Proposal: document `browser.storage.managed` initialization semantics and provide initialization event

Question

Proposal: document `browser.storage.managed` initialization semantics and provide initialization event

twschiller opened this issue 4 months ago · comments

Todd Schiller commented 4 months ago

Summary

Problem:

browser.storage.managed provides policies to extensions via Google Workspace Policy/Windows GPO/ADMX/etc.
It appears that browser.storage.managed is not guaranteed to be set for extension installation/startup (e.g., on force install in a VDI environment)
There's no way to distinguish an empty browser.storage.managed policy vs. a policy that has not been initialized yet. Both seem to return {}. Update: Firefox appears to return undefined if not set
It doesn't appear that browser.storage.onChange is fired on initialization
Currently, extensions resort to hacks to try to handle the race condition: 1) waiting/retrying for 2-4 seconds, 2) automatically reloading the extension on installation
Policies often are used to control extension startup behavior (e.g., login screens / first run screens), so there needs to be formally defined installation/startup semantics

Proposal:

Document the browser.storage.managed initialization semantics/guarantees across browser vendors
- If storage.managed should always be available at extension startup, fix the bug in Chromium
Document the browser.storage.onChanged behavior for initialization across browser vendors
If storage.managed might not be initialized on startup, provide an initialization getter and event for listening for initialization

Proposed API

browser.storage.managed {
  isInitialized: () => Promise<boolean>;
  onInitialized: Events.Event<({items: Record<string, unknown>}) => void>;
}

It would be convenient if onInitialized provided the initial values, but is unnecessary because the handler can retrieve the values in its handler (and I don't anticipate any relevant race conditions).

isInitialized is not strictly necessary if onInitialized event is guaranteed to fire at a time where the background worker has an opportunity to be listening

Current Workarounds/Hacks

Here are the current hacks that open-source browser extension use:

uBlockOrigin: reload extension on install
PrivacyBadger: poll for policy for ~4.5 seconds
PixieBrix: poll for policy for 2 seconds. In practice, we've found this to be insufficient in enterprise VDI environments with policies managed by GPO: pixiebrix/pixiebrix-extension#7618

Vendor Behavior Inconsistency

"Firefox, unlike Chrome, promptly returns undefined when managed storage is not set" #547 (comment)

Related Information

Possible related Chromium bug: https://issues.chromium.org/issues/40169579

Alexei · Answer 1 · Fri Feb 16 2024 05:08:46 GMT+0800 (China Standard Time)

I've since updated Privacy Badger's workaround a bit: EFForg/privacybadger@2ac8b01?w=1

Firefox, unlike Chrome, promptly returns undefined when managed storage is not set, so there is no need for a workaround in Firefox.

As for where the Chromium managed storage race condition bug comes from: I did a bisect a while ago that led me to https://chromium.googlesource.com/chromium/src/+/1b2aef7ac8b8b5422c5ea7f02352059ab28e05ee%5E%21/

Federico Brigante · Answer 2 · Tue Feb 20 2024 20:59:42 GMT+0800 (China Standard Time)

@ghostwords would you be able to publish that logic as a standalone module? The issue is a few years old and it would be nice to have a centralized solution for others to use/improve.

erosman · Answer 3 · Tue Feb 20 2024 21:15:10 GMT+0800 (China Standard Time)

See also: Inconsistency: storage.managed