Bug 212253 - Web Inspector: Storage: don't request the list of IndexedDB database names multiple times for the same security origin
Summary: Web Inspector: Storage: don't request the list of IndexedDB database names mu...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Devin Rousso
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-05-21 22:12 PDT by Devin Rousso
Modified: 2020-05-22 14:54 PDT (History)
4 users (show)

See Also:


Attachments
Patch (2.39 KB, patch)
2020-05-21 22:19 PDT, Devin Rousso
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Devin Rousso 2020-05-21 22:12:37 PDT
# STEPS TO REPRODUCE:
1. inspect <https://www.businessinsider.com>
2. reload the page a few times
 => multiple `ONE_SIGNAL_SDK_DB` IndexedDB databases are shown
Comment 1 Devin Rousso 2020-05-21 22:12:54 PDT
<rdar://problem/62945903>
Comment 2 Devin Rousso 2020-05-21 22:19:58 PDT
Created attachment 400026 [details]
Patch
Comment 3 Joseph Pecoraro 2020-05-21 22:49:59 PDT
Comment on attachment 400026 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review

r=me

> Source/WebInspectorUI/ChangeLog:11
> +        This can happen if additional frames are added that share the same security origin as the
> +        main frame. Simply maintain a `Set` of security origins that've already been requested for
> +        and ignore any repeat requests.

In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same.
Comment 4 Devin Rousso 2020-05-21 23:00:57 PDT
Comment on attachment 400026 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review

>> Source/WebInspectorUI/ChangeLog:11
>> +        and ignore any repeat requests.
> 
> In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same.

We kinda do? 😅  The logic in `InspectorIndexedDBAgent::requestDatabaseNames` does use the `Document::securityOrigin` and Document::topOrigin` when getting the database names, so maybe we should also walk the `WI.Frame` ancestors and create a paired key for `_requestSecurityOrigins` instead.

I was thinking that we didn't do this based on the fact that `IndexedDB.requestDatabaseNames` only took a single `securityOrigin`.  Interesting that both security origins come from the same `Document` 🤔
Comment 5 Devin Rousso 2020-05-21 23:22:22 PDT
Comment on attachment 400026 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=400026&action=review

>>> Source/WebInspectorUI/ChangeLog:11
>>> +        and ignore any repeat requests.
>> 
>> In general Storage probably doesn't respect the double key'd nature of storages of (top frame, inner frame). But I think this is probably fine since the same origin within two subframes is probably the same.
> 
> We kinda do? 😅  The logic in `InspectorIndexedDBAgent::requestDatabaseNames` does use the `Document::securityOrigin` and Document::topOrigin` when getting the database names, so maybe we should also walk the `WI.Frame` ancestors and create a paired key for `_requestSecurityOrigins` instead.
> 
> I was thinking that we didn't do this based on the fact that `IndexedDB.requestDatabaseNames` only took a single `securityOrigin`.  Interesting that both security origins come from the same `Document` 🤔

Actually, i think what's here now is fine as the `Document::topOrigin` should always be the same for any given page so really the only thing that's changing is the `Document::securityOrigin`.
Comment 6 EWS 2020-05-22 14:54:38 PDT
Committed r262077: <https://trac.webkit.org/changeset/262077>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 400026 [details].