WebExtension storage permissions requested when Site Permissions are cleared on exit

VERIFIED FIXED in Firefox 69

Status

defect
P3
normal
VERIFIED FIXED
Last year
Last month

People

(Reporter: sneakypete81, Assigned: rpl)

Tracking

59 Branch
mozilla69
Points:
---

Firefox Tracking Flags

(firefox69 verified)

Details

Attachments

(4 attachments)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180323154952

Steps to reproduce:

* Create a new profile.
* In about:preferences#privacy, set "Firefox will use custom setting for history", set "clear history when Firefox closes" and in "Settings" set the option "Data Preferences".
* Restart Firefox.
* Open a moz-extension:// URL that requests an IndexedDB entry (eg. click a link in the Update Scanner sidebar (https://addons.mozilla.org/firefox/addon/update-scanner/).



Actual results:

Popup asking "Will you allow {GUID} to store data on your computer?
If "Don't store" is clicked, the IndexedDB requests fail.


Expected results:

No popup shown, since this WebExtension has storage permissions set in its manifest.
Somewhat similar to Bug 1313401 and Bug 1313401.
Hello Pete,

I tested this issue on Mac OS X 10.13 with FF Nightly 61.0a1(2018-04-17) and I can't reproduce this. Please note that in "Settings" there is no "Data Preferences" only under "Data" the option "Site Preferences", you are referring to this?

Can you please try to reproduce this Nightly version and see what are the results? You can download it from here: https://nightly.mozilla.org/

This might be a duplicate of bug 1313401.
Component: Untriaged → WebExtensions: Storage
Flags: needinfo?(sneakypete81)
Product: Firefox → Toolkit
See Also: → 1313401
(In reply to Pete from comment #1)
> Somewhat similar to Bug 1313401 and Bug 1313401.

Is that a typo? You wanted to refer to TWO bugs, right?
(In reply to Simon Mainey from comment #3)
> (In reply to Pete from comment #1)
> > Somewhat similar to Bug 1313401 and Bug 1313401.
> 
> Is that a typo? You wanted to refer to TWO bugs, right?

Right, sorry about that. The other was Bug 1427986.
(In reply to ovidiu boca[:Ovidiu] from comment #2)
> Please note that in "Settings" there is no "Data
> Preferences" only under "Data" the option "Site Preferences", you are
> referring to this?

I must have been tired. Yes, I meant "Site Preferences".

> Can you please try to reproduce this Nightly version and see what are the
> results? You can download it from here: https://nightly.mozilla.org/

Reproduced on Mac OS X 10.13.3 with Nightly 61.0a1(2018-04-17) x64. The steps I gave above were a bit incomplete, it's necessary to completely restart Firefox after installing the Addon that uses IndexedDB:

* Create a new profile.

* In about:preferences#privacy, set "Firefox will use custom setting for history", set "clear history when Firefox closes" and in "Settings" set the option "Site Preferences".

* Install an addon that exposes a moz-extension:// URL that requests an IndexedDB entry (eg. Update Scanner v4.3.0 from https://addons.mozilla.org/firefox/downloads/file/924765/update_scanner-4.3.0-an+fx.xpi).

* Restart Firefox.

* Open a moz-extension:// URL that requests an IndexedDB entry (eg. click a link in the Update Scanner sidebar).
Flags: needinfo?(sneakypete81)
Experiencing this in Nightly build ID 20180530220105 on my everyday user profile. I rely on this extension. Seems to work again if I reconnect to one of the pages in the sidebar. Not sure if this works through the whole list of pages, however. On restarting twice a day to implement the Nightly updates, the Update Scanner connection to IndexDB are NOT persistant, and requires me to repeat this process.
Hmmm, I've created a new profile inside the last 5 days and this is no longer reproducing. I've upgraded, restarted, even rebooting my laptop. Current build id 20180604220149.
Product: Toolkit → WebExtensions
Apologies for the delay: please re-open if you can still reproduce.
Status: UNCONFIRMED → RESOLVED
Closed: 11 months ago
Resolution: --- → WORKSFORME
Hi, I can still reproduce the issue[1]. Tested with Brief[2] on Nightly 64.0a1 (2018-09-13) and with similar STR as in the description.

[1] https://i.imgur.com/LF2JDMI.png
[2] https://addons.mozilla.org/en-US/firefox/addon/brief/
I can still reproduce the issue in 65.0a1 (2018-11-07). Requesting reopening because I don't have editbug privs.
Flags: needinfo?(ddurst)
(In reply to Bruce from comment #11)
> I can still reproduce the issue in 65.0a1 (2018-11-07). Requesting reopening
> because I don't have editbug privs.

Can you verify and put your STR here? Preferably the results that you've seen already and verified that it's reproducible with a new profile.
Flags: needinfo?(ddurst) → needinfo?(ampersand100000)
(In reply to David Durst [:ddurst] (Regression Engineering Owner for 63) from comment #12)
> Can you verify and put your STR here? Preferably the results that you've
> seen already and verified that it's reproducible with a new profile.

STR:
1. Launch fresh profile on 65.0a1 (2018-11-08).
2. Configure as thus:
   a) Nightly will `Use custom settings for history`
   b) Clear history when Nightly closes > Settings > check `Site Preferences`
3. Install Brief from https://addons.mozilla.org/en-US/firefox/addon/brief/. The installation doorhanger requires you to grant it the `Store unlimited amount of client-side data` permission, among others.
4. Restart Nightly.
5. Click Brief's browser action.

AR: A prompt pops up asking `Will you allow Brief to store data in persistent storage?` Please see attachment.

ER: No such prompt. I had already granted that permission at the time of installation.
Flags: needinfo?(ampersand100000)
Reproduces only with the pref privacy.clearOnShutdown.offlineApps set to true. Or via the preferences UI it's checked:

about:preferences >> Privacy & Security >> History >> Clear history when [Fx version] closes (checked) >> Settings >> Offline Website Data (checked)

I personally perceive this behaviour to be as expected with that pref setting. 

Tested & reproduced in current Release channel (63.0.3), Beta (64.0b10), Nightly (65.0a1 aka Build ID 20181116220054). Update Scanner addon functions normally, with this pref in about:config set to false, or about:preferences set to unchecked.
(In reply to David Ross from comment #14)
> Reproduces only with the pref privacy.clearOnShutdown.offlineApps set to
> true. Or via the preferences UI it's checked:
> 
> about:preferences >> Privacy & Security >> History >> Clear history when [Fx
> version] closes (checked) >> Settings >> Offline Website Data (checked)

For me, the permission setting prompt only shows up when I check `Site Preferences` (same as setting privacy.clearOnShutdown.siteSettings;true). It did not show up when I checked `Offline Website Data` (while having `Site Preferences` unchecked). This is as expected because site permissions are indeed saved as site preferences[1].

> I personally perceive this behaviour to be as expected with that pref
> setting.

I disagree. Extensions aren't websites. The fact that they use many of the same technologies is an implementation detail. I also can't think of why anybody would like to reset their extension permissions at shut down.

>Tested & reproduced in current Release channel (63.0.3), Beta (64.0b10),
>Nightly (65.0a1 aka Build ID 20181116220054). Update Scanner addon
>functions normally, with this pref in about:config set to false, or
>about:preferences set to unchecked.

Sorry, but I can reproduce the permission prompt with my STR but not with yours. Please see attachment. Screenshot taken on Nightly 20181118100100, with Update Scanner[2] v4.3.1.

Setting ni for the STR in comment 13.

[1]https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_what-things-are-included-in-my-history
[2]https://addons.mozilla.org/en-US/firefox/addon/update-scanner/
Flags: needinfo?(ddurst)
> Extensions aren't websites. The fact that they use many of the same technologies is an implementation detail.
> I also can't think of why anybody would like to reset their extension permissions at shut down.

I agree - an extension with "storage" permissions should always be able to access IndexedDB, regardless of website permission settings.

STR in comment 5 still reproduce the issue using 65.0a1 (2018-11-18) (64-bit) on macOS 10.4.1, Update Scanner v4.3.1.
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(ddurst)
Resolution: WORKSFORME → ---
Flags: needinfo?(lgreco)
Priority: -- → P3

I just attached a patch with a proposed fix and a new xpcshell test.

Assignee: nobody → lgreco
Status: REOPENED → ASSIGNED
Flags: needinfo?(lgreco)
Pushed by luca.greco@alcacoop.it:
https://hg.mozilla.org/integration/autoland/rev/59d16aa9ea9a
Add expected storage site permissions to extensions if missing on APP_STARTUP. r=mixedpuppy
Status: ASSIGNED → RESOLVED
Closed: 11 months ago3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69

Verified in Win7x64 and Ubuntu 14.0.4 FF70.0a1(20190709153742) and 69.0b3
I have used the steps provided in comment 13 and the issue is no longer reproducing. The prompt is no longer displayed.

Marking bug as verified fixed.

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.