* This patch makes pages with the `OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP` policy load into a special `webCOOP+COEP={pageOrigin}` remote type.
* Adds `E10SUtils.WEB_REMOTE_COOP_COEP_TYPE_PREFIX="webCOOP+COEP="`
* When a COOP process switch occurs and the target page doesn't have this policy, we pass a `preferredRemoteType="web"` into `E10SUtils.getRemoteTypeForPrincipal` ensuring that we correctly get a different `remoteType`
* E10SUtils.getRemoteTypeForPrincipal is changed such that `if preferredRemoteType.startsWith(WEB_REMOTE_COOP_COEP_TYPE_PREFIX)` we don't override it with `webIsolated={pageOrigin}`.
* `coop_header.sjs` is changed to also allow setting `Cross-Origin-Embedder-Policy` headers
* `browser_httpCrossOriginOpenerPolicy.js` is changed to test that pages are correctly opened in the correct remoteType process.
Differential Revision: https://phabricator.services.mozilla.com/D48715
--HG--
extra : moz-landing-system : lando
* This patch makes pages with the `OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP` policy load into a special `webCOOP+COEP={pageOrigin}` remote type.
* Adds `E10SUtils.WEB_REMOTE_COOP_COEP_TYPE_PREFIX="webCOOP+COEP="`
* When a COOP process switch occurs and the target page doesn't have this policy, we pass a `preferredRemoteType="web"` into `E10SUtils.getRemoteTypeForPrincipal` ensuring that we correctly get a different `remoteType`
* E10SUtils.getRemoteTypeForPrincipal is changed such that `if preferredRemoteType.startsWith(WEB_REMOTE_COOP_COEP_TYPE_PREFIX)` we don't override it with `webIsolated={pageOrigin}`.
* `coop_header.sjs` is changed to also allow setting `Cross-Origin-Embedder-Policy` headers
* `browser_httpCrossOriginOpenerPolicy.js` is changed to test that pages are correctly opened in the correct remoteType process.
Differential Revision: https://phabricator.services.mozilla.com/D48715
--HG--
extra : moz-landing-system : lando
This flips the direction in which the BrowserBridge actor is generally created
such that it is generally created in the parent and sent down to a child
process.
This is done by making the decision about what kind of switch to perform in the
parent, and sending messages down to child processes async to orchestrate these
process changes.
Process launching is changed to use an async `MozPromise`-returning API in this
patch, though the actual process launching still occurs synchronously. A future
patch will enable performing async process launching through the
NewOrUsedBrowserProcess mechanism.
I know of at least a few timing issues which exist with the new logic,
especially around the state of the BrowsingContext during the process
transition. I decided to not try to fix all of these issues in this patch, as
many are complex and will require changing how we manage the lifecycle of
BrowsingContext substantially. I do, however, think that the new logic is more
reliable and has fewer timing issues than the previous logic.
Differential Revision: https://phabricator.services.mozilla.com/D47310
--HG--
extra : moz-landing-system : lando
This flips the direction in which the BrowserBridge actor is generally created
such that it is generally created in the parent and sent down to a child
process.
This is done by making the decision about what kind of switch to perform in the
parent, and sending messages down to child processes async to orchestrate these
process changes.
Process launching is changed to use an async `MozPromise`-returning API in this
patch, though the actual process launching still occurs synchronously. A future
patch will enable performing async process launching through the
NewOrUsedBrowserProcess mechanism.
I know of at least a few timing issues which exist with the new logic,
especially around the state of the BrowsingContext during the process
transition. I decided to not try to fix all of these issues in this patch, as
many are complex and will require changing how we manage the lifecycle of
BrowsingContext substantially. I do, however, think that the new logic is more
reliable and has fewer timing issues than the previous logic.
Differential Revision: https://phabricator.services.mozilla.com/D47310
--HG--
extra : moz-landing-system : lando
This flips the direction in which the BrowserBridge actor is generally created
such that it is generally created in the parent and sent down to a child
process.
This is done by making the decision about what kind of switch to perform in the
parent, and sending messages down to child processes async to orchestrate these
process changes.
Process launching is changed to use an async `MozPromise`-returning API in this
patch, though the actual process launching still occurs synchronously. A future
patch will enable performing async process launching through the
NewOrUsedBrowserProcess mechanism.
I know of at least a few timing issues which exist with the new logic,
especially around the state of the BrowsingContext during the process
transition. I decided to not try to fix all of these issues in this patch, as
many are complex and will require changing how we manage the lifecycle of
BrowsingContext substantially. I do, however, think that the new logic is more
reliable and has fewer timing issues than the previous logic.
Differential Revision: https://phabricator.services.mozilla.com/D47310
--HG--
extra : moz-landing-system : lando
Will allow for SessionStore.jsm process switching to be used by other objects than nsHttpChannel.
Differential Revision: https://phabricator.services.mozilla.com/D46015
--HG--
extra : moz-landing-system : lando
Will allow for SessionStore.jsm process switching to be used by other objects than nsHttpChannel.
Differential Revision: https://phabricator.services.mozilla.com/D46015
--HG--
extra : moz-landing-system : lando
This code currently works for remote subframes assuming that nsIRemoteTab is implemented
by BrowserParent, but will break when nsIRemoteTab is only for a top-level BrowserParent.
What this code really wants is a content process ID to retarget the channel to. This
commit switches the interfaces to pass this around instead of nsIRemoteTab.
Differential Revision: https://phabricator.services.mozilla.com/D31435
--HG--
extra : source : 757b4f595cc4b18ae35483d23edff4896d15d4b1
This code currently works for remote subframes assuming that nsIRemoteTab is implemented
by BrowserParent, but will break when nsIRemoteTab is only for a top-level BrowserParent.
What this code really wants is a content process ID to retarget the channel to. This
commit switches the interfaces to pass this around instead of nsIRemoteTab.
Differential Revision: https://phabricator.services.mozilla.com/D31435
--HG--
extra : rebase_source : be3303c2d38d704a6a1817fa45fd76700fae6287
extra : histedit_source : c7bf1e496f4328acc9ee70fcccdff98ea2cce5df
I also made a few gratuitous code formatting cleanups. I hope you don't mind.
We are unable to properly analyze shutdown crashes and deduce the right action
to take when that happened. This leads to surprising occurrences of the
'about:sessionrestore' page shown, especially when a full restore is expected
anyway.
Differential Revision: https://phabricator.services.mozilla.com/D29676
--HG--
extra : moz-landing-system : lando
If we're doing a process switch due to the cross origin opener policy
being mismatched, we don't want to preserve the browsing context.
Differential Revision: https://phabricator.services.mozilla.com/D26392
If we're doing a process switch due to the cross origin opener policy
being mismatched, we don't want to preserve the browsing context.
Differential Revision: https://phabricator.services.mozilla.com/D26392
I also made a few gratuitous code formatting cleanups. I hope you don't mind.
We are unable to properly analyze shutdown crashes and deduce the right action
to take when that happened. This leads to surprising occurrences of the
'about:sessionrestore' page shown, especially when a full restore is expected
anyway.
Differential Revision: https://phabricator.services.mozilla.com/D29676
--HG--
extra : moz-landing-system : lando
This patch introduces a new type of content process, which has a dynamic name.
This type of content process is labeled as `webIsolated=${SITE_ORIGIN}` and is
used within fission-enabled windows.
To enable this, additional information about the fission status of the target
window must be passed into E10SUtils. This was done by updating every call site
manually to pass an extra boolean. A better solution perhaps should be used in
the future.
With this patch enabled, we now perform process switches, but only when
navigating to HTTP URIs. If we navigate to a non-HTTP URI in an iframe with
fission enabled, it will not behave correctly. This must be done in a
follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D29570
--HG--
extra : moz-landing-system : lando
nsITabParent is exposed to frontend code and is generally used as a representation of a remote tab. We could just rename the interface to nsIBrowserParent and worry about it later, but I think it's better to rename the interface to nsIRemoteTab so that we can later work on splitting the interface away from the PBrowser protocol.
Note: Some frontend code refers to a TabParentId. This commit renames this to RemoteTabId. We need to figure out the purpose of TabId with fission.
Differential Revision: https://phabricator.services.mozilla.com/D28132
--HG--
rename : dom/interfaces/base/nsITabParent.idl => dom/interfaces/base/nsIRemoteTab.idl
extra : rebase_source : 9d8a1790a7bb10195ad063644d1a93d63b2afb72
When a remote type mismatch is found for a subframe, this patch checks if
fission is enabled for that window. If it is, it triggers a process switch,
continuing the load in a new process.
With this patch, subframes will only change process when navigating to a HTML
subframe, and not when navigating to a non-HTML subframe. That will be fixed in
a follow-up. This patch also does not change the remote type selection logic,
so only very limited types of remote iframes are supported.
Differential Revision: https://phabricator.services.mozilla.com/D27513
--HG--
extra : moz-landing-system : lando
Just set the RemoteType in the options object argument, instead of
doubling up the information.
Differential Revision: https://phabricator.services.mozilla.com/D23250
--HG--
extra : moz-landing-system : lando
This will fix the behavior, I think it might still be worth deliberating
over whether we want to consider non-default userContextId's when tracking
the number of pinned tabs or not. This will be visually correct - the
number of pinned tabs won't change, so things won't be moving around in
the tab bar, but we will throw away the preopened tab once we get further
down in SessionStore.jsm, which is less than ideal.
Differential Revision: https://phabricator.services.mozilla.com/D22195
--HG--
extra : moz-landing-system : lando
This adds test which reproduce the failure as well as the fix. Essentially,
if we hit the edited case in SessionStore with `tab` equal to `tabbrowser.tabs[t]`,
we remove the tab and then try to pin it, which obviously blows up.
Note: the additional method in SessionStore.jsm was largely to get around
complexity requirements inside restoreWindow. Cleaner solutions welcome.
Differential Revision: https://phabricator.services.mozilla.com/D21383
--HG--
extra : moz-landing-system : lando
When we open firefox with pinned tabs, we first paint a window with
one tab open, and then that tab gets displaced after the pinned tabs
come in. This aims to ensure that our first paint contains the
pinned tab, so that we don't have tabs moving around after first
paint.
MozReview-Commit-ID: GC1y6NlgLTd
Differential Revision: https://phabricator.services.mozilla.com/D18742
--HG--
extra : moz-landing-system : lando
