DevTools for DOMStorage is broken with SiteIsolation enabled |
|||||||
Issue descriptionWith Site Isolation enabled dev-tools only shows the top-level origin (and some mysterious "://" origin) in its localstorage and sessionstorage areas, giving no way to inspect the storage for any iframes. With site isolation disabled things seem to work fine (although the mysterious :// origin is still there even then).
,
Jun 8 2018
Also, the fact that clicking the :// origin leads to a kill is discussed in https://crbug.com/797994#c7. The lack of localStorage and sessionStorage for OOPIF sites seems like a pretty significant problem for DevTools and site isolation. Easy repro: go to http://csreis.github.io/tests/cross-site-iframe-simple.html. Running with --disable-site-isolation-trials, I see two sites (http://csreis.github.io and https://csreis.github.io) listed for storage. With --site-per-process, I only see the http one, and the https which is used for the OOPIF doesn't show up. dgozman@: can you please triage this?
,
Jun 12 2018
,
Jun 12 2018
Thanks Alex-- looks like there was an external report in issue 851816 as well. Assigning to eostroukhov@ based on luoe@'s triage. eostroukhov@: Any chance we can get a fix for this into M69 (or M68 if it's mergeable)? Sounds like it's affecting users.
,
Jun 12 2018
CL in the works: https://chromium-review.googlesource.com/c/chromium/src/+/1096283
,
Jun 13 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2 commit 1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2 Author: Dmitry Gozman <dgozman@chromium.org> Date: Wed Jun 13 22:40:21 2018 [DevTools] Fix DOM Storage with OOPIFs - Collect DOM storages from all targets. - Instantiate InspectorDOMStorage agent for local roots, make it work with InspectedFrames. - Add a test which dumps storage security origins. - Do some origin checks on the frontend to avoid listing "opaque" security origins which do not support storage. - Check storage capabilities on the backend to avoid crasing renderer later. Bug: 850978 , 844377 Change-Id: Ib4e2b444473638d896eb716fb7d9c587f5560335 Reviewed-on: https://chromium-review.googlesource.com/1096283 Commit-Queue: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#567024} [add] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/WebKit/LayoutTests/http/tests/devtools/oopif/oopif-storage-expected.txt [add] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/WebKit/LayoutTests/http/tests/devtools/oopif/oopif-storage.js [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/devtools/front_end/resources/ApplicationPanelSidebar.js [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/devtools/front_end/resources/DOMStorageModel.js [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/devtools/front_end/sdk/TargetManager.js [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/modules/modules_initializer.cc [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/modules/storage/inspector_dom_storage_agent.cc [modify] https://crrev.com/1600a1f6c38cc1e3e56d6ad5b48ca88f01ea8ab2/third_party/blink/renderer/modules/storage/inspector_dom_storage_agent.h
,
Jun 15 2018
Thanks for the quick fix! I can confirm this is working in the 69.0.3460.0 Windows Canary. We can discuss merge in issue 844377 , since that one is about a crash as well.
,
Jun 18 2018
Issue 853679 has been merged into this issue.
,
Jun 19 2018
Confirming Issue 853679 fixed by opting out of Site isolation. chrome://flags/#site-isolation-trial-opt-out > Opt out.
,
Jun 19 2018
Users can opt out/in for certain sites by following https://www.chromium.org/Home/chromium-security/site-isolation for now. Is there any code snippet that can be used in website code to signal Chrome to opt out of Site Isolation for that website?
,
Jun 19 2018
Comment 10: No, it is not possible to opt out of Site Isolation on a per site basis. We're currently discussing whether we can get the fix for this into Chrome 68 (in issue 844377 ).
,
Jun 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f commit e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f Author: Charlie Reis <creis@chromium.org> Date: Tue Jun 19 22:11:51 2018 Merge to M68: [DevTools] Fix DOM Storage with OOPIFs - Collect DOM storages from all targets. - Instantiate InspectorDOMStorage agent for local roots, make it work with InspectedFrames. - Add a test which dumps storage security origins. - Do some origin checks on the frontend to avoid listing "opaque" security origins which do not support storage. - Check storage capabilities on the backend to avoid crasing renderer later. Bug: 850978 , 844377 Change-Id: Ib4e2b444473638d896eb716fb7d9c587f5560335 Reviewed-on: https://chromium-review.googlesource.com/1096283 Commit-Queue: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#567024} Reviewed-on: https://chromium-review.googlesource.com/1106812 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#457} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [add] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/WebKit/LayoutTests/http/tests/devtools/oopif/oopif-storage-expected.txt [add] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/WebKit/LayoutTests/http/tests/devtools/oopif/oopif-storage.js [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/devtools/front_end/resources/ApplicationPanelSidebar.js [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/devtools/front_end/resources/DOMStorageModel.js [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/devtools/front_end/sdk/TargetManager.js [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/modules/modules_initializer.cc [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/modules/storage/inspector_dom_storage_agent.cc [modify] https://crrev.com/e2ce4979a905dfcb953cb56ded2ddc2cbb1bdd4f/third_party/blink/renderer/modules/storage/inspector_dom_storage_agent.h
,
Jun 20 2018
Able to reproduce this issue on Windows 10, Mac OS 10.13.5 and Ubuntu 17.10 on the reported version 67.0.3396.79 and the issue is fixed on the latest Beta 68.0.3440.33 as per issue 851816 (duped in comment #3). 1. Launched Chrome and enabled Strict site isolation flag. 2. Navigated to http://jsfiddle.net/qn408cs5/ -> Devtools ->Application and can see two sections and ("x": "abc") values are seen. Attached is the screen shots for reference. Hence adding TE verified labels as the fix is working as intended. Thanks.. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by lukasza@chromium.org
, Jun 8 2018