Security/Features/Revamp Security Hooks

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Revamp Security Hooks
Stage Draft
Status `
Release target `
Health OK
Status note `


Product manager `
Directly Responsible Individual `
Lead engineer Jonas Sicking
Security lead Tanvi Vyas
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Christoph Kerschbaumer

Open issues/risks


Stage 1: Definition

1. Feature overview

This is a multi-step project to make security checks in Gecko more robust. Currently, security checks are done before a channel is created and before a request hits necko. This project would change this so that each individual security check would fall in the place where it is best suited. Part of this will be breaking apart the current Content Policy API and calling each content policy in the appropriate place.

  • NewChannel API - Include information in the channel about who initiated the load.
  • Add new network observer architecture.
  • Implement security policies on top of that observer architecture, checking against each policy at the appropriate time during the life of a request.

Meta bug -

2. Users & use cases

Motivations -

  • Enable new hooks to better handle redirects and response observing/filtering
  • Replace necko observer-service notifications with something more high-performance
  • Enable implementing CSP, local-network-CSRF-protection and https-everywhere to be implemented using standard necko hooks
  • Replace nsIContentPolicy with something e10s friendly
  • Replace nsIProtocolHandler with something e10s friendly
  • Remove ability/need for protocol handlers to implement custom nsIURIs and nsIChannels
  • Enable starting network requests directly from worker threads and other non-main-threads
  • Enable off-main-thread network requests to never hit the main thread unless JS-based addons which explicitly request it are installed
  • Make redirect handling simpler and more consistent
  • Get rid of nsIChannel.owner
  • Provide consistent observer hooks that work for all channel types, including file:, http:, chrome:, data: etc. This is useful for the devtools team.
  • Provide observer hooks with fewer edge cases, even when a request is loaded from cache.

3. Dependencies


4. Requirements




Stage 2: Design

5. Functional specification


6. User experience design


Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority P1
Rank 999
Theme / Goal Product Hardening
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Security

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `