Closed Bug 1480131 Opened 7 years ago Closed 7 years ago

AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: baku, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1] [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

topLevelPrincipal.patch
16.39 KB, patch
ehsan.akhgari
: review+
Details | Diff | Splinter Review
In this bug I want to add a topLevelPrincipal attribute in nsILoadInfo. This will be useful here, but also, in the merging of network.cookie.cookieBehavior and privacy_restrict3rdpartystorage_enabled pref.
Attached patch topLevelPrincipal.patch (obsolete) — Splinter Review
This patch is for Ehsan, when he is back from PTO.
Attachment #8996743 - Attachment is obsolete: true
Priority: -- → P2
Status: NEW → ASSIGNED
Component: DOM → DOM: Security
Whiteboard: [domsecurity-backlog1] [domsecurity-active]
Blocks: 1480780
Blocks: cookierestrictions
No longer blocks: 1480780
Attachment #8997080 - Flags: review?(ehsan)
Attachment #8997080 - Flags: review?(ehsan) → review+
This also needs a test...
Keywords: leave-open
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/6dfec7088c60 AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels; r=ehsan
Are you planning to write a test for this, Andrea? Thanks!
Flags: needinfo?(amarchesini)
I already did here: https://hg.mozilla.org/integration/mozilla-inbound/file/tip/dom/serviceworkers/test/browser_antitracking_subiframes.js this test creates 2 nested iframes. The first one is controlled, the nested one is not. The 'antitracking' in the name is misleading: there are no trackers involved in that test.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(amarchesini)
Resolution: --- → FIXED
Thanks, great, sorry I didn't see that test!
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: