The following features together prevent extensions from loading external content in iframes:

• Extensions on GeckoView run in the main process.
• External content cannot be loaded in the parent process, according to the rules defined by nsDocShell::CanLoadInParentProcess. Otherwise the request is rejected (and a crash on debug builds: "ASSERTION: Attempt to load a non-authorised load in the parent process:") by https://searchfox.org/mozilla-central/rev/064a1e6a2a6f6aa30be8bf4edea2f8408f779d4d/netwerk/ipc/ParentProcessDocumentChannel.cpp#58-70

STR: Example of failing unit test:

• command: ./mach xpcshell-test --verbose toolkit/components/extensions/test/xpcshell/test_ext_cookieBehaviors.js --tag=in-process-webextensions
• expected: document loads and iframe.onload is called.
• actual: document does not load and iframe.onerror is called.
• actual (debug build): crash, ASSERTION: Attempt to load a non-authorised load in the parent process: ###!!! ASSERTION: Attempt to load a non-authorised load in the parent process: http://example.com/page-with-tracker.html: 'false', file /path/to/gecko/netwerk/ipc/ParentProcessDocumentChannel.cpp:66
• test source: https://searchfox.org/mozilla-central/rev/4b49a0dc50104e03ecadd1fd1902b27be6b9c0c8/toolkit/components/extensions/test/xpcshell/test_ext_cookieBehaviors.js#375-385

STR: manual test on mobile:

1. Start a Fenix build, and enable remote debugging in the settings.

2. Visit about:debugging on desktop, enable devices, connect to the device.

3. Select an extension (one of the built-in ones), inspect it and run the following code in the background page:

   f = document.createElement("iframe");
   f.src = "https://example.com/";
   f.onload = f.onerror = e => console.log(e.type);
   document.body.append(f);
   

4. Look at the console.

5. Use the DOM inspector to inspect the iframe.

Expected:

• Step 4 prints "load".
• Step 5 shows a loaded document.

Actual:

• Step 4 prints "error".
• Step 5 shows an empty document (empty <head> and <body>).

Alternative STR (desktop):

1. Start Firefox with extensions.webextensions.remote=false (restart the browser if you're using about:config).
2. Install an extension.
3. Visit about:debugging and inspect the extension.
4. See step 4 and 5 from the other STR, with the same Expected/actual

Out-of-process frames are not supported in the main process by Fission (and besides, Fission isn't even enabled by default in GeckoView).
Non-e10s (single-process mode) is not supported on GeckoView either (and we wouldn't want that anyway).

So the only feasible path towards a fix for this bug is to enable out-of-process extensions on Android - bug 1535365.

I can get xpcshell tests to pass with the following prefs:

Services.prefs.setBoolPref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", true);
Services.prefs.setBoolPref("security.allow_unsafe_parent_loads", true);

The first pref is used to get xpc::IsInAutomation to be true, since it isn't true by default in xpcshell tests (bug 1598804).
The second pref is to force nsDocShell::CanLoadInParentProcess to accept requests to external URLs used in the test.

While this trick can be used to re-enable some tests, I'm not sure whether we should use it, since it's a non-standard test configuration.

A fix for the root cause is not near (comment 1), and the current set of recommended extensions do seemingly not depend on the ability to load remote frames, so we decided to partially address this bug for the failing unit tests only using the test-only prefs from comment 2. A new issue could be filed for the actual issue.

(Or equivalently, we could file a bug to land the test-only changes and link this bug.)

Rob, this bug is about extensions running in GeckoView's main process and content in Fission OOP iframes. Is this bug relevant for Android Addons GA? Or can this bug wait until we implement Android Fission?

(In reply to Chris Peterson [:cpeterson] from comment #5)

Rob, this bug is about extensions running in GeckoView's main process and content in Fission OOP iframes.

This bug is about extensions not being able to load remote content in their (moz-extension:) documents. This is because extensions currently run in the main process. When extensions run in their own process (bug 1535365), this bug will be resolved.

Is this bug relevant for Android Addons GA? Or can this bug wait until we implement Android Fission?

This is relevant for GA, but mainly as a bug to point to when extension authors run into the issue described here.
The engineering tasks itself are tracked in bug 1535365.
Once that bug is fixed by turning on the feature (not just on Nightly or Beta, but on release), this bug can be closed. And along with that, we can re-enable some tests - bug 1700482.

Note: tests were re-enabled using the trick from comment 2 in https://hg.mozilla.org/mozilla-central/rev/80b8b7daaa90.

Once out-of-process WebExtensions are enabled (bug 1535365), this bug will be fixed for real.