Closed Bug 1480131 Opened Last year Closed 11 months ago

AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels

Categories

(Core :: DOM: Security, defect, P2)

defect

Tracking

()

RESOLVED FIXED

People

(Reporter: baku, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1] [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

In this bug I want to add a topLevelPrincipal attribute in nsILoadInfo. This will be useful here, but also, in the merging of network.cookie.cookieBehavior and privacy_restrict3rdpartystorage_enabled pref.
Attached patch topLevelPrincipal.patch (obsolete) — Splinter Review
This patch is for Ehsan, when he is back from PTO.
Attachment #8996743 - Attachment is obsolete: true
Priority: -- → P2
Status: NEW → ASSIGNED
Component: DOM → DOM: Security
Whiteboard: [domsecurity-backlog1] [domsecurity-active]
Blocks: 1480780
Blocks: cookierestrictions
No longer blocks: 1480780
Attachment #8997080 - Flags: review?(ehsan)
Attachment #8997080 - Flags: review?(ehsan) → review+
This also needs a test...
Keywords: leave-open
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/6dfec7088c60
AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels; r=ehsan
Are you planning to write a test for this, Andrea?  Thanks!
Flags: needinfo?(amarchesini)
I already did here:
https://hg.mozilla.org/integration/mozilla-inbound/file/tip/dom/serviceworkers/test/browser_antitracking_subiframes.js

this test creates 2 nested iframes. The first one is controlled, the nested one is not. The 'antitracking' in the name is misleading: there are no trackers involved in that test.
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Flags: needinfo?(amarchesini)
Resolution: --- → FIXED
Thanks, great, sorry I didn't see that test!
You need to log in before you can comment on or make changes to this bug.