Bug 254507

Summary: [GTK] webkit_web_context_add_path_to_sandbox() does not accept currently non-existent paths
Product: WebKit Reporter: Milan Crha <mcrha>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Milan Crha 2023-03-27 03:41:34 PDT 
The webkit_web_context_add_path_to_sandbox() should allow paths, which do not exist. The Evolution project has such paths for plugins, while the plugins are loaded dynamically, with no need to restart the whole application when they are added (only WebView is needed to be recreated).

Since 2.40.0, there are shown two runtime warnings on the console when trying to pass a non-existent path to the webkit_web_context_add_path_to_sandbox():

** (evolution:36844): WARNING **: 12:32:21.640: Failed to canonicalize path /home/USER/.local/share/evolution/preview-plugins: No such file or directory
** (evolution:36844): CRITICAL **: 12:32:21.654: Attempted to add disallowed path to sandbox: /home/USER/.local/share/evolution/preview-plugins

There should not be any such warning, from my point of view. Not talking that the second warning is due to the first warning, both being within WebKitGTK itself.

I'm okay to check for the path existence before adding it, it only won't be that nice as being able to tell WebKitGTK that there are paths which can be used in the future, even they do not exist right now.
Comment 1 Michael Catanzaro 2023-03-27 05:43:39 PDT 
So technically it's possible to allow this, but I'm not sure it's a good idea. Thing is, if you fail to create the path before starting the web process, then the path is not going to be mounted. This could be very confusing for application developers. And the application does not know when a new web process is created: we don't expose that at all. Currently there is one web process per non-related view, but in the future I would expect all views displaying the same origin to share a web process. And for Evolution, that would be all views, so the content would effectively never be reloaded.

Exposing functionality that could change in the future based on process model changes is inherently risky.

Is creating the preview-plugins directory in advance really such a bad thing? It's OK for it to be empty.
Comment 2 Milan Crha 2023-03-27 07:01:55 PDT 
Hmm, thus you need the directory to exist to be able to mount it. I did not think about it.

I do not want to always create the directory, even it's under the user's tree. If there will be any other changes in the process model in the future, as you suggested, then let's keep it as is. I'll add the directory on the Evolution side only when it'll exist.