New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use appropriate site instance for cross-site nav's #15821
fix: use appropriate site instance for cross-site nav's #15821
Conversation
render_view_host->GetProcess()->GetID() == | ||
currently_committed_process_id) { | ||
currently_committed_process_id = -1; | ||
Emit("current-render-view-deleted", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better name for this event?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with some minor style changes.
@@ -781,8 +781,23 @@ void WebContents::RenderViewCreated(content::RenderViewHost* render_view_host) { | |||
impl->disable_hidden_ = !background_throttling_; | |||
} | |||
|
|||
void WebContents::RenderViewHostChanged(content::RenderViewHost* old_host, | |||
content::RenderViewHost* new_host) { | |||
currently_committed_process_id = new_host->GetProcess()->GetID(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
member variables should end with trailing _
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Of course, fixed.
content::RenderViewHost* new_host) { | ||
currently_committed_process_id = new_host->GetProcess()->GetID(); | ||
} | ||
|
||
void WebContents::RenderViewDeleted(content::RenderViewHost* render_view_host) { | ||
Emit("render-view-deleted", render_view_host->GetProcess()->GetID()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A little comment stating that this event is necessary for tracking any states with respect to intermediate render view hosts aka speculative render view hosts. Currently used by object-registry.js
to ref count remote objects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, added.
atom/browser/atom_browser_client.cc
Outdated
content::SiteInstance* speculative_instance, | ||
const GURL& dest_url, | ||
bool has_response_started) const { | ||
bool navigationWasRedirected = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
variable should be snake case, navigation_was_redirected
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Of course, fixed.
@ppontes can you rebase on latest master, it should be good to go. Thanks! |
…vigating. When navigating to a new address, consider using Chromium's determined site instance for the new page as it should belong to an existing browsing instance when the navigation was triggered by window.open(). fixes 8100.
… when navigating." This reverts commit eb95f93.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't find any problem, this is awesome.
Failing tests are the usual flaky ones, I'm merging with them ignored. |
Release Notes Persisted
|
/trop run backport |
@ppontes You need to be on an approved user list to run trop commands.
|
@MarshallOfSound Thanks for the warning, I suspected that but since the trop docs are outdated I still gave it a try. |
@MarshallOfSound I would like to see this backported to 4.x line, and get an early feedback on using site isolation. There is only so much we can test here wrt navigations. Also this PR fixes some really troublesome usages of site instances. The only reason the last PR got reverted was because it compromised a common navigation code path. |
Thanks @ppontes and @deepak1556 I'm tentatively going to land this ready for the next 4.x release but cc'ing @sofianguy to give a heads up to the AFP folks that this change is landing. Basically any weird navigation or We can always revert before the next 4.x release if someone finds something. |
/trop run backport |
The backport process for this PR has been manually initiated, here we go! :D |
I was unable to backport this PR to "4-0-x" cleanly; |
cc @ppontes looks like the patch doesn't apply cleanly, can you take care of the manual backport? |
@MarshallOfSound yep, will do. Thanks. |
@ppontes, do you have an estimate on when you can do this? I'm wondering if we should try to get this into a beta release later this week so that there will more public testing time leading up to 4.0.0 |
Do you have plan to release this fix on 4.x? |
@dataich , this is a considerable change that got ready just as 4.x was about to be released, so unfortunately we decided not to include it in 4.x after all. It is available from 5.x. |
@ppontes thanks for your reply. I wait stable 5.x release😢 |
@@ -1470,29 +1472,6 @@ describe('BrowserWindow module', () => { | |||
|
|||
const preload = path.join(fixtures, 'module', 'preload-sandbox.js') | |||
|
|||
// http protocol to simulate accessing another domain. This is required |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, I don't remember the reason. Feel free to try to use it again according to your needs.
} | ||
embedder.once('render-view-deleted', closedByEmbedder) | ||
embedder.once('current-render-view-deleted', closedByEmbedder) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure that "RenderViewDeleted" implies that the window should be closed?
Our Electron app is failing to use Google Sign-in, with a similar behavior to what is described here, and I've traced the issue to the current-render-view-deleted
event being emitted before the sign-in is ready causing it to close prematurely.
For our app, the current-render-view-deleted
event is only emitted in this situation, so it was safe to simply comment this line. Do you know what are the general implications of removing this handler?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you understand what causes RenderViewDeleted to be fired in the first place?
@deepak1556 can confirm / correct me, I believe we need to depend on this event to cleanup our BrowserWindow stuff when we assume that something other than the user is triggering the window to close. So it'd be useful to understand why something's triggering the RenderView to be deleted while Google Sign-in still depends on the popup window being open.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW @tarruda, Google is shutting down sign-in in non-browsers: https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html
It's quite possible there's a separate issue here, but for Google sign-in specifically, you should probably see if you can switch to the OAuth flow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you understand what causes RenderViewDeleted to be fired in the first place?
Not certain, but it seemed to happen when the Google SSO window navigated to another URL (where it normally shows "please wait..." before closing the window).
Also, this didn't always happen: When I tried to sign in by opening our app login window directly with a BrowserWindow, the issue was not reproducible. It only happened during normal app usage, when the login window was opened with window.open
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW @tarruda, Google is shutting down sign-in in non-browsers: https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html
It's quite possible there's a separate issue here, but for Google sign-in specifically, you should probably see if you can switch to the OAuth flow.
@nornagon I'm not familiar with the details of how theh Google sign-in works, but I assume we already use the OAuth flow since that announcement is already one year old and everything was working fine for the past couple of months.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessarily; Google has been rolling it out on a percentage basis per-account since a few months ago. OAuth flow means you do sign-in in the browser and get a token back in your app.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessarily; Google has been rolling it out on a percentage basis per-account since a few months ago. OAuth flow means you do sign-in in the browser and get a token back in your app.
Hmm now I remember having to change user-agent in order for Google Sign-in to work, that must have been the reason :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, that seems to work for some people for now, but Google is pretty committed to preventing people from doing what you're doing, so I wouldn't be at all surprised if they break it in other, more difficult-to-work-around ways without warning in the future.
Could someone please clarify whether the above means that disabling site isolation via |
Description of Change
When a window is opened with window.open to navigate to a cross-site destination, the new site instance should belong to the browsing instance of the opener window in order not to break scripting relationships between windows.
fixes #8100.
This change turns Chromium's site isolation on and depends on it being on in order to work properly. Turning on site isolation revealed the following latent problems that are / will be fixed also in this PR:
The fix also requires the following to be addressed:
Checklist
npm test
passesRelease Notes
Notes: Fixed a bug where
window.opener
of a window created with window.open from a sandboxed renderer was null.