Forcing every request from a docShell to use LOAD_ANONYMOUS

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Forcing every request from a docShell to use LOAD_ANONYMOUS

Mark Hammond-3
In bugs 875986 and 902439, we are trying to arrange for a docShell
hosted in a (remote) browser used for thumbnailing to arrange for all
requests made via that docShell to use the LOAD_ANONYMOUS flag.  This
should solve a number of problems, the most pressing of which is that
SSL client certificates are being prompted for (or just silently sent)
while doing the thumbnail for certain sites.

At first I thought it should be as simple as docShell.loadGroup.flags |=
Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired effect.
  I tried various other things and asked on #developers, but I've been
unable to work out how the make this happen.  The interactions between
the docShell, loadGroups and requests is fairly involved, so even
looking at the code and stepping through in the debugger isn't giving me
any joy.

Can someone tell me how I can make this happen?

Thanks,

Mark
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Ehsan Akhgari
Looking at the code, we do not pass on the LOAD_ANONYMOUS flag to
subrequests of a load group: <
http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
I'm not sure what the reason behind this is, but you can verify whether
this is where the problem comes from by breaking on that code and
inspecting the load group and the attached request's flags after this call.

--
Ehsan
<http://ehsanakhgari.org/>


On Fri, Aug 16, 2013 at 1:17 AM, Mark Hammond <[hidden email]>wrote:

> In bugs 875986 and 902439, we are trying to arrange for a docShell hosted
> in a (remote) browser used for thumbnailing to arrange for all requests
> made via that docShell to use the LOAD_ANONYMOUS flag.  This should solve a
> number of problems, the most pressing of which is that SSL client
> certificates are being prompted for (or just silently sent) while doing the
> thumbnail for certain sites.
>
> At first I thought it should be as simple as docShell.loadGroup.flags |=
> Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired effect.  I
> tried various other things and asked on #developers, but I've been unable
> to work out how the make this happen.  The interactions between the
> docShell, loadGroups and requests is fairly involved, so even looking at
> the code and stepping through in the debugger isn't giving me any joy.
>
> Can someone tell me how I can make this happen?
>
> Thanks,
>
> Mark
> ______________________________**_________________
> dev-tech-network mailing list
> dev-tech-network@lists.**mozilla.org <[hidden email]>
> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Jason Duell-3
On 08/16/2013 06:23 AM, Ehsan Akhgari wrote:
> Looking at the code, we do not pass on the LOAD_ANONYMOUS flag to
> subrequests of a load group: <
> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
> I'm not sure what the reason behind this is, but you can verify whether
> this is where the problem comes from by breaking on that code and
> inspecting the load group and the attached request's flags after this call.

I wonder if this is also what causes

    https://bugzilla.mozilla.org/show_bug.cgi?id=831153

Jason

> --
> Ehsan
> <http://ehsanakhgari.org/>
>
>
> On Fri, Aug 16, 2013 at 1:17 AM, Mark Hammond <[hidden email]>wrote:
>
>> In bugs 875986 and 902439, we are trying to arrange for a docShell hosted
>> in a (remote) browser used for thumbnailing to arrange for all requests
>> made via that docShell to use the LOAD_ANONYMOUS flag.  This should solve a
>> number of problems, the most pressing of which is that SSL client
>> certificates are being prompted for (or just silently sent) while doing the
>> thumbnail for certain sites.
>>
>> At first I thought it should be as simple as docShell.loadGroup.flags |=
>> Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired effect.  I
>> tried various other things and asked on #developers, but I've been unable
>> to work out how the make this happen.  The interactions between the
>> docShell, loadGroups and requests is fairly involved, so even looking at
>> the code and stepping through in the debugger isn't giving me any joy.
>>
>> Can someone tell me how I can make this happen?
>>
>> Thanks,
>>
>> Mark
>> ______________________________**_________________
>> dev-tech-network mailing list
>> dev-tech-network@lists.**mozilla.org <[hidden email]>
>> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>>
> _______________________________________________
> dev-tech-network mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-network

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Jason Duell-3
On 08/16/2013 09:28 AM, Jason Duell wrote:

> On 08/16/2013 06:23 AM, Ehsan Akhgari wrote:
>> Looking at the code, we do not pass on the LOAD_ANONYMOUS flag to
>> subrequests of a load group: <
>> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>>
>> I'm not sure what the reason behind this is, but you can verify whether
>> this is where the problem comes from by breaking on that code and
>> inspecting the load group and the attached request's flags after this
>> call.
>
> I wonder if this is also what causes
>
>    https://bugzilla.mozilla.org/show_bug.cgi?id=831153
>

Hmm, looks like it must be something else that causes the refresh
bug--the loadFlags in question are part of the mask.

bz/biesi: so for Mark's issue, could we just add LOAD_ANONYMOUS to the
list here?

http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.

Jason


>> --
>> Ehsan
>> <http://ehsanakhgari.org/>
>>
>>
>> On Fri, Aug 16, 2013 at 1:17 AM, Mark Hammond
>> <[hidden email]>wrote:
>>
>>> In bugs 875986 and 902439, we are trying to arrange for a docShell
>>> hosted
>>> in a (remote) browser used for thumbnailing to arrange for all requests
>>> made via that docShell to use the LOAD_ANONYMOUS flag.  This should
>>> solve a
>>> number of problems, the most pressing of which is that SSL client
>>> certificates are being prompted for (or just silently sent) while
>>> doing the
>>> thumbnail for certain sites.
>>>
>>> At first I thought it should be as simple as
>>> docShell.loadGroup.flags |=
>>> Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired
>>> effect.  I
>>> tried various other things and asked on #developers, but I've been
>>> unable
>>> to work out how the make this happen.  The interactions between the
>>> docShell, loadGroups and requests is fairly involved, so even
>>> looking at
>>> the code and stepping through in the debugger isn't giving me any joy.
>>>
>>> Can someone tell me how I can make this happen?
>>>
>>> Thanks,
>>>
>>> Mark
>>> ______________________________**_________________
>>> dev-tech-network mailing list
>>> dev-tech-network@lists.**mozilla.org
>>> <[hidden email]>
>>> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>>>
>>>
>> _______________________________________________
>> dev-tech-network mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-network
>
> _______________________________________________
> dev-tech-network mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-network

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Christian Biesinger-2
I'm having trouble following the initial question. What does it mean
for a request to be "made via the docshell"?

If you add LOAD_ANONYMOUS to that list and also make all docshells set
that flag, then all page loads and their subcomponents will have that
flag set. That's not what you want.

That said, adding the flag to that list seems independently useful.

-christian

On Fri, Aug 16, 2013 at 1:37 PM, Jason Duell <[hidden email]> wrote:

> On 08/16/2013 09:28 AM, Jason Duell wrote:
>>
>> On 08/16/2013 06:23 AM, Ehsan Akhgari wrote:
>>>
>>> Looking at the code, we do not pass on the LOAD_ANONYMOUS flag to
>>> subrequests of a load group: <
>>>
>>> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>>> I'm not sure what the reason behind this is, but you can verify whether
>>> this is where the problem comes from by breaking on that code and
>>> inspecting the load group and the attached request's flags after this
>>> call.
>>
>>
>> I wonder if this is also what causes
>>
>>    https://bugzilla.mozilla.org/show_bug.cgi?id=831153
>>
>
> Hmm, looks like it must be something else that causes the refresh bug--the
> loadFlags in question are part of the mask.
>
> bz/biesi: so for Mark's issue, could we just add LOAD_ANONYMOUS to the list
> here?
>
> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>
>
> Jason
>
>
>>> --
>>> Ehsan
>>> <http://ehsanakhgari.org/>
>>>
>>>
>>> On Fri, Aug 16, 2013 at 1:17 AM, Mark Hammond
>>> <[hidden email]>wrote:
>>>
>>>> In bugs 875986 and 902439, we are trying to arrange for a docShell
>>>> hosted
>>>> in a (remote) browser used for thumbnailing to arrange for all requests
>>>> made via that docShell to use the LOAD_ANONYMOUS flag.  This should
>>>> solve a
>>>> number of problems, the most pressing of which is that SSL client
>>>> certificates are being prompted for (or just silently sent) while doing
>>>> the
>>>> thumbnail for certain sites.
>>>>
>>>> At first I thought it should be as simple as docShell.loadGroup.flags |=
>>>> Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired effect.
>>>> I
>>>> tried various other things and asked on #developers, but I've been
>>>> unable
>>>> to work out how the make this happen.  The interactions between the
>>>> docShell, loadGroups and requests is fairly involved, so even looking at
>>>> the code and stepping through in the debugger isn't giving me any joy.
>>>>
>>>> Can someone tell me how I can make this happen?
>>>>
>>>> Thanks,
>>>>
>>>> Mark
>>>> ______________________________**_________________
>>>> dev-tech-network mailing list
>>>> dev-tech-network@lists.**mozilla.org
>>>> <[hidden email]>
>>>>
>>>> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>>>>
>>> _______________________________________________
>>> dev-tech-network mailing list
>>> [hidden email]
>>> https://lists.mozilla.org/listinfo/dev-tech-network
>>
>>
>> _______________________________________________
>> dev-tech-network mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-network
>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Mark Hammond-3
In reply to this post by Jason Duell-3
On 17/08/2013 3:57 AM, Christian Biesinger wrote:
> I'm having trouble following the initial question. What does it mean
> for a request to be "made via the docshell"?

Made via one specific docShell.  We create a <browser> element that will
be used only to process a queue of URLs we want to thumbnail.  We want
every request processed by the docShell associated with this browser to
have the LOAD_ANONYMOUS flag.

Does that clarify?

Thanks,

Mark


>
> If you add LOAD_ANONYMOUS to that list and also make all docshells set
> that flag, then all page loads and their subcomponents will have that
> flag set. That's not what you want.
>
> That said, adding the flag to that list seems independently useful.
>
> -christian
>
> On Fri, Aug 16, 2013 at 1:37 PM, Jason Duell <[hidden email]> wrote:
>> On 08/16/2013 09:28 AM, Jason Duell wrote:
>>>
>>> On 08/16/2013 06:23 AM, Ehsan Akhgari wrote:
>>>>
>>>> Looking at the code, we do not pass on the LOAD_ANONYMOUS flag to
>>>> subrequests of a load group: <
>>>>
>>>> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>>>> I'm not sure what the reason behind this is, but you can verify whether
>>>> this is where the problem comes from by breaking on that code and
>>>> inspecting the load group and the attached request's flags after this
>>>> call.
>>>
>>>
>>> I wonder if this is also what causes
>>>
>>>     https://bugzilla.mozilla.org/show_bug.cgi?id=831153
>>>
>>
>> Hmm, looks like it must be something else that causes the refresh bug--the
>> loadFlags in question are part of the mask.
>>
>> bz/biesi: so for Mark's issue, could we just add LOAD_ANONYMOUS to the list
>> here?
>>
>> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>>
>>
>> Jason
>>
>>
>>>> --
>>>> Ehsan
>>>> <http://ehsanakhgari.org/>
>>>>
>>>>
>>>> On Fri, Aug 16, 2013 at 1:17 AM, Mark Hammond
>>>> <[hidden email]>wrote:
>>>>
>>>>> In bugs 875986 and 902439, we are trying to arrange for a docShell
>>>>> hosted
>>>>> in a (remote) browser used for thumbnailing to arrange for all requests
>>>>> made via that docShell to use the LOAD_ANONYMOUS flag.  This should
>>>>> solve a
>>>>> number of problems, the most pressing of which is that SSL client
>>>>> certificates are being prompted for (or just silently sent) while doing
>>>>> the
>>>>> thumbnail for certain sites.
>>>>>
>>>>> At first I thought it should be as simple as docShell.loadGroup.flags |=
>>>>> Cu.nsIRequest.LOAD_ANONYMOUS, but this isn't having the desired effect.
>>>>> I
>>>>> tried various other things and asked on #developers, but I've been
>>>>> unable
>>>>> to work out how the make this happen.  The interactions between the
>>>>> docShell, loadGroups and requests is fairly involved, so even looking at
>>>>> the code and stepping through in the debugger isn't giving me any joy.
>>>>>
>>>>> Can someone tell me how I can make this happen?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Mark
>>>>> ______________________________**_________________
>>>>> dev-tech-network mailing list
>>>>> dev-tech-network@lists.**mozilla.org
>>>>> <[hidden email]>
>>>>>
>>>>> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>>>>>
>>>> _______________________________________________
>>>> dev-tech-network mailing list
>>>> [hidden email]
>>>> https://lists.mozilla.org/listinfo/dev-tech-network
>>>
>>>
>>> _______________________________________________
>>> dev-tech-network mailing list
>>> [hidden email]
>>> https://lists.mozilla.org/listinfo/dev-tech-network
>>
>>

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Brian Smith-19
On Fri, Aug 16, 2013 at 4:29 PM, Mark Hammond <[hidden email]>wrote:

> On 17/08/2013 3:57 AM, Christian Biesinger wrote:
>
>> I'm having trouble following the initial question. What does it mean
>> for a request to be "made via the docshell"?
>>
>
> Made via one specific docShell.  We create a <browser> element that will
> be used only to process a queue of URLs we want to thumbnail.  We want
> every request processed by the docShell associated with this browser to
> have the LOAD_ANONYMOUS flag.
>
> Does that clarify?
>

If I were to attempt this, I would follow the example here:
https://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp?rev=9fd000703ace#9426

i.e. I would set a flag/property on the docshell and then I would modify
DoURILoad to check that flag (on the current docshell, and on the parent)
and set the LOAD_ANONYMOUS flag on the channel as needed.

Cheers,
Brian
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Boris Zbarsky
In reply to this post by Jason Duell-3
On 8/16/13 1:37 PM, Jason Duell wrote:
> bz/biesi: so for Mark's issue, could we just add LOAD_ANONYMOUS to the
> list here?
>
> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.

I think so, yes.

-Boris

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Boris Zbarsky
In reply to this post by Mark Hammond-3
On 8/18/13 8:19 PM, Brian Smith wrote:
> If I were to attempt this, I would follow the example here:
> https://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp?rev=9fd000703ace#9426
>
> i.e. I would set a flag/property on the docshell and then I would modify
> DoURILoad to check that flag (on the current docshell, and on the parent)
> and set the LOAD_ANONYMOUS flag on the channel as needed.

That wouldn't set LOAD_ANONYMOUS on the various subrequests for the
document loaded in the docshell (scripts, images, etc).

-Boris

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Mark Hammond-3
In reply to this post by Boris Zbarsky
On 19/08/2013 4:03 PM, Boris Zbarsky wrote:
> On 8/16/13 1:37 PM, Jason Duell wrote:
>> bz/biesi: so for Mark's issue, could we just add LOAD_ANONYMOUS to the
>> list here?
>>
>> http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#1035>.
>>
>
> I think so, yes.

This doesn't seem to have any effect in my simple tests.  After setting
'docShell.loadGroup.loadFlags |= Ci.nsIChannel.LOAD_ANONYMOUS;' we load
a URI with nsIWebNavigation::loadURI.

This ends up calling nsDocShell::DoURILoad(), which ends up calling
NS_NewChannel() at
http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#9451 
- and while mLoadGroup->mLoadFlags has LOAD_ANONYMOUS, this flag doesn't
end up on the new channel.

Next nsDocShell::DoChannelLoad() load is called, and while this also
touches the channel loadFlags, it also doesn't do anything with
LOAD_ANONYMOUS.

Then the channel loads, and best I can tell,
nsLoadGroup::MergeLoadFlags() isn't actually called here - but note that
in my test there are no sub-requests, which probably explains this.

So in my case, it seems this flag isn't ending up on the *default*
request, let alone subrequests.

> On 8/18/13 8:19 PM, Brian Smith wrote:
>> If I were to attempt this, I would follow the example here:
>> https://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp?rev=9fd000703ace#9426
>>
>> i.e. I would set a flag/property on the docshell and then I would modify
>> DoURILoad to check that flag (on the current docshell, and on the parent)
>> and set the LOAD_ANONYMOUS flag on the channel as needed.
>
> That wouldn't set LOAD_ANONYMOUS on the various subrequests for the document loaded in the docshell (scripts, images, etc).

Note that this (obviously) works for the primary request.  Given it
seems likely the suggested fix in nsLoadGroup.cpp will set this flag on
subrequests, is it possible I need to do both?

FWIW, I'm attaching a quick-and-nasty patch that does both of these and
in fairly limited testing, seems to do what I need.  Thoughts/feedback
welcome!

Thanks,

Mark

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network

anonymous-docshell.patch (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Boris Zbarsky
On 8/19/13 4:45 AM, Mark Hammond wrote:
> nsLoadGroup::MergeLoadFlags() isn't actually called here

Hmm.  This is only called for sub-requests.  Worse yet, the default load
request will clobber the loadgroup flags.  See
nsLoadGroup::SetDefaultLoadRequest.

So you need to set the flag explicitly on the document load in docshell
_and_ propagate it in MergeLoadFlags.  On the other hand, you don't need
to manually twiddle the flags on the loadgroup: setting them on the
document load request will handle it for the subresources.

-Boris
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Christian Biesinger-2
Yeah, that seems right. See
http://mxr.mozilla.org/mozilla-central/source/netwerk/base/src/nsLoadGroup.cpp#519

-christian

On Mon, Aug 19, 2013 at 9:37 AM, Boris Zbarsky <[hidden email]> wrote:

> On 8/19/13 4:45 AM, Mark Hammond wrote:
>>
>> nsLoadGroup::MergeLoadFlags() isn't actually called here
>
>
> Hmm.  This is only called for sub-requests.  Worse yet, the default load
> request will clobber the loadgroup flags.  See
> nsLoadGroup::SetDefaultLoadRequest.
>
> So you need to set the flag explicitly on the document load in docshell
> _and_ propagate it in MergeLoadFlags.  On the other hand, you don't need to
> manually twiddle the flags on the loadgroup: setting them on the document
> load request will handle it for the subresources.
>
>
> -Boris
> _______________________________________________
> dev-tech-network mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-network
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Mark Hammond-3
In reply to this post by Boris Zbarsky
On 19/08/2013 11:37 PM, Boris Zbarsky wrote:
> On 8/19/13 4:45 AM, Mark Hammond wrote:
>> nsLoadGroup::MergeLoadFlags() isn't actually called here
>
> Hmm.  This is only called for sub-requests.  Worse yet, the default load
> request will clobber the loadgroup flags.  See
> nsLoadGroup::SetDefaultLoadRequest.

I experimented a little with this, and it (almost) works.  I initially did:

   docShell.loadGroup.defaultLoadRequest.loadFlags |=
Ci.nsIChannel.LOAD_ANONYMOUS;

before making the loadURI call - but this didn't work as the ::Stop()
call made by loadURI (we pass the LOAD_FLAGS_STOP_CONTENT flag) causes
the defaultRequest to be set to null - so the flag is lost.

I then changed it so that call was made *after* loadURI, which worked
fine in a local <browser> element, but failed to work in a <browser
remote="true">.  Very quick debugging implies that this might be due to
the fact the request has progressed before that flag gets set on the
channel in the parent process.

So tl;dr - it seems very difficult to set this flag on the
defaultLoadRequest.

I have verified that using an nsIWebProgress listener does seem to work
though - I just look for all notifications with STATE_START |
STATE_IS_REQUEST and set the flag at that time - and this also doesn't
need the tweak to MergeLoadFlags.  Seeing as we already need a progress
listener for a different bug, this seems the most pragmatic way forward.

Thanks for everyone's help.

Mark

>
> So you need to set the flag explicitly on the document load in docshell
> _and_ propagate it in MergeLoadFlags.  On the other hand, you don't need
> to manually twiddle the flags on the loadgroup: setting them on the
> document load request will handle it for the subresources.
>
> -Boris

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Boris Zbarsky
On 8/20/13 2:26 AM, Mark Hammond wrote:
> I experimented a little with this, and it (almost) works.  I initially did:
>
>    docShell.loadGroup.defaultLoadRequest.loadFlags |=
> Ci.nsIChannel.LOAD_ANONYMOUS;

What you want is a flag you set on the docshell which causes it to set
the LOAD_ANONYMOUS flag on the requests it makes (like Brian suggested
eariler in this thread).

> I have verified that using an nsIWebProgress listener does seem to work
> though - I just look for all notifications with STATE_START |
> STATE_IS_REQUEST and set the flag at that time - and this also doesn't
> need the tweak to MergeLoadFlags.  Seeing as we already need a progress
> listener for a different bug, this seems the most pragmatic way forward.

This feels like a fragile hack to me, honestly...  :(

-Boris
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Mark Hammond-3
On 21/08/2013 2:03 AM, Boris Zbarsky wrote:

> On 8/20/13 2:26 AM, Mark Hammond wrote:
>> I experimented a little with this, and it (almost) works.  I initially
>> did:
>>
>>    docShell.loadGroup.defaultLoadRequest.loadFlags |=
>> Ci.nsIChannel.LOAD_ANONYMOUS;
>
> What you want is a flag you set on the docshell which causes it to set
> the LOAD_ANONYMOUS flag on the requests it makes (like Brian suggested
> eariler in this thread).

Ah, sorry, I misunderstood - I thought you meant content should tweak
the flags on the default load request.

I played a little more with this, and it *almost* works fine.  The
problem I have at the moment is, I think, due to speculative connections.

In my use-case, we often request a speculative connection on the URL we
care about just before we have the "anonymous" docShell perform the
actual connection.  The speculative connection is done by a mouseover
event on about:newtab in anticipation of the user clicking on a
thumbnail rather than as an attempt to speed up the connection made by
the "anonymous" docShell.

What I believe is happening is that this speculative connection is being
reused for the connection made by the "anonymous" docShell, and as a
result mCaps on the transport isn't getting the NS_HTTP_LOAD_ANONYMOUS
flag, which in turn means the nsNSSSocketInfo for the request doesn't
get the nsISocketProvider::ANONYMOUS_CONNECT flag, which in turn doesn't
suppress the SSL certificate prompt for the request.

I'm having trouble catching this case in the debugger, and also in
following the logic that reuses the speculative connections, so I'm
still not sure about this - but printf debugging makes me relatively
confident the problem is along these lines.

Does that sound likely?  If so, any pointers on where I should be
looking to diagnose this further?

Thanks,

Mark
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Boris Zbarsky
On 8/22/13 3:17 AM, Mark Hammond wrote:
> What I believe is happening is that this speculative connection is being
> reused for the connection made by the "anonymous" docShell, and as a
> result mCaps on the transport isn't getting the NS_HTTP_LOAD_ANONYMOUS
> flag

That sounds entirely likely...

In particular, nsHttpConnectionMgr::MakeNewConnection doesn't seem to
compare trans->Caps() to ent->mHalfOpens[i]->Transaction()->Caps()
before reusing ent->mHalfOpens[i], afaict, and I think it should.  But
someone who knows the HTTP code better than I should check that.

-Boris
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Patrick McManus
On Thu, Aug 22, 2013 at 9:39 AM, Boris Zbarsky <[hidden email]> wrote:

> On 8/22/13 3:17 AM, Mark Hammond wrote:
>
>> What I believe is happening is that this speculative connection is being
>> reused for the connection made by the "anonymous" docShell, and as a
>> result mCaps on the transport isn't getting the NS_HTTP_LOAD_ANONYMOUS
>> flag
>>
>
> That sounds entirely likely...
>
> In particular, nsHttpConnectionMgr::**MakeNewConnection doesn't seem to
> compare trans->Caps() to ent->mHalfOpens[i]->**Transaction()->Caps()
> before reusing ent->mHalfOpens[i], afaict, and I think it should.  But
> someone who knows the HTTP code better than I should check that.
>
>
the anonymous flag should be reflected in the mConnectionInfo key (and
therefore implicit in "ent" already). The CI Anonymous flag is set by
HttpChannel based on its load flags. MakeNewConnection() doesn't need to
check it.

(I haven't read this whole email thread in detail - so maybe I'm not
addressing the relevant question)
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Honza Bambas-4
In reply to this post by Mark Hammond-3
On 8/22/2013 9:17 AM, Mark Hammond wrote:
> What I believe is happening is that this speculative connection is
> being reused for the connection made by the "anonymous" docShell, and
> as a result mCaps on the transport isn't getting the
> NS_HTTP_LOAD_ANONYMOUS flag, which in turn means the nsNSSSocketInfo
> for the request doesn't get the nsISocketProvider::ANONYMOUS_CONNECT
> flag, which in turn doesn't suppress the SSL certificate prompt for
> the request.

This is actually bad.  The non-anonymous connection should not be used
for anonymous usage.  If that happens, that something is wrong.

Anon and non-anon connections have separete pools.  If those can
exchanged, it is a bug.

-hb-
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Patrick McManus
I think mark has confirmed this was a missed diagnosis
On Aug 28, 2013 6:08 AM, "Honza Bambas" <[hidden email]> wrote:

> On 8/22/2013 9:17 AM, Mark Hammond wrote:
>
>> What I believe is happening is that this speculative connection is being
>> reused for the connection made by the "anonymous" docShell, and as a result
>> mCaps on the transport isn't getting the NS_HTTP_LOAD_ANONYMOUS flag, which
>> in turn means the nsNSSSocketInfo for the request doesn't get the
>> nsISocketProvider::ANONYMOUS_**CONNECT flag, which in turn doesn't
>> suppress the SSL certificate prompt for the request.
>>
>
> This is actually bad.  The non-anonymous connection should not be used for
> anonymous usage.  If that happens, that something is wrong.
>
> Anon and non-anon connections have separete pools.  If those can
> exchanged, it is a bug.
>
> -hb-
> ______________________________**_________________
> dev-tech-network mailing list
> dev-tech-network@lists.**mozilla.org <[hidden email]>
> https://lists.mozilla.org/**listinfo/dev-tech-network<https://lists.mozilla.org/listinfo/dev-tech-network>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

Honza Bambas-4


On 8/28/2013 9:48 PM, Patrick McManus wrote:
> I think mark has confirmed this was a missed diagnosis

Aha, I missed that.  Good.
-hb-
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network