Sprint 4, WW3 (Aug 3 - Aug 7)

• Time: 2015/8/4 (Tue), 2pm CST
• Place: B2G Vidyo
• Host: Paul Theriault
• Attendees: Jonas, Ken, Yoshi, Dimi, Henry, Ethan, Kan-Ru, Aaron, Jonathan

Announcement

In order to trace progress of NSec milestones, we have to set [Target Milestones] in NSec bugs, especially those with priority P1 and P2.
Aaron Wu will create a Wiki page to monitor NSec bug progress according to this field.

Status Update

Henry

• Bug 1188717 - Store necessary info to cache metadata for packaged web app
  • waiting on advice from Honza/Valentin for next steps
• Bug 1185439 - Packaged apps needs to know the header of the multipart'ed content
• Bug 1181137 - Packaged Apps do not apply security headers
  • We need to discuss this bug for signed packaged
• Process switch flow chart. Need further discussion with necko team and Kanru
  • https://docs.google.com/drawings/d/1CuxcjFOSlagcCKm7z3hQ2mIBfTif8PWOiRCmTiZffWA/edit

Dimi

• NSec:
  • Bug 1189235 - use originAttribute for ServiceWorkerRegistrar
• Service Worker:
  • Bug 1187766 - Test loading plugins scenarios with fetch interception. r+
  • Bug 1188822 - Make service-workers/service-worker/fetch-request-resources.https.html pass. on-going

Yoshi

• Bug 1165214 - DOMStorageManager should use origin for ScopeKey and QuotaKey. working on data-migration. v3
• Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager to use originAttributes rather than explicitly querying appid/browser. Working on Part 2 fix nsILoadContext
• Bug 1165277 - Use origin in SessionStorage.jsm. feedback+
• Bug 1167100 - User nsIPrincipal.originAttribute in ContentPrincipalInfo. Listing dependencies.

Kanru

• Bug 1190245 - refactor nsFrameLoader.cpp in preparation of implementing process switch
• Bug 1170894 - Implement process switch (includes bug 1186843) and working out test plans
• Bug 1186843 - will be morphed into fix remaining message manager switch bugs after process switch

Ethan

• Bug 1163254 - Add signedPkg OriginAttribute for new Firefox OS security model (meta bug)
• Bug 1179985 - Make all Origin-Related APIs OriginAttributes-aware (meta bug)
• Bug 1165267 - Use cookieJar for nsCookieService
  • Change in nsCookieKey or CookieService
• Use OriginAttribute in IndexedDB (seems no bug is filed yet)
  • Bug 1165217 - Use origin attribute in nsIUsageCallback

Jonathan

• Bug 1178518 - Support for verifying signed packages
  • Made a hook for necko
  • Implementing verification using VerifySignedManifest in https://dxr.mozilla.org/mozilla-central/source/security/apps/AppSignatureVerification.cpp#843
• Thanks and please start a thread to discuss with keeler/rbarnes
  • Sure.

Paul

• cookie
  • what is the relationship between signed package origins and their host origin?
  • does the signed package origin subsume the host origin (i.e. do cookies for the host domain show up in document.cookie inside package js)
• permission model
  • looking at permissions to see if we can to latent permission granting in the future