Closed Bug 1475708 Opened 5 years ago Closed 5 years ago

Block setting cookies from trackers when restricting 3rd party storage

Categories

(Core :: DOM: Core & HTML, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

I highlighted this in my review comments in bug 1474651 but it was ignored.  Right now we allow attackers to set cookies using document.cookie in 3rd party contexts.
Attachment #8992097 - Attachment is obsolete: true
Attachment #8992097 - Flags: review?(amarchesini)
Blocks: 1461921
No longer blocks: 1474651
Attachment #8992098 - Flags: review?(amarchesini) → review+
Keywords: checkin-needed
I couldn't land your patch. Ehsan: Please set the issues opened by the reviewer as fixed by commit so review board allows to land them. Thank you.
Flags: needinfo?(ehsan)
Pushed by ebalazs@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5f39a82a042e
Block setting cookies using document.cookie when restricting 3rd party storage; r=baku
Keywords: checkin-needed
Flags: needinfo?(ehsan)
(In reply to Eliza Balazs [:ebalazs_] from comment #3)
> I couldn't land your patch. Ehsan: Please set the issues opened by the
> reviewer as fixed by commit so review board allows to land them. Thank you.

Hi Eliza, not sure what issue was the problem here, but looks like the right patch was pushed, so thanks a lot!  Let me know if any further action is needed on my part.  :-)
https://hg.mozilla.org/mozilla-central/rev/5f39a82a042e
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.