multi-account-containers icon indicating copy to clipboard operation
multi-account-containers copied to clipboard

Published 20 hours ago verified publisher icon mozilla

`window.postMessage()` doesn't work across containers

Open youk opened this issue 2 years ago • 5 comments

Before submitting a bug report

  • [X] I updated to the latest version of Multi-Account Container and tested if I can reproduce the issue
  • [X] I searched for existing reports to see if it hasn't already been reported

Step to reproduce

window.postMessage() doesn't seem to work across tabs opened in different containers. A simple sequence like

const targetWindow = window.open('target.html')
setTimeout(() => {
    targetWindow.postMessage('test', '*')
}, 1000)

doesn't deliver the message to the listener in target.html.

Is this intended behavior? postMessage() is supposed to work across different origins by design. It is up to the receiving end whether to handle a message form a particular sender or ignore it.

Actual behavior

Messages sent via postMessage() to a tab opened in different container aren't received.

Expected behavior

postMessage() works across containers.

Additional informations

No response

Provide a copy of Troubleshooting Information page (optional)

No response

youk avatar Aug 22 '23 20:08 youk

Shouldn't this be a feature for security?

ngdangtu-vn avatar Oct 01 '23 10:10 ngdangtu-vn

Where exactly is the security part? postMessage() won't work OOTB, it requires explicit configuration on the receiving end.

youk avatar Oct 01 '23 10:10 youk

Isn't the point of Container is isolate the tab from the rest? If the postMessage() function can send data to other tabs in different containers then the Container is failed in isolating right? It can send data meant it can send cookie as well (get cookie turn to a simple string and send through postMessage()). All the site can use this trick to pass by Container and tracking user.

If postMessage() is allowed, Container becomes useless immediately. I disagree that this is a bug.

ngdangtu-vn avatar Oct 01 '23 10:10 ngdangtu-vn

After storage partitioning there is no way to communicate between tabs. I considering it as critical bug, because there is no way how to allow it by directive or some other way. It's removing feature change.

BrtnikFM avatar Nov 14 '23 12:11 BrtnikFM

Does this only happen when the Multi-Account Containers extension is installed? Or does it happen in any Firefox browser profile with containers enabled?

If it's a Firefox bug (not just this extension), please check bugzilla to see if the bug is already captured there. File a new one if it's not there.

groovecoder avatar Nov 28 '23 20:11 groovecoder