Installing a Webapp is an asynchronous job, and there is a pocket of time
between when web content requests to install an app and before the browser
displays an installation prompt that the outer window of the content can
browse away. This pocket of time is typically used by XHR to request the
web app resources and verify their contents.
This pocket of time is, essentially, bug 771294, and is a bit of a security
problem.
This problem was originally patched over on Desktop by checking in the parent
process that the outer window was still at the same URI as it had been when it
made the request. I'm not entirely sure if Android / B2G made similar checks.
With separated content processes, however, the browser front-end can no longer
performantly check to ensure that the outer window is at the same URI.
We solve this problem by sending up a message in the content process when
the location of an outer window making use of navigator.mozApps changes.
We hold a Map of "actions" mapping to in-flight installs mapped by the
outer window ID of the requesting content. When we notice a location
change, we mark those actions as cancelled. When the XHR returns, we have
it check the state of its actions, and if they're cancelled, it aborts
further action.
Normally, this wouldn't be necessary, since any XHR initiated by the
content window would be cancelled once the location changed, but in
this case, the XHR is occurring in Webapps.jsm, and is not influenced
by the outer window of the content.
PopupNotifications are great at noticing when the top outer frame changes
location, and clears any pending notifications accordingly. It is, however,
not so great at noticing when subframes that have caused notifications
change location.
Now, when prompting for install / uninstall permissions, we add an
nsIWebProgressListener to the gBrowser that will remove the
notification if we hear that the requesting content has browsed
away.
This patch does several things, all in one commit because of a schema update:
* Uses _id instead of guid when referring to reading list items, allowing the guid column to be null.
* Reworks schema upgrading.
* Completely revises the reading list schema itself.
* Fixes the tests.
* Cleans up how we do deletion: if an item hasn't yet been synced, it's simply deleted immediately. We can do this because the server allocates GUIDs.
* Adds columns to manage sync-related metadata.
This does not always work in the case that one of the last few tabs (to the
right) are selected and the device is rotated from landscape to portrait.
Filed bug 1134408 to track this.
--HG--
extra : rebase_source : 60d64fbea4e8e32e14f1e8120a32d8c6db76b30f
extra : source : e755879c138c1a3ca96ba9da9f9244cb5bfd755f
