Open
Bug 1337868
Opened 5 years ago
Updated 8 months ago
Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Categories
(Core :: DOM: Security, task, P3)
Tracking
()
NEW
People
(Reporter: tjr, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [OA-testing][tor-testing][domsecurity-backlog1])
Bug 1283319 added tests for Connection Isolation in HTTP/1.1, but we should hedge our bets and make some tests for other connection types.
Updated•5 years ago
|
Summary: Add container connection isolation tests for HTTP2, TLS, and WebSockets → Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Whiteboard: [OA] → [OA-testing][tor]
Updated•5 years ago
|
Whiteboard: [OA-testing][tor] → [OA-testing][tor-testing]
Updated•5 years ago
|
Priority: -- → P3
Whiteboard: [OA-testing][tor-testing] → [OA-testing][tor-testing][domsecurity-backlog1]
Updated•5 years ago
|
Blocks: FirstPartyIsolation
Reporter | ||
Comment 1•5 years ago
|
||
This might be done for HTTP2 in Bug 1334693. And Alt-Srv in Bug 1334690. But maybe it hasn't.
Updated•4 years ago
|
Priority: P3 → P1
Comment 2•4 years ago
|
||
Hi arthur, I see this was promoted from P3 to P1 5 months ago, reasoning?
Flags: needinfo?(arthuredelstein)
Updated•4 years ago
|
Severity: normal → major
Priority: P1 → P2
Comment 3•4 years ago
|
||
Hi Marion -- thanks for checking. We're planning to enable HTTP/2 for the next version of Tor Browser and unit tests for FPI (or generally OriginAttribute isolation) would provide stronger assurance.
Flags: needinfo?(arthuredelstein)
Comment 4•4 years ago
|
||
Great, thank you for the answer! That makes total sense. I hope you don't mind I moved it to P2. It's still high priority.
Updated•3 years ago
|
Type: defect → task
Priority: P2 → P3
Updated•2 years ago
|
Blocks: dfpi-isolation-needed
Updated•2 years ago
|
Comment 6•2 years ago
|
||
Have we made progress on this in light of bug 1673921?
Flags: needinfo?(tihuang)
Comment 7•2 years ago
|
||
No, we haven't added tests for H2, and WebSocket.
For TLS, we do have a test here. It tests the TLS resumed state and the connection hash key. But, I think we still need the test for the partitioning of TLS client certificates. Bug 1664998 was opened for it.
Flags: needinfo?(tihuang)
You need to log in
before you can comment on or make changes to this bug.
Description
•