Closed Bug 1474812 Opened Last year Closed Last year

No needs to store granted storage access in nsILoadInfo and in the inner window

Categories

(Firefox :: Security, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
Firefox 63
Tracking Status
firefox63 --- fixed

People

(Reporter: baku, Assigned: baku)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Instead, we can just use the permission manager.
This makes the code simpler and it fixes a bug where:

. tabA loading site.com with iframe(tracker.com)
. tabB loading site.com with iframe(tracker.com)

user interacts with tabA - tracker.com granting the permission to the first party storage. Tracker.com in tabB doesn't have access until the page is reloaded.

This bug is fixed here.
Attachment #8991222 - Flags: review?(ehsan)
Comment on attachment 8991222 [details] [diff] [review]
permissions.patch

Review of attachment 8991222 [details] [diff] [review]:
-----------------------------------------------------------------

Much better, thank you!

::: netwerk/base/nsILoadInfo.idl
@@ +878,5 @@
>    [noscript] readonly attribute nsIPrincipal sandboxedLoadingPrincipal;
>  
>    /**
> +   * Return the top-level storage area principal, which is the principal of
> +   * the parent window if it's not a 3rd party context, non tracking resource.

s/parent/top-level/
Attachment #8991222 - Flags: review?(ehsan) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/620bc27fbb62
No needs to store granted storage access in nsILoadInfo and in the inner window, r=ehsan
https://hg.mozilla.org/mozilla-central/rev/620bc27fbb62
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
Depends on: 1536110
No longer depends on: 1536110
Regressions: 1536110
You need to log in before you can comment on or make changes to this bug.