Closed Bug 1508355 Opened 6 years ago Closed 5 years ago

Add a test to make sure "Save Page As" respect First-Party Isolation

Categories

(Firefox :: Menus, enhancement, P5)

Product:
Firefox
Component:
Menus
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 66
Tracking Flags:
Tracking Status
firefox66 --- fixed

People

(Reporter: arthur, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor 22343])

Attachments

(1 file, 2 obsolete files)

Add a test case for assuring all "Save ... As" options honor the first party domain. r=baku,richard@torproject.org
14.09 KB, patch
timhuang
: review+
Details | Diff | Splinter Review 
In Tor Browser, we introduced a patch to isolate a number of "Saving" options by first-party. Namely:

* File menu:
  - Save Page As
* Context menu in content pages:
  - Save Page As
  - Save Image As
  - Save Video As
  - Save Link As
  - Save Frame As
* Page Info "Media" Panel:
  - Save As

This involves ensuring the request channel has the correct principal (and OriginAttribute) so that we get proper stream isolation.

We'd like to propose uplifting this patch to Firefox.

Current Tor Browser patch:
https://torpat.ch/22343
Original Tor ticket:
https://trac.torproject.org/22343
Priority: -- → P3
Priority: P3 → P5

I believe that all "Save ... As" has followed OAs after bug 1469916. But it still doesn't have a test case for them.

Assignee: nobody → tihuang
Summary: "Save Page As" should respect First-Party Isolation → Add a test to make sure "Save Page As" respect First-Party Isolation
This patch adds a test case which tests following "Save ... As" options:

* File menu:
  - Save Page As
* Context menu in content pages:
  - Save Page As
  - Save Image As
  - Save Video As
  - Save Link As
  - Save Frame As
* Page Info "Media" Panel:
  - Save As

It triggers the save process and checks if the OA of the saving channel
has the correct first party domain.
Attachment #9036290 - Flags: review?(richard)
Attachment #9036290 - Flags: review?(amarchesini)
Comment on attachment 9036290 [details] [diff] [review]
Add a test case for assuring all "Save ... As" options honor the first party domain. r=baku,richard@torproject.org

Review of attachment 9036290 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/components/originattributes/test/browser/browser_firstPartyIsolation_saveAs.js
@@ +62,5 @@
> +});
> +
> +function createTemporarySaveDirectory() {
> +  let saveDir = Services.dirsvc.get("TmpD", Ci.nsIFile);
> +  saveDir.append("testsavedir");

saveDir.creatUnique(Ci.nsIFile.DIRECTORY_TYPE, 0o755);

without checking the existence.
Attachment #9036290 - Flags: review?(amarchesini) → review+
Comment on attachment 9036290 [details] [diff] [review]
Add a test case for assuring all "Save ... As" options honor the first party domain. r=baku,richard@torproject.org

Review of attachment 9036290 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me
Attachment #9036290 - Flags: review?(richard) → review+
Attachment #9036290 - Attachment is obsolete: true
Attachment #9037921 - Attachment is obsolete: true

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0f709682e4a0
Add a test case for assuring all "Save ... As" options honor the first party domain. r=baku,richard@torproject.org

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/0f709682e4a0

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox66: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 66
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: