Bug 2027006,2036743: Fetch remote policies on Felt UI before launching Firefox

[victhorlopez]

Description

Bugzilla: Bug-2027006

• Moves remote policy fetching from Firefox startup to the Felt UI login flow, so policies are available before Firefox launches, and we can avoid extra startups in case of failures
• Fetches user info and remote policies in parallel after SSO authentication completes
• Passes policies to Firefox via a new IPC message
• If either fetch fails, signs the user out, clears SSO cookies, signouts the user, and resets the Felt UI to the login page with a connection error

---

Dependencies / Related Issues

• Depends on:

---

Screenshots

---

Testing

• Added tests
• Manual testing performed

• I put a throw with a counter (to make it fail only the first time), and see how the sso works but fails on fetch

[victhorlopez]

should we add here a check for
remotePolicies == "" or == "{}"

and count it as invalid (i.e throw), otherwise we will open firefox and throw there

[lissyx]

What is the justification for the try block?

[victhorlopez]

those are network requests, if they throw an exception you end up with a "blank page" in the sso

[victhorlopez]

in theory in this step, we actually managed to log in but either getRemotePolicies or getLoggedInUserInfo failed. I assumed we want to clean up everything?

[lissyx]

I defer to @1rneh for that

[victhorlopez]

I assumed we write only once?

[Copilot]

Pull request overview

Moves remote enterprise policy retrieval for Felt from Firefox startup into the Felt UI login flow so policies are available before launching Firefox, and failures can be handled without extra Firefox startups.

Changes:

• Fetch logged-in user info and remote policies in parallel after SSO completes, and handle failures by signing out/clearing cookies and returning to login with a connection error.
• Introduce a new Felt IPC/XPCOM API to pass remote policies to Firefox at startup.
• Update enterprise policy startup fetching logic and add/adjust Felt enterprise tests for the new failure/retry behavior.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs	Switch Felt startup remote-policy source to Services.felt.getStartupPolicies() and remove Felt-specific shutdown logic.
browser/extensions/felt/content/FeltProcessParent.sys.mjs	Fetch user info + policies in parallel; send policies to Firefox via new IPC; add cookie cleanup helper and error-to-login path.
browser/extensions/felt/api.js	Add FeltParent:ShowLogin message handler to reset the Felt UI to the login view with an error.
browser/extensions/felt/content/window.js	Listen for reset-to-login to reset the UI to login (with optional error type).
browser/components/enterprise/modules/ConsoleClient.sys.mjs	Add postSignout() helper for the new failure path.
browser/extensions/felt/rust/nsIFelt.idl	Add sendPolicies() / getStartupPolicies() XPCOM methods for passing startup policies.
browser/extensions/felt/rust/src/message.rs	Add Policies(String) IPC message and bump IPC version.
browser/extensions/felt/rust/src/components.rs	Implement the new XPCOM methods to send/store startup policy payload.
browser/extensions/felt/rust/src/client.rs	Receive/store the policies payload from IPC on the Firefox side.
browser/extensions/felt/rust/src/utils.rs	Add global storage for startup policies.
testing/enterprise/test_felt_browser_init_failures.py	Extend the failure test to assert error UI and successful login after failure.
testing/enterprise/felt_tests.py	Make the SSO test server simulate “existing session cookie skips login form” behavior.

Comments suppressed due to low confidence (1)

toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs:1073

• fetchPoliciesOnStartup() no longer fetches remote policies for non-Felt runs: res remains undefined when Services.felt?.isFeltBrowser() is false, which makes the subsequent !res?.policies branch always set _failed = true and prevents policies from loading until/if polling later succeeds. This looks like an unintended regression; consider keeping the previous lazy.ConsoleClient.getRemotePolicies() call for the non-Felt path (and optionally falling back to it if getStartupPolicies() throws/returns invalid JSON in the Felt path).

    let res;
    try {
      if (Services.felt?.isFeltBrowser()) {
        res = JSON.parse(Services.felt.getStartupPolicies());
      }
    } catch (e) {
      console.error(`Failed to fetch remote policies on startup: ${e}`);
      this._failed = true;
      return;
    }
    if (!res?.policies) {
      console.error(
        `No policies were found in the response: ${JSON.stringify(res)}.`
      );
      this._failed = true;
    } else {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[lissyx]

Since we persist here, do we want to persist also on disk? Would it make any sense? @1rneh what is your opinion?

[victhorlopez]

just to add context on why I am saving this.. it is because if firefox crashes, we need to restart it instantly ( and it uses another path), but.... now I have another question, is this well behaved if the policies changed during runtime? Maybe 1rneh had another idea, to populate also the policies storage from the browser and populate the storage, cause otherwise we might start with old policies?

[lissyx]

I think we should do that earlier.

[victhorlopez]

Can you elaborate what would be optimal?

As of now here the cookies are deleted after trying to signout, we did successfully SSO but something failed in whoami/policies

[lissyx]

technically since it's private browsing, even quickly after the <browser> is dismissed it's already gone, so I think reloading the window would already be enough

[victhorlopez]

Let me know what would you do in here, (also to have an optimal user experience), cause I tried some things and did not manage to make it work properly until I cleared the cookies (i.e I had problems if I was trying to login a second time)

[lissyx]

Likely we want a more focused error message, but this is UX we should discuss with Matthew ?

[victhorlopez]

This is related to your question about what we type of exceptions we can get.. 401 should be handled already(would be weird to get it in this step but you never know), so I would expect here to get a no connection error/ server errors etc (or no policies setup on the console).

[lissyx]

Also I'm wondering if we should not handle that just like others in https://searchfox.org/enterprise-main/rev/753b9cbaa2529ceb14c22f0ec69fd5f81294e7a4/browser/extensions/felt/api.js#296-300

[victhorlopez]

I did some changes based on your comment, I hope I went in the right direction.

Regarding like the others, the other they "reset the window", in this case the form is always visible, so we should not call show window cause it opens another window.

[lissyx]

I think the actor solution is better

[lissyx]

Why do we add this now?

[victhorlopez]

Because this changed in here

         - this.loggedInUserInfo =
         -  await lazy.ConsoleClient.getLoggedInUserInfo();
         + let userInfo, remotePolicies;
         + try {
         +  // TODO: Bug 2003001 - Pass user info from Felt to Firefox to avoid network request on startup
         +   [userInfo, remotePolicies] = await Promise.all([
         +    lazy.ConsoleClient.getLoggedInUserInfo(),
         +     lazy.ConsoleClient.getRemotePolicies(),
         +  ]);

[lissyx]

WOo, that is rather intrusive, I dont know how it collides with the work @1rneh is doing on policies

[victhorlopez]

@github-copilot review