Disallow Cache API in 3rd party windows when 3rd party cookies are disabled

RESOLVED FIXED in Firefox 43

Status

()

defect
RESOLVED FIXED
5 years ago
5 months ago

People

(Reporter: bkelly, Assigned: Nika)

Tracking

(Blocks 2 bugs, {dev-doc-needed, site-compat})

unspecified
mozilla43
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment, 2 obsolete attachments)

The Cache API should not be accessible in Window or workers for 3rd party iframes when the user has disable 3rd party cookies.

ServiceWorkers will be handled separately by prevented fetch interception for 3rd party iframes in these cases.
From Ehsan, the pref in question is network.cookie.cookieBehavior and the third party rejection value is 1.
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
I discussed with Ehsan and we will do this a bit later.
Assignee: bkelly → nobody
Blocks: 1110136
No longer blocks: serviceworker-cache
Status: ASSIGNED → NEW
You've probably seen this already, Michael, but https://dxr.mozilla.org/mozilla-central/source/dom/indexedDB/IDBFactory.cpp#354 is related (but we need to also look at the pref).
Assignee: nobody → michael
Depends on: 1184978
Duplicate of this bug: 1184978
This patch uses the StorageAllowedForWindow logic being implemented in bug 1184789. 

Test coverage on this functionality hasn't been checked yet, but new tests for the behavior will likely have to be written.

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=204836d73b40
Depends on: 1184973
s/Part 2/Part 5 - oops
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Over to Ben.
Attachment #8641988 - Flags: review?(ehsan) → review?(bkelly)
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic

Review of attachment 8641988 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.  Thanks! r=me

I was considering switching the content principal check in CacheStorage IsTrusted to a MOZ_ASSERT, but I think its safer to leave it as a runtime check for now.
Attachment #8641988 - Flags: review?(bkelly) → review+
Updated due to changes in StorageAllowedFor*
Attachment #8641988 - Attachment is obsolete: true
https://hg.mozilla.org/mozilla-central/rev/dfeb2c993435
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.