Closed Bug 1264574 Opened 9 years ago Closed 8 years ago

Isolate cache to URL bar domain (Tor 13742)

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1260931

People

(Reporter: huseby, Assigned: huseby)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7])

Attachments

(1 file, 1 obsolete file)

test case to validate http cache isolation.
4.79 KB, patch
Details | Diff | Splinter Review
The Tor Patch for testing cache isolation.
Attached patch the Tor Browser patch (WIP) (obsolete) — Splinter Review
Summary: Isolate cache to URL bar domain. → Test the Isolate cache to URL bar domain.
This patch needs a good explanation of what you are doing. Messing this way with the id extension will just blow all of the current cache and might break some functionality.
Whiteboard: [tor][OA] → [tor][OA][domsecurity-backlog]
Comment on attachment 8741294 [details] [diff] [review] the Tor Browser patch (WIP) Review of attachment 8741294 [details] [diff] [review]: ----------------------------------------------------------------- ::: netwerk/protocol/http/nsHttpChannel.cpp @@ +2775,4 @@ > if (mLoadFlags & LOAD_BYPASS_LOCAL_CACHE_IF_BUSY) > cacheEntryOpenFlags |= nsICacheStorage::OPEN_BYPASS_IF_BUSY; > > + extension.Append(nsPrintfCString("%s@%d", cacheDomain.get(), mPostID)); personally, I would add the cacheDomain to the ext id (if that is even the best place to add it) only if it's different from the domain of the URL we are loading with this channel. That way you won't blow currently single-domain cached stuff from the people's caches while the isolation will still work. Also, mPostID must be added only when non-null.
Also, this should be optional IMO. It will effectively disable cache for loads of some third-party hosted resources like jquery and fonts, which is IMO unfortunate and goes against the cache use. I would engage this only when the channel is loaded as part of page where tracking protection is enabled (from the Firefox point of view) or with some other annotation flag that Tor browser can set.
Here's a link that tracks the Tor Browser patch as it is rebased. https://torpat.ch/13742
Summary: Test the Isolate cache to URL bar domain. → Test the Isolate cache to URL bar domain (Tor 13742)
Whiteboard: [tor][OA][domsecurity-backlog] → [tor][OA-testing][domsecurity-backlog]
Whiteboard: [tor][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog]
Priority: -- → P1
Depends on: 1289319
Priority: P1 → P3
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog1]
Priority: P3 → P1
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1] → [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
Priority: P1 → P2
The patch from Tor browser is implementation instead of testing, and we may not have to do extra thing once Yoshi's patch in bug 1260931 lands. Cache testing is taken care of in bug 1264577.
Summary: Test the Isolate cache to URL bar domain (Tor 13742) → Isolate cache to URL bar domain (Tor 13742)
(In reply to Jonathan Hao [:jhao] from comment #6) > The patch from Tor browser is implementation instead of testing, and we may > not have to do extra thing once Yoshi's patch in bug 1260931 lands. Cache > testing is taken care of in bug 1264577. Jonathan, thanks for this clarification information. Tim, when you verified that the cache is really isolated in bug 1264577, please set this bug as WONTFIX.
Flags: needinfo?(tihuang)
Assignee: nobody → huseby
Status: NEW → ASSIGNED
this patch is a test cache that confirms that http/content cache isolation is working with first party origin isolation. since it appears to be working, i'm going to close this bug as resolved, duplicate.
Attachment #8741294 - Attachment is obsolete: true
Flags: needinfo?(tihuang)
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: