Disallow Cache API in 3rd party windows when 3rd party cookies are disabled

RESOLVED FIXED in Firefox 43

Status

()

Core
DOM
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bkelly, Assigned: Nika)

Tracking

(Blocks: 2 bugs, {dev-doc-needed, site-compat})

unspecified
mozilla43
dev-doc-needed, site-compat
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

3 years ago
The Cache API should not be accessible in Window or workers for 3rd party iframes when the user has disable 3rd party cookies.

ServiceWorkers will be handled separately by prevented fetch interception for 3rd party iframes in these cases.
(Reporter)

Comment 1

3 years ago
From Ehsan, the pref in question is network.cookie.cookieBehavior and the third party rejection value is 1.
(Reporter)

Updated

3 years ago
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
(Reporter)

Comment 2

3 years ago
I discussed with Ehsan and we will do this a bit later.
Assignee: bkelly → nobody
Blocks: 1110136
No longer blocks: 1110144
Status: ASSIGNED → NEW
You've probably seen this already, Michael, but https://dxr.mozilla.org/mozilla-central/source/dom/indexedDB/IDBFactory.cpp#354 is related (but we need to also look at the pref).
Assignee: nobody → michael
(Reporter)

Updated

3 years ago
Depends on: 1184978
(Assignee)

Updated

3 years ago
Duplicate of this bug: 1184978
(Assignee)

Comment 5

3 years ago
Created attachment 8635325 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

This patch uses the StorageAllowedForWindow logic being implemented in bug 1184789. 

Test coverage on this functionality hasn't been checked yet, but new tests for the behavior will likely have to be written.

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=204836d73b40
(Assignee)

Updated

3 years ago
Depends on: 1184973
(Assignee)

Comment 6

3 years ago
Created attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Updated version of patch. Part 2 of new storage logic. Full tree here: https://github.com/mystor/mozilla-central/tree/storage_pref

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d48360c5cc3e
Attachment #8635325 - Attachment is obsolete: true
Attachment #8641988 - Flags: review?(ehsan)
(Assignee)

Comment 7

3 years ago
s/Part 2/Part 5 - oops

Comment 8

3 years ago
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Over to Ben.
Attachment #8641988 - Flags: review?(ehsan) → review?(bkelly)
(Reporter)

Comment 9

3 years ago
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Review of attachment 8641988 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.  Thanks! r=me

I was considering switching the content principal check in CacheStorage IsTrusted to a MOZ_ASSERT, but I think its safer to leave it as a runtime check for now.
Attachment #8641988 - Flags: review?(bkelly) → review+
(Assignee)

Comment 10

3 years ago
Created attachment 8650663 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Updated due to changes in StorageAllowedFor*
Attachment #8641988 - Attachment is obsolete: true
https://hg.mozilla.org/mozilla-central/rev/dfeb2c993435
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox43: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Posted the site compatibility doc: https://www.fxsitecompat.com/en-US/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/
Keywords: dev-doc-needed, site-compat
You need to log in before you can comment on or make changes to this bug.