Closed Bug 1356277 Opened 4 years ago Closed 4 years ago

Respect permissions ACCESS_ALLOW_FIRST_PARTY_ONLY and ACCESS_LIMIT_THIRD_PARTY in nsContentUtils::StorageAllowedFor

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: nika, Assigned: nika)

References

Details

Attachments

(3 files)

Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*
6.64 KB, patch
ehsan
: review+
Details | Diff | Splinter Review
Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage
4.06 KB, patch
ehsan
: review+
Details | Diff | Splinter Review
Part 3: Override both lifetimePolicy and behavior in all cookie permission branches
2.61 KB, patch
ehsan
: review+
Details | Diff | Splinter Review 
In bug 1245595 comment 26, Ian noticed that sessionStorage (and other forms of storage) were being denied for first party pages, even when ACCESS_ALLOW_FIRST_PARTY_ONLY or ACCESS_LIMIT_THIRD_PARTY permissions were set for those pages.

This was because those permission options were being ignored by the storage allowed algorithm. This patch should change the algorithm to respect those permissions as overrides for the deny preference.
Comment on attachment 8858006 [details] [diff] [review]
Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*

Review of attachment 8858006 [details] [diff] [review]:
-----------------------------------------------------------------

Can you please add a test for this?  It seems bad that this wasn't caught by a test...
Attachment #8858006 - Flags: review?(ehsan) → review+
MozReview-Commit-ID: 6EI2eynexN0
Attachment #8858099 - Flags: review?(ehsan)
Comment on attachment 8858099 [details] [diff] [review]
Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage

Review of attachment 8858099 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!
Attachment #8858099 - Flags: review?(ehsan) → review+
Pushed by michael@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c5acd8a8058c
Part 1: Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*, r=ehsan
https://hg.mozilla.org/integration/mozilla-inbound/rev/26376d7421da
Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan
I had to back this out because I didn't realize it failed some tests on try.
Backout by michael@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/208114b8113e
backout due to failing test_localStorageSessionPrefOverride.html on try
Permissions should fully override the default behavior from preferences for
lifetimePolicy and cookie behavior. This is consistent with the previous
behaviour from before this bug was implemented.

MozReview-Commit-ID: 9FfOrN6XV6q
Attachment #8859226 - Flags: review?(ehsan)
Attachment #8859226 - Flags: review?(ehsan) → review+
Pushed by michael@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0a2fca8aa2e6
Part 1: Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*, r=ehsan
https://hg.mozilla.org/integration/mozilla-inbound/rev/10e9a5b8150c
Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan
https://hg.mozilla.org/integration/mozilla-inbound/rev/130a6cae4093
Part 3: Override both lifetimePolicy and behavior in all cookie permission branches, r=ehsan
Duplicate of this bug: 924231
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.