Open
Bug 1337868
Opened 9 years ago
Updated 3 years ago
Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Categories
(Core :: DOM: Security, task, P3)
Tracking
()
NEW
People
(Reporter: tjr, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [OA-testing][tor-testing][domsecurity-backlog1])
Bug 1283319 added tests for Connection Isolation in HTTP/1.1, but we should hedge our bets and make some tests for other connection types.
|
||
Updated•9 years ago
|
Summary: Add container connection isolation tests for HTTP2, TLS, and WebSockets → Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Whiteboard: [OA] → [OA-testing][tor]
|
||
Updated•9 years ago
|
Whiteboard: [OA-testing][tor] → [OA-testing][tor-testing]
|
||
Updated•9 years ago
|
Priority: -- → P3
Whiteboard: [OA-testing][tor-testing] → [OA-testing][tor-testing][domsecurity-backlog1]
|
||
Updated•8 years ago
|
Blocks: FirstPartyIsolation
|
Reporter | |
Comment 1•8 years ago
|
||
This might be done for HTTP2 in Bug 1334693. And Alt-Srv in Bug 1334690. But maybe it hasn't.
|
|
||
Updated•8 years ago
|
Priority: P3 → P1
|
||
Comment 2•7 years ago
|
||
Hi arthur, I see this was promoted from P3 to P1 5 months ago, reasoning?
Flags: needinfo?(arthuredelstein)
|
|
||
Updated•7 years ago
|
Severity: normal → major
Priority: P1 → P2
|
|
||
Comment 3•7 years ago
|
||
Hi Marion -- thanks for checking. We're planning to enable HTTP/2 for the next version of Tor Browser and unit tests for FPI (or generally OriginAttribute isolation) would provide stronger assurance.
Flags: needinfo?(arthuredelstein)
|
|
||
Comment 4•7 years ago
|
||
Great, thank you for the answer! That makes total sense. I hope you don't mind I moved it to P2. It's still high priority.
|
||
Comment 5•7 years ago
|
||
|
||
Updated•6 years ago
|
Type: defect → task
Priority: P2 → P3
|
||
Updated•5 years ago
|
Blocks: dfpi-isolation-needed
|
|
||
Updated•5 years ago
|
|
||
Comment 6•5 years ago
|
||
Have we made progress on this in light of bug 1673921?
Flags: needinfo?(tihuang)
|
||
Comment 7•5 years ago
|
||
No, we haven't added tests for H2, and WebSocket.
For TLS, we do have a test here. It tests the TLS resumed state and the connection hash key. But, I think we still need the test for the partitioning of TLS client certificates. Bug 1664998 was opened for it.
Flags: needinfo?(tihuang)
|
||
Comment 8•3 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: major → --
You need to log in
before you can comment on or make changes to this bug.
Description
•