[DNR] Match POST requests of ancestor frames in allowAllRequests
Categories
(WebExtensions :: Request Handling, enhancement, P3)
Tracking
(firefox113 fixed)
Tracking | Status | |
---|---|---|
firefox113 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Whiteboard: [addons-jira])
Attachments
(3 files)
This is a follow-up to https://hg.mozilla.org/mozilla-central/rev/30b37f5369b9#l1.106
with details at https://phabricator.services.mozilla.com/D168452?id=677943#inline-934251
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Add activeSessionHistoryEntry attribute to CanonicalBrowsingContext to
expose the existing implementation of
CanonicalBrowsingContext::GetActiveSessionHistoryEntry.
Assignee | ||
Comment 2•2 years ago
|
||
Assignee | ||
Comment 3•2 years ago
|
||
To avoid unnecessary cloning of nsIInputStream, add a hasPostData
boolean attribute to tell whether a nsISHEntry has populated postData.
Comment 4•2 years ago
|
||
It isn't very obvious to me what this bug is about.
Why does extension code need to deal with session history?
What is DNR? :)
Assignee | ||
Comment 5•2 years ago
|
||
(In reply to Olli Pettay [:smaug][bugs@pettay.fi] from comment #4)
It isn't very obvious to me what this bug is about.
Why does extension code need to deal with session history?
What is DNR? :)
declarativeNetRequest (DNR) is a declarative API to allow extensions to specify rules (conditions + actions) describing how network requests should be handled. It is documented at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest.
DNR was originally designed by Google as a replacement for the webRequest API, which is notably used by the class of content blocker extensions (aka ad blockers). While we maintain support for blocking WebRequest in MV3, we also ship support for declarativeNetRequest for compatibility reasons.
When a navigation request matches a rule with the "allowAllRequests" action, the desired result is for other rules to be ignored (not only for that specific request but also future subresource requests). Or said differently: if the outcome for a request is to block/redirect/etc a request, we need to check whether there are any applicable "allowAllRequest" rules among the frame ancestors that would override the request. In order to determine this, the request for the navigations in the ancestor frames needs to be reconstructed. And one of the conditions is the HTTP method.
With that context, I can finally explain why "session history" is relevant here. It is merely a means to a goal. It is a way to determine whether a document is associated with a POST form submission (opposed to a regular GET navigation). Due to the SHIP work, the SessionHistoryEntry (nsISHEntry) in the parent offers the information needed to determine whether a request had been a POST submission.
I figured that it would be a reliable primitive to use, because the information was already maintained to support the form submission confirmation UI upon reload ("To display this page, Nightly must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.").
Comment 7•2 years ago
|
||
Backed out for causing xpcshell failures on test_ext_dnr_allowAllRequests.js.
Assignee | ||
Comment 8•2 years ago
|
||
Backed out because the test failed when Fission was disabled in a test configuration for Android. The method to determine the POST method requires SHIP (Session History in Parent), which is disabled when Fission is turned off.
Comment 10•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4b06082fe51b
https://hg.mozilla.org/mozilla-central/rev/c7c7319e6f40
https://hg.mozilla.org/mozilla-central/rev/a849087c16f9
Description
•