Open
Bug 1337868
Opened 3 years ago
Updated 1 year ago
Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Categories
(Core :: DOM: Security, task, P3, major)
Tracking
()
NEW
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [OA-testing][tor-testing][domsecurity-backlog1])
Bug 1283319 added tests for Connection Isolation in HTTP/1.1, but we should hedge our bets and make some tests for other connection types.
|
||
Updated•3 years ago
|
Summary: Add container connection isolation tests for HTTP2, TLS, and WebSockets → Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets
Whiteboard: [OA] → [OA-testing][tor]
|
||
Updated•3 years ago
|
Whiteboard: [OA-testing][tor] → [OA-testing][tor-testing]
|
||
Updated•3 years ago
|
Priority: -- → P3
Whiteboard: [OA-testing][tor-testing] → [OA-testing][tor-testing][domsecurity-backlog1]
|
||
Updated•2 years ago
|
Blocks: FirstPartyIsolation
|
Reporter | |
Comment 1•2 years ago
|
||
This might be done for HTTP2 in Bug 1334693. And Alt-Srv in Bug 1334690. But maybe it hasn't.
|
|
||
Updated•2 years ago
|
Priority: P3 → P1
|
||
Comment 2•2 years ago
|
||
Hi arthur, I see this was promoted from P3 to P1 5 months ago, reasoning?
Flags: needinfo?(arthuredelstein)
|
|
||
Updated•2 years ago
|
Severity: normal → major
Priority: P1 → P2
|
|
||
Comment 3•2 years ago
|
||
Hi Marion -- thanks for checking. We're planning to enable HTTP/2 for the next version of Tor Browser and unit tests for FPI (or generally OriginAttribute isolation) would provide stronger assurance.
Flags: needinfo?(arthuredelstein)
|
|
||
Comment 4•2 years ago
|
||
Great, thank you for the answer! That makes total sense. I hope you don't mind I moved it to P2. It's still high priority.
|
||
Updated•1 year ago
|
Type: defect → task
Priority: P2 → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•