Closed
Bug 1002676
Opened 10 years ago
Closed 7 years ago
Don't persist user permissions for non-secure origins
Categories
(Core :: Permission Manager, defect)
Core
Permission Manager
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mt, Unassigned)
Details
We should not rely on persistent permissions for non-secure origins. Nor should we allow non-secure origins to change persistent permissions. In WebRTC, we've made a choice (in the W3C/IETF, not just Mozilla) to forbid the persistence of user permissions on non-secure origins. Failure to do so potentially allows a MitM attacker a trivial means of access to security- or privacy-sensitive data. In WebRTC, this is the camera and microphone. We definitely want to do this for the geolocation API, but on reviewing the options under the permissions manager, this seems like a good thing to apply more generally. I understand that this creates a problem for the permissions manager, which persists on a per-domain basis without regard for scheme (or port). That suggests that there might some supporting work to switch permissions manager to operate on an per-origin basis, before something like this could be done.
Comment 1•7 years ago
|
||
Permission manager now operates on a per-origin basis, but I don't think there's really a point to this bug. There are many permissions that are unrelated to powerful web features like WebRTC and breaking all of them on HTTP sites is not viable even in the long term. Furthermore, not all permission entries are "Allow" entries, and WebRTC does support permanently disallowing on HTTP, which would break as well.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•