fix: use appropriate site instance for cross-site nav's #15821
Conversation
ppontes
changed the title
| render_view_host->GetProcess()->GetID() == | ||
| currently_committed_process_id) { | ||
| currently_committed_process_id = -1; | ||
| Emit("current-render-view-deleted", |
There was a problem hiding this comment.
Better name for this event?
| @@ -781,8 +781,23 @@ void WebContents::RenderViewCreated(content::RenderViewHost* render_view_host) { | |||
| impl->disable_hidden_ = !background_throttling_; | |||
| } | |||
|
|
|||
| void WebContents::RenderViewHostChanged(content::RenderViewHost* old_host, | |||
| content::RenderViewHost* new_host) { | |||
| currently_committed_process_id = new_host->GetProcess()->GetID(); | |||
There was a problem hiding this comment.
member variables should end with trailing _
| content::RenderViewHost* new_host) { | ||
| currently_committed_process_id = new_host->GetProcess()->GetID(); | ||
| } | ||
|
|
||
| void WebContents::RenderViewDeleted(content::RenderViewHost* render_view_host) { | ||
| Emit("render-view-deleted", render_view_host->GetProcess()->GetID()); |
There was a problem hiding this comment.
A little comment stating that this event is necessary for tracking any states with respect to intermediate render view hosts aka speculative render view hosts. Currently used by object-registry.js to ref count remote objects.
atom/browser/atom_browser_client.cc
Outdated
| content::SiteInstance* speculative_instance, | ||
| const GURL& dest_url, | ||
| bool has_response_started) const { | ||
| bool navigationWasRedirected = false; |
There was a problem hiding this comment.
variable should be snake case, navigation_was_redirected
|
@ppontes can you rebase on latest master, it should be good to go. Thanks! |
…vigating. When navigating to a new address, consider using Chromium's determined site instance for the new page as it should belong to an existing browsing instance when the navigation was triggered by window.open(). fixes 8100.
… when navigating." This reverts commit eb95f93.
|
Failing tests are the usual flaky ones, I'm merging with them ignored. |
|
Release Notes Persisted
|
|
/trop run backport |
|
@ppontes You need to be on an approved user list to run trop commands.
|
|
@MarshallOfSound Thanks for the warning, I suspected that but since the trop docs are outdated I still gave it a try. |
|
@MarshallOfSound I would like to see this backported to 4.x line, and get an early feedback on using site isolation. There is only so much we can test here wrt navigations. Also this PR fixes some really troublesome usages of site instances. The only reason the last PR got reverted was because it compromised a common navigation code path. |
|
Thanks @ppontes and @deepak1556 I'm tentatively going to land this ready for the next 4.x release but cc'ing @sofianguy to give a heads up to the AFP folks that this change is landing. Basically any weird navigation or We can always revert before the next 4.x release if someone finds something. |
|
/trop run backport |
|
The backport process for this PR has been manually initiated, here we go! :D |
|
I was unable to backport this PR to "4-0-x" cleanly; |
|
cc @ppontes looks like the patch doesn't apply cleanly, can you take care of the manual backport? |
|
@MarshallOfSound yep, will do. Thanks. |
|
@ppontes, do you have an estimate on when you can do this? I'm wondering if we should try to get this into a beta release later this week so that there will more public testing time leading up to 4.0.0 |
|
Do you have plan to release this fix on 4.x? |
|
@dataich , this is a considerable change that got ready just as 4.x was about to be released, so unfortunately we decided not to include it in 4.x after all. It is available from 5.x. |
|
@ppontes thanks for your reply. I wait stable 5.x release😢 |
| @@ -1470,29 +1472,6 @@ describe('BrowserWindow module', () => { | |||
|
|
|||
| const preload = path.join(fixtures, 'module', 'preload-sandbox.js') | |||
|
|
|||
| // http protocol to simulate accessing another domain. This is required | |||
There was a problem hiding this comment.
Unfortunately, I don't remember the reason. Feel free to try to use it again according to your needs.
| } | ||
| embedder.once('render-view-deleted', closedByEmbedder) | ||
| embedder.once('current-render-view-deleted', closedByEmbedder) |
There was a problem hiding this comment.
Are we sure that "RenderViewDeleted" implies that the window should be closed?
Our Electron app is failing to use Google Sign-in, with a similar behavior to what is described here, and I've traced the issue to the current-render-view-deleted event being emitted before the sign-in is ready causing it to close prematurely.
For our app, the current-render-view-deleted event is only emitted in this situation, so it was safe to simply comment this line. Do you know what are the general implications of removing this handler?
There was a problem hiding this comment.
Did you understand what causes RenderViewDeleted to be fired in the first place?
@deepak1556 can confirm / correct me, I believe we need to depend on this event to cleanup our BrowserWindow stuff when we assume that something other than the user is triggering the window to close. So it'd be useful to understand why something's triggering the RenderView to be deleted while Google Sign-in still depends on the popup window being open.
There was a problem hiding this comment.
FWIW @tarruda, Google is shutting down sign-in in non-browsers: https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html
It's quite possible there's a separate issue here, but for Google sign-in specifically, you should probably see if you can switch to the OAuth flow.
There was a problem hiding this comment.
Did you understand what causes RenderViewDeleted to be fired in the first place?
Not certain, but it seemed to happen when the Google SSO window navigated to another URL (where it normally shows "please wait..." before closing the window).
Also, this didn't always happen: When I tried to sign in by opening our app login window directly with a BrowserWindow, the issue was not reproducible. It only happened during normal app usage, when the login window was opened with window.open.
There was a problem hiding this comment.
FWIW @tarruda, Google is shutting down sign-in in non-browsers: https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html
It's quite possible there's a separate issue here, but for Google sign-in specifically, you should probably see if you can switch to the OAuth flow.
@nornagon I'm not familiar with the details of how theh Google sign-in works, but I assume we already use the OAuth flow since that announcement is already one year old and everything was working fine for the past couple of months.
There was a problem hiding this comment.
Not necessarily; Google has been rolling it out on a percentage basis per-account since a few months ago. OAuth flow means you do sign-in in the browser and get a token back in your app.
There was a problem hiding this comment.
Not necessarily; Google has been rolling it out on a percentage basis per-account since a few months ago. OAuth flow means you do sign-in in the browser and get a token back in your app.
Hmm now I remember having to change user-agent in order for Google Sign-in to work, that must have been the reason :)
There was a problem hiding this comment.
Right, that seems to work for some people for now, but Google is pretty committed to preventing people from doing what you're doing, so I wouldn't be at all surprised if they break it in other, more difficult-to-work-around ways without warning in the future.
Could someone please clarify whether the above means that disabling site isolation via |
Description of Change
When a window is opened with window.open to navigate to a cross-site destination, the new site instance should belong to the browsing instance of the opener window in order not to break scripting relationships between windows.
fixes #8100.
This change turns Chromium's site isolation on and depends on it being on in order to work properly. Turning on site isolation revealed the following latent problems that are / will be fixed also in this PR:
The fix also requires the following to be addressed:
Checklist
npm testpassesRelease Notes
Notes: Fixed a bug where
window.openerof a window created with window.open from a sandboxed renderer was null.