Create a new reserved environment for cross-origin redirects.

[mfalken]

Previously, a navigation would create a reserved environment once,
and use it for all redirects. This commit changes that so
a new environment is created on a cross-origin redirect.

This also runs CSP for each redirect, which is probably more
correct.

Per w3c/ServiceWorker#1316

---

/browsing-the-web.html ( diff )
/infrastructure.html ( diff )

[mfalken]

@annevk would you be able to review this?
@mikewest for CSP.

[mfalken]

Hum, there's a problem here. Is the intent of creation URL to be after redirects? The service worker spec seems to be using creation URL as the current URL. Maybe that's mistake of the service worker spec though.

The current PR will update creation URL after cross-origin redirects but not same-origin ones, which would be too inconsistent.

@wanderview @jungkees @jakearchibald what do you think?

[wanderview]

I think the most sane thing is to set the creation URL at the time the settings object is marked execution ready. That would be after all redirects. (FWIW, this is what I implemented in firefox.)

I think we discussed this a bit in regard to SharedWorker here:

w3c/ServiceWorker#1289

Also a bit in here regarding documents:

w3c/ServiceWorker#1091

I'm not sure, though, if the current spec says anything like that.

[wanderview]

I think the most sane thing is to set the creation URL at the time the settings object is marked execution ready. That would be after all redirects. (FWIW, this is what I implemented in firefox.)

I guess since we don't expose reserved clients it may not matter if the creation URL is set earlier. Any redirects should be complete before execution ready is set and causes the client to be exposed. Changing the reserved environment on redirect should update the creation URL prior to execution ready IMO.

[mfalken]

@wanderview Thanks, that makes sense. I'll update the creation URL on redirects. I agree it shouldn't matter if we do that right after the redirect on the reserved client, or right before execution ready, since reserved clients aren't exposed. Setting it after redirect seems good to me because it's where most of the reserved client is created, and the SW spec might try to access the creation URL of the reserved client rather than the request URL.

Do you know off-hand if we have WPT for this (Client#url after redirects)?

[mfalken]

Revised. This will need WPT for the service worker spec. I'll work on those soon but would prefer to merge this change in parallel of that if it looks good..

[wanderview]

Do you know off-hand if we have WPT for this (Client#url after redirects)?

I don't see one. And of course we also don't have a WPT test that showing history.pushState() does not change the client.url either. Both of those tests would be great to clarify behavior here.

[mfalken]

Thanks. Another quick question while you're around: do you recall if Client.url for windows is intended to reflect the final response URL (i.e., including respondWith(fetch(url)) or just the request URL after redirects? I know workers are supposed to reflect the response URL (#3771). There was some talk at w3c/ServiceWorker#1031 too.

Yea.. WPT would be good for all this.

[wanderview]

Oh, interesting question. Since window navigation is a special case and does not reflect the final URL provided to respondWith(), I think it should also not be reflected in the client.url value.

I think that is what we implemented in firefox. See the navigation check here:

https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/dom/serviceworkers/ServiceWorkerEvents.cpp#713-731

(The comment isn't making sense to me right now, though.)

The client.url is then set to nsIDocument::GetOriginalURI() which is the after-redirect URL of the document:

https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/dom/clients/manager/ClientSource.cpp#266

[annevk]

I'm unclear why we need request cloning here and manipulation of request's URL list. It seems too much of Fetch is creeping into the navigate algorithm.

[annevk]

While done is false*

[annevk]

Also, since this has more than one nested element the <p> needs to be newlined

[annevk]

URL list*

[annevk]

current URL

[annevk]

Closing </p>

[annevk]

Dot outside the span element.

[annevk]

's outside the var element

[annevk]

s/let/then set/
s/be/to/

[annevk]

"a new environment whose id is ... and target browsing context is ..."

[annevk]

Newline <p>

[annevk]

link network error

[annevk]

no need for comma before "and set" as there's only two actions.

[annevk]

(Apologies for the delay here by the way. I overlooked this somehow.)

[mfalken]

Thank you for the review!

Sorry I'm not good at git... looks like I messed up this PR trying to sync with upstream changes.

[mfalken]

I'm unclear why we need request cloning here and manipulation of request's URL list. It seems too much of Fetch is creeping into the navigate algorithm.

Hum, I think I needed this for the "Should navigation request of type from source in target be blocked by Content Security Policy?" step. I thought it should use request with the new URL added to it. But we can't modify request directly here since the Fetch spec also modifies it in HTTP-redirect fetch.

However, it looks like https://w3c.github.io/webappsec-csp/#should-block-navigation-request uses "request's URL". There are two problems here:

• URL links to the "response URL" concept in the Fetch spec, which looks wrong
• It probably means to link to "request URL" which seems to be the first URL of the redirect chain, in which case appending the request to the list won't help.

I guess I can keep CSP as is for this change (keep passing request), and can probably forgo the cloning.

[mfalken]

@annevk thanks, I addressed your feedback.

(I think I was able to recover the PR by using git push -f to cancel the previous bad push)

[mfalken]

@annevk: ping. I also have a WPT at https://chromium-review.googlesource.com/c/chromium/src/+/1206054

[annevk]

This looks a lot better, thanks. Did you file issues against CSP for the issues you found?

[mfalken]

Thanks! I will be away for some time but plan to get back to this ASAP.

[mfalken]

Thanks! I'm preparing a patch in response to your comments.

Did you file issues against CSP for the issues you found?

Filed w3c/webappsec-csp#343

[mfalken]

@annevk I believe I addressed your comments. Please take another look.

[annevk]

I think this is good, modulo nits. You should also ensure there are two newlines between any </p> and <ol>.

I'd love it if @wanderview could have a look as well, given he's somewhat familiar with all this and might be able to spot more.

[mfalken]

Thanks @annevk! Updated. @wanderview did you want to look as well?

[wanderview]

LGTM

[annevk]

Thanks! Tests already landed? And presumably there's cross-browser support since this is a bug fix.

[mfalken]

Thanks! Yes, tests landed in web-platform-tests/wpt@2df7f9f#diff-f23ebe2bdee04a9c0b8ab094be59f318

And yes, I think this was the consensus from previous F2Fs and in the latest issue:
w3c/ServiceWorker#1031 (comment)
w3c/ServiceWorker#1316

[annevk]

Great, are there implementation bugs? If those are filed this is ready to land.

[mfalken]

There are bugs against resultingClientId (which the WPT depends on) at:

• Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=778497
• Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1264177
• WebKit bug: https://bugs.webkit.org/show_bug.cgi?id=190313

[annevk]

Thanks!