Security/Features/Revamp Security Hooks
Status
Revamp Security Hooks | |
Stage | Draft |
Status | ` |
Release target | ` |
Health | OK |
Status note | ` |
{{#set:Feature name=Revamp Security Hooks
|Feature stage=Draft |Feature status=` |Feature version=` |Feature health=OK |Feature status note=` }}
Team
Product manager | ` |
Directly Responsible Individual | ` |
Lead engineer | Jonas Sicking |
Security lead | Tanvi Vyas |
Privacy lead | ` |
Localization lead | ` |
Accessibility lead | ` |
QA lead | ` |
UX lead | ` |
Product marketing lead | ` |
Operations lead | ` |
Additional members | Christoph Kerschbaumer |
{{#set:Feature product manager=`
|Feature feature manager=` |Feature lead engineer=Jonas Sicking |Feature security lead=Tanvi Vyas |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Christoph Kerschbaumer }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
This is a multi-step project to make security checks in Gecko more robust. Currently, security checks are done before a channel is created and before a request hits necko. This project would change this so that each individual security check would fall in the place where it is best suited. Part of this will be breaking apart the current Content Policy API and calling each content policy in the appropriate place.
- NewChannel API - Include information in the channel about who initiated the load.
- Add new network observer architecture.
- Implement security policies on top of that observer architecture, checking against each policy at the appropriate time during the life of a request.
https://etherpad.mozilla.org/BetterNeckoSecurityHooks
Meta bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1006868
2. Users & use cases
Motivations -
- Enable new hooks to better handle redirects and response observing/filtering
- Replace necko observer-service notifications with something more high-performance
- Enable implementing CSP, local-network-CSRF-protection and https-everywhere to be implemented using standard necko hooks
- Replace nsIContentPolicy with something e10s friendly
- Replace nsIProtocolHandler with something e10s friendly
- Remove ability/need for protocol handlers to implement custom nsIURIs and nsIChannels
- Enable starting network requests directly from worker threads and other non-main-threads
- Enable off-main-thread network requests to never hit the main thread unless JS-based addons which explicitly request it are installed
- Make redirect handling simpler and more consistent
- Get rid of nsIChannel.owner
- Provide consistent observer hooks that work for all channel types, including file:, http:, chrome:, data: etc. This is useful for the devtools team.
- Provide observer hooks with fewer edge cases, even when a request is loaded from cache.
3. Dependencies
`
4. Requirements
`
Non-goals
`
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=This is a multi-step project to make security checks in Gecko more robust. Currently, security checks are done before a channel is created and before a request hits necko. This project would change this so that each individual security check would fall in the place where it is best suited. Part of this will be breaking apart the current Content Policy API and calling each content policy in the appropriate place.
- NewChannel API - Include information in the channel about who initiated the load.
- Add new network observer architecture.
- Implement security policies on top of that observer architecture, checking against each policy at the appropriate time during the life of a request.
https://etherpad.mozilla.org/BetterNeckoSecurityHooks
Meta bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1006868 |Feature users and use cases=Motivations -
- Enable new hooks to better handle redirects and response observing/filtering
- Replace necko observer-service notifications with something more high-performance
- Enable implementing CSP, local-network-CSRF-protection and https-everywhere to be implemented using standard necko hooks
- Replace nsIContentPolicy with something e10s friendly
- Replace nsIProtocolHandler with something e10s friendly
- Remove ability/need for protocol handlers to implement custom nsIURIs and nsIChannels
- Enable starting network requests directly from worker threads and other non-main-threads
- Enable off-main-thread network requests to never hit the main thread unless JS-based addons which explicitly request it are installed
- Make redirect handling simpler and more consistent
- Get rid of nsIChannel.owner
- Provide consistent observer hooks that work for all channel types, including file:, http:, chrome:, data: etc. This is useful for the devtools team.
- Provide observer hooks with fewer edge cases, even when a request is loaded from cache.
|Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
Priority | P1 |
Rank | 999 |
Theme / Goal | Product Hardening |
Roadmap | Security |
Secondary roadmap | Platform |
Feature list | ` |
Project | ` |
Engineering team | Security |
{{#set:Feature priority=P1
|Feature rank=999 |Feature theme=Product Hardening |Feature roadmap=Security |Feature secondary roadmap=Platform |Feature list=` |Feature project=` |Feature engineering team=Security }}
Team status notes
status | notes | |
Products | ` | ` |
Engineering | ` | ` |
Security | ` | ` |
Privacy | ` | ` |
Localization | ` | ` |
Accessibility | ` | ` |
Quality assurance | ` | ` |
User experience | ` | ` |
Product marketing | ` | ` |
Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}