Isolate AlternateService mappings by Origin Attributes

RESOLVED FIXED in Firefox 54

Status

()

P1
normal
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: arthur, Assigned: jhao)

Tracking

(Blocks: 1 bug)

unspecified
mozilla54
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox52 wontfix, firefox53 wontfix, firefox54 fixed)

Details

(Whiteboard: [tor][necko-would-take][OA])

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Alt-Svc headers cause state to be stored in the browser, which is a super-cookie vector. For this reason Tor Browser currently disables these headers (see https://trac.torproject.org/16673). We would like to propose isolating stored Alt-Svc data by first-party domain when "privacy.firstparty.isolate" is enabled.
Flags: needinfo?(mcmanus)
also be sure to suppress the alt-used request header
Flags: needinfo?(mcmanus)
Whiteboard: [tor] → [tor][necko-would-take]

Updated

2 years ago
Whiteboard: [tor][necko-would-take] → [tor][necko-would-take][OA]
This should happen for private browsing and containers to, so making the subject more generic.
Priority: -- → P1
Summary: Isolate AlternateService mappings by FirstPartyDomain when privacy.firstparty.isolate = true → Isolate AlternateService mappings by Origin Attributes
(Assignee)

Updated

2 years ago
Assignee: nobody → jhao
Status: NEW → ASSIGNED
Comment hidden (mozreview-request)

Comment 5

2 years ago
mozreview-review
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

https://reviewboard.mozilla.org/r/112696/#review114254

nice and straightforward. thanks
Attachment #8837571 - Flags: review?(mcmanus) → review+

Comment 6

2 years ago
mozreview-review
Comment on attachment 8837570 [details]
Bug 1334690 - Test that AlternateService is isolated by origin attributes.

https://reviewboard.mozilla.org/r/112694/#review114252

::: netwerk/protocol/http/nsHttpChannel.cpp:5897
(Diff revision 1)
>      SetDoNotTrack();
>  
>      OriginAttributes originAttributes;
>      NS_GetOriginAttributes(this, originAttributes);
>  
> +    LOG(("JONATHAN: pid = %d", originAttributes.mPrivateBrowsingId));

delete
Attachment #8837570 - Flags: review?(mcmanus) → review+
Comment hidden (mozreview-request)
Comment hidden (mozreview-request)

Comment 9

2 years ago
Pushed by jhao@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/19cbf2e84f80
Test that AlternateService is isolated by origin attributes. r=mcmanus
https://hg.mozilla.org/integration/autoland/rev/43e48c2dde48
Isolate AlternateService mappings by Origin Attributes. r=mcmanus

Comment 10

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/19cbf2e84f80
https://hg.mozilla.org/mozilla-central/rev/43e48c2dde48
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox54: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
(Assignee)

Comment 11

2 years ago
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

Approval Request Comment
[Feature/Bug causing the regression]: Preexisting issue.
[User impact if declined]:
1. The first party isolation will be imcomplete.  Tor browser need this patch in ESR 52 to enable Alternative Service for their users.
2. Containers users won't have isolated alternative service cache, either.
[Is this code covered by automated tests?]: Yes, in the other patch test_altsvc.js.
[Has the fix been verified in Nightly?]: Yes, the test is green.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: The other patch.
[Is the change risky?]: Slightly.
[Why is the change risky/not risky?]: Most users will have default origin attributes, and shouldn't feel anything different.
[String changes made/needed]: None.
Attachment #8837571 - Flags: approval-mozilla-beta?
Attachment #8837571 - Flags: approval-mozilla-aurora?
(Assignee)

Comment 12

2 years ago
Comment on attachment 8837570 [details]
Bug 1334690 - Test that AlternateService is isolated by origin attributes.

Approval Request Comment

The same as the previous request.
Attachment #8837570 - Flags: approval-mozilla-beta?
Attachment #8837570 - Flags: approval-mozilla-aurora?
Hey, Jonathan, thanks for fixing this so quickly!
re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which they currently do not).

This is h2 only code (as we implement it - 7540 does allow h1, but we don't do that for other reasons..)
(In reply to Patrick McManus [:mcmanus] from comment #14)
> re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which
> they currently do not).
> This is h2 only code (as we implement it - 7540 does allow h1, but we don't
> do that for other reasons..)

Arthur, do you know the answer?
Flags: needinfo?(arthuredelstein)
status-firefox52: --- → affected
status-firefox53: --- → affected
Comment on attachment 8837571 [details]
Bug 1334690 - Isolate AlternateService mappings by Origin Attributes.

we're past code freeze for 52, this seems late for non-crash, non-regression bugs.
Attachment #8837571 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Attachment #8837570 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
(Assignee)

Updated

2 years ago
Blocks: 1334693
(Reporter)

Comment 17

2 years ago
(In reply to Patrick McManus [:mcmanus] from comment #14)
> re uplift - is Tor expecting to enable h2 in their fork of ESR 52 (which
> they currently do not).
> 
> This is h2 only code (as we implement it - 7540 does allow h1, but we don't
> do that for other reasons..)

I think at least initially, we will keep h2 disabled in TBB/ESR52, to give us time to review privacy properties and make any needed patches.
Flags: needinfo?(arthuredelstein)
(Assignee)

Updated

2 years ago
Attachment #8837570 - Flags: approval-mozilla-aurora?
(Assignee)

Updated

2 years ago
Attachment #8837571 - Flags: approval-mozilla-aurora?
status-firefox52: affected → wontfix
status-firefox53: affected → wontfix
You need to log in before you can comment on or make changes to this bug.