =
-      aForceNoOpener && sNoopenerNewProcess && !useRemoteSubframes;
+  bool loadInDifferentProcess = aForceNoOpener && sNoopenerNewProcess &&
+                                !useRemoteSubframes && !sandboxFlagsPropagate;
   if (!loadInDifferentProcess && aURI) {
     // Only special-case cross-process loads if Fission is disabled. With
     // Fission enabled, the initial in-process load will automatically be
     // retargeted to the correct process.
     if (!(parent && parent->UseRemoteSubframes())) {
       nsCOMPtr<nsIWebBrowserChrome3> browserChrome3;
       rv = aTabOpener->GetWebBrowserChrome(getter_AddRefs(browserChrome3));
       if (NS_SUCCEEDED(rv) && browserChrome3) {
@@ -899,17 +908,17 @@ nsresult ContentChild::ProvideWindowComm
         rv = browserChrome3->ShouldLoadURIInThisProcess(aURI, &shouldLoad);
         loadInDifferentProcess = NS_SUCCEEDED(rv) && !shouldLoad;
       }
     }
   }
 
   // If we're in a content process and we have noopener set, there's no reason
   // to load in our process, so let's load it elsewhere!
-  if (loadInDifferentProcess) {
+  if (loadInDifferentProcess && !sandboxFlagsPropagate) {
     float fullZoom;
     nsCOMPtr<nsIPrincipal> triggeringPrincipal;
     nsCOMPtr<nsIContentSecurityPolicy> csp;
     nsCOMPtr<nsIReferrerInfo> referrerInfo;
     rv = GetCreateWindowParams(aOpenWindowInfo, aLoadState, aForceNoReferrer,
                                &fullZoom, getter_AddRefs(referrerInfo),
                                getter_AddRefs(triggeringPrincipal),
                                getter_AddRefs(csp));
deleted file mode 100644
--- a/testing/web-platform/meta/html/cross-origin-opener-policy/coop-sandbox.https.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[coop-sandbox.https.html]
-  [<iframe sandbox="allow-popups allow-scripts"> Sandboxed Cross-Origin-Opener-Policy popup should result in a network error]
-    expected:
-      if webrender and fission: [PASS, FAIL]
-      if webrender and (os == "linux") and debug: [FAIL, PASS]
-      if webrender and (os == "linux") and not debug: [FAIL, PASS]
-      if webrender and (os == "win"): [FAIL, PASS]
-      FAIL
-