Try using WebChannel from within a container tab will throw an error: > {webChannelId} error message. No Such Channel This is because when using origin as originOrPermission when creating a WebChannel, `_originCheckCallback` will check `{allowedOrigin}.prePath === requestPrincipal.origin` to find a matching WebChannel[1]; Since a) another check for WebChannel already uses `originNoSuffix`[2] and b) `userContextId` are ignored when matching permissions[3], I think it might be okay to just use `requestPrincipal.originNoSuffix` here? [1]: https://dxr.mozilla.org/mozilla-central/rev/0534254e9a40/toolkit/modules/WebChannel.jsm#184 [2]: https://hg.mozilla.org/mozilla-central/rev/af0f02e07f6a#l21.53 [3]: https://hg.mozilla.org/mozilla-central/rev/299a09f24493

Ethan, is this also an issue for Tor?

That's not Ethan's email, let's change to right one(ettseng@mozilla.com).

Dupe of bug 1319904, which was already fixed.

I'm not sure this is a duplicate. Reopening for now and we can decide after further investigation.

(In reply to Tanvi Vyas [:tanvi] from comment #1) > Ethan, is this also an issue for Tor? I went through comments in bug 1319904. It looks to me this is a general Origin Attributes issue that has to be fixed in WebChannel. So yes, I assume it also affects Tor First Party Isolation. Arthur, can you help to confirm this?

(In reply to Ethan Tseng [:ethan] from comment #5) > (In reply to Tanvi Vyas [:tanvi] from comment #1) > > Ethan, is this also an issue for Tor? > > I went through comments in bug 1319904. > It looks to me this is a general Origin Attributes issue that has to be > fixed in WebChannel. > So yes, I assume it also affects Tor First Party Isolation. > > Arthur, can you help to confirm this? Sorry for the delay -- yes, it looks to me like the issue affects first-party isolation as a part of originAttributes. As far as I can tell, the patch in bug 1319904 should solve the problem for first-party isolation as well.

Bug 1319904 makes WebChannel NOT isolated by Origin Attributes.

Set it as blocking First Party Isolation for tracking.

Tanvi, this is was marked as a P1, got closed and reopened? Do we need to set a new priority? Potentially we need to find an owner for this one! Can you have a look please?

(In reply to Tanvi Vyas - behind on bugmail [:tanvi] from comment #7) > Bug 1319904 makes WebChannel NOT isolated by Origin Attributes. You're absolutely right. Sorry for my mistake. Indeed this looks like we need to implement a fix for first party isolation.

As discussed in the meeting, this bug is low priority but nice to have.

(In reply to Ethan Tseng [:ethan] from comment #11) > As discussed in the meeting, this bug is low priority but nice to have. Clearing my ni? queue at the moment. Thanks Ethan for de-prioritizing this work in comment 11. Clearing the ni? for Tanvi in that case.

Bulk change per https://bugzilla.mozilla.org/show_bug.cgi?id=1401020