Open Bug 1337868 Opened 3 years ago Updated 1 year ago

Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets

Categories

(Core :: DOM: Security, task, P3, major)

52 Branch
task

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [OA-testing][tor-testing][domsecurity-backlog1])

Bug 1283319 added tests for Connection Isolation in HTTP/1.1, but we should hedge our bets and make some tests for other connection types.
Summary: Add container connection isolation tests for HTTP2, TLS, and WebSockets → Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Whiteboard: [OA] → [OA-testing][tor]
Whiteboard: [OA-testing][tor] → [OA-testing][tor-testing]
Priority: -- → P3
Whiteboard: [OA-testing][tor-testing] → [OA-testing][tor-testing][domsecurity-backlog1]
This might be done for HTTP2 in Bug 1334693. And Alt-Srv in Bug 1334690.  But maybe it hasn't.
Priority: P3 → P1
Hi arthur, I see this was promoted from P3 to P1 5 months ago, reasoning?
Flags: needinfo?(arthuredelstein)
Severity: normal → major
Priority: P1 → P2
Hi Marion -- thanks for checking. We're planning to enable HTTP/2 for the next version of Tor Browser and unit tests for FPI (or generally OriginAttribute isolation) would provide stronger assurance.
Flags: needinfo?(arthuredelstein)
Great, thank you for the answer! That makes total sense. I hope you don't mind I moved it to P2. It's still high priority.
Type: defect → task
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.