New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 715541 link

Starred by 1 user
Status: Untriaged
Owner: ----
Cc:
nick@chromium.org
skyos...@chromium.org
creis@chromium.org
pfeldman@chromium.org
dgozman@chromium.org
dcheng@chromium.org
nasko@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Blocking:
issue 546953



Sign in to add a comment

Get browser and renderer to agree on IDs for frames.

Project Member Reported by alexclarke@chromium.org, Apr 26 2017 
Long term it would be great if we could use some browser provided id in the renderer (e.g. process.frame_tree_node_id).  Short term perhaps it's sufficient to send DevTool's renderer generated FrameId to the browser with the proviso it shouldn't be trusted too much (because it came from the renderer).  If we do go down that route we should remove it once a longer term solution is available.

Comment 1 by alexclarke@chromium.org, Apr 26 2017

Blocking: 546953

Comment 2 by creis@chromium.org, Apr 27 2017

Cc: nick@chromium.org dcheng@chromium.org nasko@chromium.org creis@chromium.org dgozman@chromium.org pfeldman@chromium.org
Components: UI>Browser>Navigation Internals>Core Internals>Sandbox>SiteIsolation
Labels: OS-All
Summary: Get browser and renderer to agree on IDs for frames. (was: Get browser and renderer to agree on names for frames.)
We're looking into a way to make FrameTreeNode IDs safe to pass to the renderer, given adequate browser process APIs to avoid security bugs (e.g., assuming a FrameTreeNode ID is for a privileged page when it has since navigated to an unprivileged page).

Comment 3 by creis@chromium.org, Apr 27 2017 

We may also need a way to associate RenderFrame process/routing IDs with FrameTreeNode IDs on the IO thread, to avoid having features post this data between threads or introduce locks (e.g., extension_api_frame_id_map.h).  Mentioning it here in case it affects the plans for how we pass around FTN IDs.  (I think the previous plans for FrameIOData were along those lines.)

Comment 4 by lukasza@chromium.org, Apr 27 2017 

Is this a good place to add a shameless plug for IdType32<>, IdType64<>, etc.?  :-P

Comment 5 by creis@chromium.org, Apr 28 2017 

Nick has also raised the point that FrameTreeNode IDs should be 64 bit.  Still, let's not bikeshed *too* much, and focus on what it would take to make passing FrameTreeNode IDs to the renderer and back safe.  :)

Comment 6 by creis@chromium.org, Apr 28 2017 

Context: Some of the code from https://codereview.chromium.org/2830753004/ will be unnecessary after fixing this bug.  (One request that came up there was having access to FrameTreeNode ID on URLRequestUserData, which would avoid a thread-shared map.)
Project Member

Comment 7 by bugdroid1@chromium.org, May 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ada1e2d7eb1bace10236e750ca89f4f715d63a37

commit ada1e2d7eb1bace10236e750ca89f4f715d63a37
Author: alexclarke <alexclarke@chromium.org>
Date: Wed May 03 10:38:51 2017

Pipe the devTools FrameId from blink into the browser for headless

Headless chrome needs this information because we wish to know
which frames resources came from.

BUG=715541
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2830753004
Cr-Commit-Position: refs/heads/master@{#468932}

[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/browser/devtools/devtools_agent_host_impl.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/browser/frame_host/render_frame_host_impl.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/common/frame_messages.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/public/browser/devtools_agent_host.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/content/renderer/render_frame_impl.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/BUILD.gn
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/lib/browser/headless_browser_context_impl.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/lib/browser/headless_browser_context_impl.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/lib/browser/headless_web_contents_impl.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/lib/browser/headless_web_contents_impl.h
[add] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/lib/frame_id_browsertest.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/public/headless_web_contents.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/public/util/generic_url_request_job.cc
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/headless/public/util/generic_url_request_job.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/third_party/WebKit/Source/core/inspector/InspectorPageAgent.cpp
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/third_party/WebKit/Source/web/LocalFrameClientImpl.cpp
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/third_party/WebKit/Source/web/LocalFrameClientImpl.h
[modify] https://crrev.com/ada1e2d7eb1bace10236e750ca89f4f715d63a37/third_party/WebKit/public/web/WebFrameClient.h
Project Member

Comment 8 by bugdroid1@chromium.org, May 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f71a263681dc50097672cc55e0204c7b0e789a48

commit f71a263681dc50097672cc55e0204c7b0e789a48
Author: creis <creis@chromium.org>
Date: Thu May 04 19:03:50 2017

Require a process ID when looking up RFHs by FrameTreeNode ID.

This helps avoid security bugs where callers store a FrameTreeNode ID
and later assume it is for the same RenderFrameHost.  However, a
cross-process navigation may have taken place, leading to a higher or
lower privileged page.

Because extension APIs use the old approach, the previous API is left
as an unsafe option, with comments encouraging callers to avoid it.

BUG=715541
TEST=No behavior change.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2856653004
Cr-Commit-Position: refs/heads/master@{#469410}

[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/chrome/browser/safe_browsing/safe_browsing_navigation_observer.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/components/subresource_filter/content/browser/activation_state_computing_navigation_throttle.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/components/subresource_filter/content/browser/content_subresource_filter_throttle_manager.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/browser/frame_host/navigation_handle_impl.h
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/public/browser/navigation_handle.h
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/content/public/browser/web_contents.h
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/extensions/browser/extension_api_frame_id_map.cc
[modify] https://crrev.com/f71a263681dc50097672cc55e0204c7b0e789a48/extensions/browser/extension_navigation_throttle.cc

Comment 9 by skyos...@chromium.org, May 9 2017

Cc: skyos...@chromium.org

Comment 10 by skyos...@chromium.org, May 15 2017

Components: Internals>Headless
Project Member

Comment 11 by bugdroid1@chromium.org, Oct 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/25234728c2731462b21bddf4e76ecb9e855d3bdb

commit 25234728c2731462b21bddf4e76ecb9e855d3bdb
Author: Pavel Feldman <pfeldman@chromium.org>
Date: Wed Oct 11 02:49:06 2017

DevTools: introduce devtools frame token in the frame_tree_node.

Token is used for devtools instrumentation and trace-ability. The token is
propagated to Blink's LocalFrame and both Blink and content/
can tag calls and requests with this token in order to attribute them
to the context frame. DevTools token is only defined by the browser process and
is never sent back from the renderer in the control calls.
It should be never used to look up the FrameTreeNode instance.

Bug: 715541
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: I646ab26b4427c60b440a63afdd1554d13552ed7f
TBR: alexclarke (headless)
Reviewed-on: https://chromium-review.googlesource.com/688485
Commit-Queue: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#507878}
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/devtools/devtools_agent_host_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/devtools/render_frame_devtools_agent_host.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree_node.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree_node.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree_node_blame_context_unittest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/frame_tree_unittest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/interstitial_page_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/navigation_controller_impl_unittest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_host_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_host_manager.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_host_manager.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_host_manager_unittest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_message_filter.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/frame_host/render_frame_message_filter.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/renderer_host/render_process_host_unittest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/renderer_host/render_view_host_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/renderer_host/render_view_host_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/common/frame_messages.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/common/renderer.mojom
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/public/browser/devtools_agent_host.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/public/browser/render_frame_host.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/public/test/mock_render_thread.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/public/test/mock_render_thread.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_frame_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_frame_impl_browsertest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_thread_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_view_browsertest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/renderer/render_view_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/test/test_render_frame_host.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/test/test_render_view_host.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/test/test_render_view_host.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/test/test_web_contents.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/content/test/test_web_contents.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/browser/headless_browser_context_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/browser/headless_browser_context_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/browser/headless_tab_socket_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/browser/headless_web_contents_impl.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/browser/headless_web_contents_impl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/lib/frame_id_browsertest.cc
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/headless/public/headless_web_contents.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/inspector/IdentifiersFactory.cpp
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/inspector/IdentifiersFactory.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/inspector/InspectorPageAgent.cpp
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/inspector/MainThreadDebugger.cpp
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/Source/core/loader/EmptyClients.h
[modify] https://crrev.com/25234728c2731462b21bddf4e76ecb9e855d3bdb/third_party/WebKit/public/web/WebFrameClient.h
Project Member

Comment 12 by bugdroid1@chromium.org, Oct 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/08beed784406556031531dbd7a566b0012acbdde

commit 08beed784406556031531dbd7a566b0012acbdde
Author: Pavel Feldman <pfeldman@chromium.org>
Date: Tue Oct 17 19:18:11 2017

DevTools: assign devtools_main_frame_token for a newly created render view host in response to CreateNewWindow request.

This is a follow up to r507878, it fixes one missing render frame creation code path.

Bug: 715541
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: I411b1ab93994e8722141bc8f747d0b8ec41d2409
Reviewed-on: https://chromium-review.googlesource.com/721891
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Commit-Queue: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509477}
[modify] https://crrev.com/08beed784406556031531dbd7a566b0012acbdde/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/08beed784406556031531dbd7a566b0012acbdde/content/common/frame.mojom
[modify] https://crrev.com/08beed784406556031531dbd7a566b0012acbdde/content/renderer/render_view_impl.cc
Project Member

Comment 13 by sheriffbot@chromium.org, Oct 18

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment