Skip to content

Make CDP server more authoritative with respect to IDs #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 14 commits into from
Closed

Make CDP server more authoritative with respect to IDs #451

wants to merge 14 commits into from

Conversation

@karlseguin
Copy link
Collaborator

@karlseguin karlseguin commented Feb 28, 2025

The TL;DR is that this commit enforces the use of correct IDs, introduces a BrowserContext, and adds some CDP tests.

These are the ids we need to be aware of when talking about CDP:

  • id
  • browserContextId
  • targetId
  • sessionId
  • loaderId
  • frameId

The id is the only one that should originate from the driver. It's attached to most messages and it's how we maintain a request -> response flow: when the server responds to a specific message, it echo's back the id from the requested message. (As opposed to out-of-band events sent from the server which won't have an id). When I say "id" from this point forward, I mean every id except for this req->res id.

Every other id is created by the browser.

Prior to this commit, we didn't really check incoming ids from the driver. If the driver said "attachToTarget" and included a targetId, we just assumed that this was the current targetId. This was aided by the fact that we only used hard-coded IDS. If we only "create" a frameId of "FRAME-1", then it's tempting to think the driver will only ever send a frameId of "FRAME-1".

The issue with this approach is that if the browser and driver fall out of sync and there's only ever 1 browserContextId, 1 sessionId and 1 frameId, it's not impossible to imagine cases where we behave on the thing.

Imagine this flow:

  • Driver asks for a new BrowserContext
  • Browser says OK, your browserContextId is 1
  • Driver, for whatever reason, says close browserContextId 2
  • Browser says, OK, but it doesn't check the id and just closes the only BrowserContext it knows about (which is 1)

By both re-using the same hard-coded ids, and not verifying that the ids sent from the client correspond to the correct ids, any issues are going to be hard to debug.

Currently LOADER_ID and FRAEM_ID are still hard-coded. Baby steps.

karlseguin and others added 14 commits February 28, 2025 18:40
@karlseguin
Make CDP server more authoritative with respect to IDs
fbdff34 
The TL;DR is that this commit enforces the use of correct IDs, introduces a
BrowserContext, and adds some CDP tests.

These are the ids we need to be aware of when talking about CDP:
- id
- browserContextId
- targetId
- sessionId
- loaderId
- frameId

The `id` is the only one that _should_ originate from the driver. It's attached
to most messages and it's how we maintain a request -> response flow: when
the server responds to a specific message, it echo's back the id from the
requested message. (As opposed to out-of-band events sent from the server which
won't have an `id`). When I say "id" from this point forward, I mean every id
except for this req->res id.

Every other id is created by the browser.

Prior to this commit, we didn't really check incoming ids from the driver. If
the driver said "attachToTarget" and included a targetId, we just assumed that
this was the current targetId. This was aided by the fact that we only used
hard-coded IDS. If _we_ only "create" a frameId of "FRAME-1", then it's tempting
to think the driver will only ever send a frameId of "FRAME-1".

The issue with this approach is that _if_ the browser and driver fall out of sync
and there's only ever 1 browserContextId, 1 sessionId and 1 frameId, it's not
impossible to imagine cases where we behave on the thing.

Imagine this flow:
- Driver asks for a new BrowserContext
- Browser says OK, your browserContextId is 1
- Driver, for whatever reason, says close browserContextId 2
- Browser says, OK, but it doesn't check the id and just closes the only
  BrowserContext it knows about (which is 1)

By both re-using the same hard-coded ids, and not verifying that the ids sent
from the client correspond to the correct ids, any issues are going to be hard
to debug.

Currently LOADER_ID and FRAEM_ID are still hard-coded. Baby steps.
@karlseguin
send attach events before result
e3858b3
@karlseguin
allow Target.getTargetInfo to be called without parameters
7ed6925
@karlseguin
Don't send CDP result when message is forward to inspector.
ca51b41 
Rely on inspector to send the result, otherwise we'll send 2 responses to the
same message (one ourselves and one from the inspector), which Playwright does
not like.
@krichprollsch @karlseguin
upgrade vendor/zig-js-runtime
c545610
@krichprollsch @karlseguin
upgrade vendor/zig-async-io
47961c1
@karlseguin
Add Set-Cookie parsing
48ecfb6
@karlseguin
add test for Storage shed, use map.getOrPut
0a02ae5
@karlseguin
add cookie jar
b091c01
@karlseguin
Cookie with SameSite=None is only valid when Secure
467442c
@karlseguin
fix typo, improve comment, add 1 test case
353964b
@katie-lpd @karlseguin
Update README.md
5dba5e8 
A really important visual change in the readme :)
@karlseguin
Serialize socket writes + consider client pending completions when sh…
4b71c26 
…utting down

Previously, we could have multiple in-flight messages from the server to a
single client. This isn't safe and can lead to message interleaving. While
write / send are atomic, they are only atomic for the N bytes which they write,
which may not be the entire buffer. Consider this writeAll function:

```
pub fn writeAll(socket: socket_t, bytes: []const u8) !void {
    var index: usize = 0;
    while (index < bytes.len) {
        index += try posix.write(socket, bytes[index..]);
    }
}
```

If we're trying to send "abc123", this could take anywhere from 1 to 6 calls
to posix.write (it would take 6 calls, for example, if every call to
posix.write only wrote a single byte). Now if you're trying to write other data
to this same socket at the same time, messages _will_ get interleaved.

In order for this to work, the client now has a send_queue (doubly linked list).
When one message is sent, it sends the next.

In addition to the above change, the Client is now self-contained with respect
to its lifetime. This is necessary so that completions which come in AFTER our
concept of its lifetime ends, can still be processed. I think all types that
receive completions need to follow this model. This relies on the fact that
kqueue (which I know for a fact) and io_uring (which people seem to imply) handle
socket shutdown properly. It's still a bit messy because of timeout and not
wanting to wait until timeout to accept new connections, but needing to wait
until timeout to cleanup the client.

The self-contained nature of Client makes it difficult to test as a generic. I
removed Client(T). Tests now use real sockets. Some tests had to be removed
because they're too difficult to test over a real connection :(
@karlseguin
Merge branch 'main' into browser_context
a5cf14e
@krichprollsch krichprollsch mentioned this pull request Mar 10, 2025
Merged
@krichprollsch
Copy link
Member

krichprollsch commented Mar 10, 2025

closed in favor of #459 to clean git history.

@github-actions github-actions bot locked and limited conversation to collaborators Mar 10, 2025
@karlseguin karlseguin deleted the browser_context branch March 11, 2025 02:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@krichprollsch krichprollsch krichprollsch approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@karlseguin @krichprollsch @katie-lpd