Open twschiller opened 4 months ago
I've since updated Privacy Badger's workaround a bit: https://github.com/EFForg/privacybadger/commit/2ac8b019c6d6348b213b89e9fd278d7cb206185b?w=1
Firefox, unlike Chrome, promptly returns undefined
when managed storage is not set, so there is no need for a workaround in Firefox.
As for where the Chromium managed storage race condition bug comes from: I did a bisect a while ago that led me to https://chromium.googlesource.com/chromium/src/+/1b2aef7ac8b8b5422c5ea7f02352059ab28e05ee%5E%21/
@ghostwords would you be able to publish that logic as a standalone module? The issue is a few years old and it would be nice to have a centralized solution for others to use/improve.
See also: Inconsistency: storage.managed
I ran several tests today to try and reproduce the mentioned behavior on both macOS and Linux. Even after multiple tries and doing various things to speed up initialization (disabling welcome prompts etc.), I was never able to access managed storage before the values had been loaded.
Would someone who has experience reproducing this be able to take a look and see if they can still do so?
I spoke to @rdcronin about this in general, and if there are situations where we can reasonably know we haven't finished loading the values, we are supportive of waiting to resolve the get()
call until values are ready.
This will probably end up being best handled in the Chromium bug tracker but will leave this open for now.
I ran several tests today to try and reproduce the mentioned behavior on both macOS and Linux. Even after multiple tries and doing various things to speed up initialization (disabling welcome prompts etc.), I was never able to access managed storage before the values had been loaded.
@oliverdunk thanks for investigating! Are you suggesting that the current implementation might wait to resolve until the values are available (if there are values set)?
Did you try force-installing the extension? In our case, we're deploying in enterprise VDI environments where they're force installing and setting managed storage via GPO on Windows.
Our team will try creating reproduction steps, but it likely won't be until next week after the US holiday
@oliverdunk thanks for investigating! Are you suggesting that the current implementation might wait to resolve until the values are available (if there are values set)?
I couldn't immediately see code for that, but it did seem to be happening in practice.
Did you try force-installing the extension? In our case, we're deploying in enterprise VDI environments where they're force installing and setting managed storage via GPO on Windows.
I was adding a test extension as a command line flag. I don't think that would be meaningfully different, but that could be one thing to try.
Our team will try creating reproduction steps, but it likely won't be until next week after the US holiday
Thanks, and no worries! I'll wait to hear how it goes.
Summary
Problem:
browser.storage.managed
provides policies to extensions via Google Workspace Policy/Windows GPO/ADMX/etc.browser.storage.managed
is not guaranteed to be set for extension installation/startup (e.g., on force install in a VDI environment)browser.storage.managed
policy vs. a policy that has not been initialized yet. Both seem to return{}
. Update: Firefox appears to return undefined if not setbrowser.storage.onChange
is fired on initializationProposal:
browser.storage.managed
initialization semantics/guarantees across browser vendorsstorage.managed
should always be available at extension startup, fix the bug in Chromiumbrowser.storage.onChanged
behavior for initialization across browser vendorsstorage.managed
might not be initialized on startup, provide an initialization getter and event for listening for initializationProposed API
It would be convenient if onInitialized provided the initial values, but is unnecessary because the handler can retrieve the values in its handler (and I don't anticipate any relevant race conditions).
isInitialized
is not strictly necessary ifonInitialized
event is guaranteed to fire at a time where the background worker has an opportunity to be listeningCurrent Workarounds/Hacks
Here are the current hacks that open-source browser extension use:
Vendor Behavior Inconsistency
Related Information