gecko/dom/apps
Mike Conley 9c2406f932 Bug 1077168 - Cancel in-flight Webapp install jobs from windows that change location. r=myk.
Installing a Webapp is an asynchronous job, and there is a pocket of time
between when web content requests to install an app and before the browser
displays an installation prompt that the outer window of the content can
browse away. This pocket of time is typically used by XHR to request the
web app resources and verify their contents.

This pocket of time is, essentially, bug 771294, and is a bit of a security
problem.

This problem was originally patched over on Desktop by checking in the parent
process that the outer window was still at the same URI as it had been when it
made the request. I'm not entirely sure if Android / B2G made similar checks.

With separated content processes, however, the browser front-end can no longer
performantly check to ensure that the outer window is at the same URI.

We solve this problem by sending up a message in the content process when
the location of an outer window making use of navigator.mozApps changes.
We hold a Map of "actions" mapping to in-flight installs mapped by the
outer window ID of the requesting content. When we notice a location
change, we mark those actions as cancelled. When the XHR returns, we have
it check the state of its actions, and if they're cancelled, it aborts
further action.

Normally, this wouldn't be necessary, since any XHR initiated by the
content window would be cancelled once the location changed, but in
this case, the XHR is occurring in Webapps.jsm, and is not influenced
by the outer window of the content.
2015-02-10 13:18:47 -05:00
..
tests Bug 1133725 - Rename Langpack's version property to revision. r=fabrice, r=sicking 2015-02-18 10:39:20 +01:00
AppDownloadManager.jsm
AppsService.js Bug 923897 - Extensibility support for b2g r=ferjm,bholley 2014-12-16 15:32:28 -08:00
AppsService.manifest
AppsServiceChild.jsm Backed out changeset df960e299bcd (bug 1108096) for m1 test failures 2015-01-12 09:02:13 +01:00
AppsUtils.jsm Bug 1087728: Make JS callers of ios.newChannel call ios.newChannel2 in dom/apps (r=fabrice) 2015-02-05 12:53:56 -08:00
FreeSpaceWatcher.jsm
ImportExport.jsm Bug 1126047 - Imported apps that specify an origin are not correctly installed r=marco 2015-01-28 17:24:38 -08:00
InterAppComm.cpp
InterAppComm.h
InterAppComm.manifest
InterAppCommService.js
InterAppCommService.jsm
InterAppConnection.js
InterAppMessagePort.js
Langpacks.jsm Bug 1133725 - Rename Langpack's version property to revision. r=fabrice, r=sicking 2015-02-18 10:39:20 +01:00
moz.build Backed out changeset df960e299bcd (bug 1108096) for m1 test failures 2015-01-12 09:02:13 +01:00
OfflineCacheInstaller.jsm Bug 1087728: Make JS callers of ios.newChannel call ios.newChannel2 in dom/apps (r=fabrice) 2015-02-05 12:53:56 -08:00
OperatorApps.jsm
PermissionsInstaller.jsm Bug 1083927 - IndexedDB: Subdomain Quota Management; r=bent,ehsan 2014-11-28 09:44:12 +01:00
PermissionsTable.jsm Bug 879861 - Part 1a: Add new permission 'secureelement-manage'. r=ehsan 2015-02-11 03:35:00 -05:00
ScriptPreloader.jsm
StoreTrustAnchor.jsm
TrustedHostedAppsUtils.jsm Bug 1087728: Make JS callers of ios.newChannel call ios.newChannel2 in dom/apps (r=fabrice) 2015-02-05 12:53:56 -08:00
UserCustomizations.jsm Bug 1113779 - UserCustomizations.jsm spams desktop mochitest test logs r=mccr8 2015-01-16 14:16:03 -08:00
Webapps.js Bug 1077168 - Cancel in-flight Webapp install jobs from windows that change location. r=myk. 2015-02-10 13:18:47 -05:00
Webapps.jsm Bug 1077168 - Cancel in-flight Webapp install jobs from windows that change location. r=myk. 2015-02-10 13:18:47 -05:00
Webapps.manifest