Closed Bug 1334690 Opened 7 years ago Closed 7 years ago

Isolate AlternateService mappings by Origin Attributes

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla54
Tracking Flags:
Tracking Status
firefox52 --- wontfix
firefox53 --- wontfix
firefox54 --- fixed

People

(Reporter: arthur, Assigned: jhao)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor][necko-would-take][OA])

Attachments

(2 files)

Bug 1334690 - Test that AlternateService is isolated by origin attributes.
59 bytes, text/x-review-board-request
mcmanus
: review+
jcristau
: approval-mozilla-beta-
Details
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.
59 bytes, text/x-review-board-request
mcmanus
: review+
jcristau
: approval-mozilla-beta-
Details 
Alt-Svc headers cause state to be stored in the browser, which is a super-cookie vector. For this reason Tor Browser currently disables these headers (see https://trac.torproject.org/16673). We would like to propose isolating stored Alt-Svc data by first-party domain when "privacy.firstparty.isolate" is enabled.
Flags: needinfo?(mcmanus)
also be sure to suppress the alt-used request header
Flags: needinfo?(mcmanus)
Whiteboard: [tor] → [tor][necko-would-take]
Whiteboard: [tor][necko-would-take] → [tor][necko-would-take][OA]
This should happen for private browsing and containers to, so making the subject more generic.
Priority: -- → P1
Summary: Isolate AlternateService mappings by FirstPartyDomain when privacy.firstparty.isolate = true → Isolate AlternateService mappings by Origin Attributes
Assignee: nobody → jhao
Status: NEW → ASSIGNED
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

https://reviewboard.mozilla.org/r/112696/#review114254

nice and straightforward. thanks
Attachment #8837571 - Flags: review?(mcmanus) → review+
Comment on attachment 8837570 [details]
Bug 1334690 - Test that AlternateService is isolated by origin attributes.

https://reviewboard.mozilla.org/r/112694/#review114252

::: netwerk/protocol/http/nsHttpChannel.cpp:5897
(Diff revision 1)
>      SetDoNotTrack();
>  
>      OriginAttributes originAttributes;
>      NS_GetOriginAttributes(this, originAttributes);
>  
> +    LOG(("JONATHAN: pid = %d", originAttributes.mPrivateBrowsingId));

delete
Attachment #8837570 - Flags: review?(mcmanus) → review+
Pushed by jhao@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/19cbf2e84f80
Test that AlternateService is isolated by origin attributes. r=mcmanus
https://hg.mozilla.org/integration/autoland/rev/43e48c2dde48
Isolate AlternateService mappings by Origin Attributes. r=mcmanus
https://hg.mozilla.org/mozilla-central/rev/19cbf2e84f80
https://hg.mozilla.org/mozilla-central/rev/43e48c2dde48
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox54: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

Approval Request Comment
[Feature/Bug causing the regression]: Preexisting issue.
[User impact if declined]:
1. The first party isolation will be imcomplete.  Tor browser need this patch in ESR 52 to enable Alternative Service for their users.
2. Containers users won't have isolated alternative service cache, either.
[Is this code covered by automated tests?]: Yes, in the other patch test_altsvc.js.
[Has the fix been verified in Nightly?]: Yes, the test is green.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: The other patch.
[Is the change risky?]: Slightly.
[Why is the change risky/not risky?]: Most users will have default origin attributes, and shouldn't feel anything different.
[String changes made/needed]: None.
Attachment #8837571 - Flags: approval-mozilla-beta?
Attachment #8837571 - Flags: approval-mozilla-aurora?
Comment on attachment 8837570 [details]
Bug 1334690 - Test that AlternateService is isolated by origin attributes.

Approval Request Comment

The same as the previous request.
Attachment #8837570 - Flags: approval-mozilla-beta?
Attachment #8837570 - Flags: approval-mozilla-aurora?
Hey, Jonathan, thanks for fixing this so quickly!
re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which they currently do not).

This is h2 only code (as we implement it - 7540 does allow h1, but we don't do that for other reasons..)
(In reply to Patrick McManus [:mcmanus] from comment #14)
> re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which
> they currently do not).
> This is h2 only code (as we implement it - 7540 does allow h1, but we don't
> do that for other reasons..)

Arthur, do you know the answer?
Flags: needinfo?(arthuredelstein)
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

we're past code freeze for 52, this seems late for non-crash, non-regression bugs.
Attachment #8837571 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Attachment #8837570 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Blocks: 1334693
(In reply to Patrick McManus [:mcmanus] from comment #14)
> re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which
> they currently do not).
> 
> This is h2 only code (as we implement it - 7540 does allow h1, but we don't
> do that for other reasons..)

I think at least initially, we will keep h2 disabled in TBB/ESR52, to give us time to review privacy properties and make any needed patches.
Flags: needinfo?(arthuredelstein)
Attachment #8837570 - Flags: approval-mozilla-aurora?
Attachment #8837571 - Flags: approval-mozilla-aurora?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: