ServiceWorkerLifetimeExtension.h (3742B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef mozilla_dom_serviceworkerlifetimeextension_h 8 #define mozilla_dom_serviceworkerlifetimeextension_h 9 10 #include "mozilla/TimeStamp.h" 11 #include "mozilla/Variant.h" 12 13 namespace mozilla::dom { 14 15 // Do not extend the ServiceWorker's lifetime. This should only be used for 16 // special internal cases like sending a termination op. If you are thinking 17 // of using this for other purposes, you probably should not be using the 18 // ServiceWorkerOp mechanism. 19 struct NoLifetimeExtension {}; 20 21 // Propagated lifetime extension allows us to ensure that a ServiceWorker 22 // using ServiceWorker.postMessage to contact another ServiceWorker cannot 23 // extend the lifetime of the recipient ServiceWorker beyond the lifetime of 24 // the sender. 25 struct PropagatedLifetimeExtension { 26 // We propagate the lifetime as a timestamp-as-deadline rather than a 27 // duration because a duration is effectively frozen in time until it is 28 // applied, providing potential for abuse due to the inherently async nature 29 // of the events involved. 30 // 31 // It is possible for this value to be in the past by the time it is 32 // processed. It is also possible for this value to be null because of 33 // async delays between the transmission of a message from one ServiceWorker 34 // (in the content process) and the time it is received in the parent 35 // process and/or because the sending ServiceWorker has reached its deadline 36 // but is in its "grace period". We do not attempt to normalize these cases 37 // into `NoLifetimeExtension`. 38 TimeStamp mDeadline; 39 }; 40 41 // For functional events that are initiated by window clients or very specific 42 // APIs like the Push API where care has been taken to ensure that Service 43 // Workers can only run without having a tab open under very specific 44 // circumstances that have been extensively discussed with the standards, 45 // privacy, and security teams. 46 struct FullLifetimeExtension {}; 47 48 /** 49 * Conveys how events dispatched at a Service Worker global should impact its 50 * lifetime. 51 */ 52 struct ServiceWorkerLifetimeExtension 53 : public Variant<NoLifetimeExtension, PropagatedLifetimeExtension, 54 FullLifetimeExtension> { 55 public: 56 explicit ServiceWorkerLifetimeExtension(NoLifetimeExtension aExt) 57 : Variant(AsVariant(std::move(aExt))) {} 58 explicit ServiceWorkerLifetimeExtension(PropagatedLifetimeExtension aExt) 59 : Variant(AsVariant(std::move(aExt))) {} 60 explicit ServiceWorkerLifetimeExtension(FullLifetimeExtension aExt) 61 : Variant(AsVariant(std::move(aExt))) {} 62 63 // Check whether this lifetime extends at least the provided number of 64 // seconds into the future. This is for use in situations where we might 65 // freshly spawn a new ServiceWorker like `SpawnWorkerIfNeeded`. This helps 66 // compensate for the fixed costs to spawning a ServiceWorker as well as the 67 // assumption that a ServiceWorker needs at least a minimum amount of run time 68 // to accomplish something. Note that a spawned ServiceWorker will still 69 // potentially be able to leverage the 70 // "dom.serviceWorkers.idle_extended_timeout" grace period, which with current 71 // pref values means an extra 30 seconds of potential execution time. (But 72 // the grace period never counts for propagated deadline purposes.) 73 bool LifetimeExtendsIntoTheFuture(uint32_t aRequiredSecs = 5) const; 74 }; 75 76 } // namespace mozilla::dom 77 78 #endif // mozilla_dom_serviceworkerlifetimeextension_h