Closed
Bug 1356277
Opened 4 years ago
Closed 4 years ago
Respect permissions ACCESS_ALLOW_FIRST_PARTY_ONLY and ACCESS_LIMIT_THIRD_PARTY in nsContentUtils::StorageAllowedFor
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox55 | --- | fixed |
People
(Reporter: nika, Assigned: nika)
References
Details
Attachments
(3 files)
6.64 KB,
patch
|
ehsan
:
review+
|
Details | Diff | Splinter Review |
4.06 KB,
patch
|
ehsan
:
review+
|
Details | Diff | Splinter Review |
2.61 KB,
patch
|
ehsan
:
review+
|
Details | Diff | Splinter Review |
In bug 1245595 comment 26, Ian noticed that sessionStorage (and other forms of storage) were being denied for first party pages, even when ACCESS_ALLOW_FIRST_PARTY_ONLY or ACCESS_LIMIT_THIRD_PARTY permissions were set for those pages. This was because those permission options were being ignored by the storage allowed algorithm. This patch should change the algorithm to respect those permissions as overrides for the deny preference.
Assignee | ||
Comment 1•4 years ago
|
||
MozReview-Commit-ID: 7TQSFk7EGmk
Attachment #8858006 -
Flags: review?(ehsan)
Comment 2•4 years ago
|
||
Comment on attachment 8858006 [details] [diff] [review] Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor* Review of attachment 8858006 [details] [diff] [review]: ----------------------------------------------------------------- Can you please add a test for this? It seems bad that this wasn't caught by a test...
Attachment #8858006 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 3•4 years ago
|
||
MozReview-Commit-ID: 6EI2eynexN0
Attachment #8858099 -
Flags: review?(ehsan)
Comment 4•4 years ago
|
||
Comment on attachment 8858099 [details] [diff] [review] Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage Review of attachment 8858099 [details] [diff] [review]: ----------------------------------------------------------------- Thanks!
Attachment #8858099 -
Flags: review?(ehsan) → review+
Pushed by michael@thelayzells.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/c5acd8a8058c Part 1: Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*, r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/26376d7421da Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan
Assignee | ||
Comment 6•4 years ago
|
||
I had to back this out because I didn't realize it failed some tests on try.
Backout by michael@thelayzells.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/208114b8113e backout due to failing test_localStorageSessionPrefOverride.html on try
Assignee | ||
Comment 8•4 years ago
|
||
Permissions should fully override the default behavior from preferences for lifetimePolicy and cookie behavior. This is consistent with the previous behaviour from before this bug was implemented. MozReview-Commit-ID: 9FfOrN6XV6q
Attachment #8859226 -
Flags: review?(ehsan)
Updated•4 years ago
|
Attachment #8859226 -
Flags: review?(ehsan) → review+
Pushed by michael@thelayzells.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0a2fca8aa2e6 Part 1: Respect ALLOW_FIRST_PARTY_ONLY and LIMIT_THIRD_PARTY permissions in StorageAllowedFor*, r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/10e9a5b8150c Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/130a6cae4093 Part 3: Override both lifetimePolicy and behavior in all cookie permission branches, r=ehsan
Comment 10•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/0a2fca8aa2e6 https://hg.mozilla.org/mozilla-central/rev/10e9a5b8150c https://hg.mozilla.org/mozilla-central/rev/130a6cae4093
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Updated•2 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•