212253 2020-05-21 22:12:37 -0700 Web Inspector: Storage: don't request the list of IndexedDB database names multiple times for the same security origin 2020-05-22 14:54:38 -0700 1 1 1 Unclassified WebKit Web Inspector WebKit Nightly Build All All RESOLVED FIXED InRadar P2 Normal --- 1 hi hi hi inspector-bugzilla-changes joepeck webkit-bug-importer oldest_to_newest 1655248 0 hi 2020-05-21 22:12:37 -0700 # STEPS TO REPRODUCE: 1. inspect <https://www.businessinsider.com> 2. reload the page a few times => multiple `ONE_SIGNAL_SDK_DB` IndexedDB databases are shown 1655249 1 hi 2020-05-21 22:12:54 -0700 <rdar://problem/62945903> 1655250 2 400026 hi 2020-05-21 22:19:58 -0700 Created attachment 400026 Patch 1655251 3 400026 joepeck 2020-05-21 22:49:59 -0700 Comment on attachment 400026 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review r=me > Source/WebInspectorUI/ChangeLog:11 > + This can happen if additional frames are added that share the same security origin as the > + main frame. Simply maintain a `Set` of security origins that've already been requested for > + and ignore any repeat requests. In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same. 1655254 4 400026 hi 2020-05-21 23:00:57 -0700 Comment on attachment 400026 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review >> Source/WebInspectorUI/ChangeLog:11 >> + and ignore any repeat requests. > > In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same. We kinda do? 😅 The logic in `InspectorIndexedDBAgent::requestDatabaseNames` does use the `Document::securityOrigin` and Document::topOrigin` when getting the database names, so maybe we should also walk the `WI.Frame` ancestors and create a paired key for `_requestSecurityOrigins` instead. I was thinking that we didn't do this based on the fact that `IndexedDB.requestDatabaseNames` only took a single `securityOrigin`. Interesting that both security origins come from the same `Document` 🤔 1655260 5 400026 hi 2020-05-21 23:22:22 -0700 Comment on attachment 400026 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review >>> Source/WebInspectorUI/ChangeLog:11 >>> + and ignore any repeat requests. >> >> In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same. > > We kinda do? 😅 The logic in `InspectorIndexedDBAgent::requestDatabaseNames` does use the `Document::securityOrigin` and Document::topOrigin` when getting the database names, so maybe we should also walk the `WI.Frame` ancestors and create a paired key for `_requestSecurityOrigins` instead. > > I was thinking that we didn't do this based on the fact that `IndexedDB.requestDatabaseNames` only took a single `securityOrigin`. Interesting that both security origins come from the same `Document` 🤔 Actually, i think what's here now is fine as the `Document::topOrigin` should always be the same for any given page so really the only thing that's changing is the `Document::securityOrigin`. 1655452 6 ews-feeder 2020-05-22 14:54:38 -0700 Committed r262077: <https://trac.webkit.org/changeset/262077> All reviewed patches have been landed. Closing bug and clearing flags on attachment 400026. 400026 2020-05-21 22:19:58 -0700 2020-05-22 14:54:38 -0700 Patch bug-212253-20200521231957.patch text/plain 2450 hi ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJJbnNwZWN0b3JVSS9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2Vi SW5zcGVjdG9yVUkvQ2hhbmdlTG9nCmluZGV4IDdlYzM3OTk3YzU1OGUxZTIwZjYxYjVjNjllMmNi OWE4ZjUxZjMxYTUuLjY0ZDRiOTk3MWI1MTEwMTI0NTVmMzU0YzdiZjdkMTBmNzRjNDQ3MWYgMTAw NjQ0Ci0tLSBhL1NvdXJjZS9XZWJJbnNwZWN0b3JVSS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dl Ykluc3BlY3RvclVJL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIwLTA1LTIxICBEZXZp biBSb3Vzc28gIDxkcm91c3NvQGFwcGxlLmNvbT4KKworICAgICAgICBXZWIgSW5zcGVjdG9yOiBT dG9yYWdlOiBkb24ndCByZXF1ZXN0IHRoZSBsaXN0IG9mIEluZGV4ZWREQiBkYXRhYmFzZSBuYW1l cyBtdWx0aXBsZSB0aW1lcyBmb3IgdGhlIHNhbWUgc2VjdXJpdHkgb3JpZ2luCisgICAgICAgIGh0 dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMTIyNTMKKyAgICAgICAgPHJk YXI6Ly9wcm9ibGVtLzYyOTQ1OTAzPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIFRoaXMgY2FuIGhhcHBlbiBpZiBhZGRpdGlvbmFsIGZyYW1lcyBhcmUg YWRkZWQgdGhhdCBzaGFyZSB0aGUgc2FtZSBzZWN1cml0eSBvcmlnaW4gYXMgdGhlCisgICAgICAg IG1haW4gZnJhbWUuIFNpbXBseSBtYWludGFpbiBhIGBTZXRgIG9mIHNlY3VyaXR5IG9yaWdpbnMg dGhhdCd2ZSBhbHJlYWR5IGJlZW4gcmVxdWVzdGVkIGZvcgorICAgICAgICBhbmQgaWdub3JlIGFu eSByZXBlYXQgcmVxdWVzdHMuCisKKyAgICAgICAgKiBVc2VySW50ZXJmYWNlL0NvbnRyb2xsZXJz L0luZGV4ZWREQk1hbmFnZXIuanM6CisgICAgICAgIChXSS5JbmRleGVkREJNYW5hZ2VyKToKKyAg ICAgICAgKFdJLkluZGV4ZWREQk1hbmFnZXIucHJvdG90eXBlLl9yZXNldCk6CisKIDIwMjAtMDUt MjAgIE5pa2l0YSBWYXNpbHlldiAgPG52YXNpbHlldkBhcHBsZS5jb20+CiAKICAgICAgICAgV2Vi IEluc3BlY3RvcjogTGVmdC9SaWdodCBhcnJvdyBrZXlzIHNob3VsZCBjb2xsYXBzZS9leHBhbmQg ZGV0YWlscyBzZWN0aW9ucwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkluc3BlY3RvclVJL1VzZXJJ bnRlcmZhY2UvQ29udHJvbGxlcnMvSW5kZXhlZERCTWFuYWdlci5qcyBiL1NvdXJjZS9XZWJJbnNw ZWN0b3JVSS9Vc2VySW50ZXJmYWNlL0NvbnRyb2xsZXJzL0luZGV4ZWREQk1hbmFnZXIuanMKaW5k ZXggNDM1NTg0MTFlNzkzOWUwMDJhMzE2MzYzMzVjN2Q4NTk5MDhjMGQxNy4uNTIxODdhNjY5NWZi MGUyZjllOGI0MWUyYTNhZjI2M2JlMzYyNTNkNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkluc3Bl Y3RvclVJL1VzZXJJbnRlcmZhY2UvQ29udHJvbGxlcnMvSW5kZXhlZERCTWFuYWdlci5qcworKysg Yi9Tb3VyY2UvV2ViSW5zcGVjdG9yVUkvVXNlckludGVyZmFjZS9Db250cm9sbGVycy9JbmRleGVk REJNYW5hZ2VyLmpzCkBAIC0zMyw2ICszMyw4IEBAIFdJLkluZGV4ZWREQk1hbmFnZXIgPSBjbGFz cyBJbmRleGVkREJNYW5hZ2VyIGV4dGVuZHMgV0kuT2JqZWN0CiAgICAgICAgIHN1cGVyKCk7CiAK ICAgICAgICAgdGhpcy5fZW5hYmxlZCA9IGZhbHNlOworICAgICAgICB0aGlzLl9yZXF1ZXN0ZWRT ZWN1cml0eU9yaWdpbnMgPSBuZXcgU2V0OworCiAgICAgICAgIHRoaXMuX3Jlc2V0KCk7CiAgICAg fQogCkBAIC0xNTEsNiArMTUzLDcgQEAgV0kuSW5kZXhlZERCTWFuYWdlciA9IGNsYXNzIEluZGV4 ZWREQk1hbmFnZXIgZXh0ZW5kcyBXSS5PYmplY3QKICAgICBfcmVzZXQoKQogICAgIHsKICAgICAg ICAgdGhpcy5faW5kZXhlZERhdGFiYXNlcyA9IFtdOworICAgICAgICB0aGlzLl9yZXF1ZXN0ZWRT ZWN1cml0eU9yaWdpbnMuY2xlYXIoKTsKICAgICAgICAgdGhpcy5kaXNwYXRjaEV2ZW50VG9MaXN0 ZW5lcnMoV0kuSW5kZXhlZERCTWFuYWdlci5FdmVudC5DbGVhcmVkKTsKIAogICAgICAgICBsZXQg bWFpbkZyYW1lID0gV0kubmV0d29ya01hbmFnZXIubWFpbkZyYW1lOwpAQCAtMTczLDYgKzE3Niwx MSBAQCBXSS5JbmRleGVkREJNYW5hZ2VyID0gY2xhc3MgSW5kZXhlZERCTWFuYWdlciBleHRlbmRz IFdJLk9iamVjdAogICAgICAgICBpZiAoIXNlY3VyaXR5T3JpZ2luIHx8IHNlY3VyaXR5T3JpZ2lu ID09PSAiOi8vIikKICAgICAgICAgICAgIHJldHVybjsKIAorICAgICAgICBpZiAodGhpcy5fcmVx dWVzdGVkU2VjdXJpdHlPcmlnaW5zLmhhcyhzZWN1cml0eU9yaWdpbikpCisgICAgICAgICAgICBy ZXR1cm47CisKKyAgICAgICAgdGhpcy5fcmVxdWVzdGVkU2VjdXJpdHlPcmlnaW5zLmFkZChzZWN1 cml0eU9yaWdpbik7CisKICAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc0RhdGFiYXNlTmFtZXMoZXJy b3IsIG5hbWVzKQogICAgICAgICB7CiAgICAgICAgICAgICBpZiAoZXJyb3IgfHwgIW5hbWVzKQo=