Open Bug 1306351 Opened 3 years ago Updated 8 months ago

Add a way to mark downloads as started by the user

Categories

(Firefox :: File Handling, defect, P3)

defect

Tracking

()

People

(Reporter: Paolo, Unassigned)

References

(Blocks 2 open bugs)

Details

We should add a way to detect if a download was triggered as a result of a top-level load triggered in turn by user interaction. We'll use this for the protection from sites that try to download multiple files automatically. We may need to add platform support in the form of load flags if none is present already.
Blocks: 1306354
Add to product backlog.
Priority: -- → P3
I wonder if we could hook into the "temporary permissions" mechanism for this, which does kind of the same thing already. Temporary permissions are cleared until the user navigates away from the page or reloads it, which is kind of what we want for this, too (and it might be even more sensible to apply download protection to the entire tab instead of origin to protect against a.example.com, b.example.com type redirection attacks).

https://searchfox.org/mozilla-central/search?q=cleartemporarypermissions&case=false&regexp=false&path=

That would require no load flag.
(In reply to Johann Hofmann [:johannh] from comment #2)
> cleared until the user navigates away from the page or reloads it, which is

Meant to say "cleared when the user navigates away..."
You need to log in before you can comment on or make changes to this bug.