Closed Bug 1480131 Opened 6 years ago Closed 6 years ago

AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: baku, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1] [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

topLevelPrincipal.patch
16.39 KB, patch
ehsan.akhgari
: review+
Details | Diff | Splinter Review 
In this bug I want to add a topLevelPrincipal attribute in nsILoadInfo. This will be useful here, but also, in the merging of network.cookie.cookieBehavior and privacy_restrict3rdpartystorage_enabled pref.
Attached patch topLevelPrincipal.patch (obsolete) — Splinter Review 
This patch is for Ehsan, when he is back from PTO.

        Attachment #8996743 -
        Attachment is obsolete: true
Priority: -- → P2

    
  
Status: NEW → ASSIGNED
Component: DOM → DOM: Security
Whiteboard: [domsecurity-backlog1] [domsecurity-active]

    
  
Blocks: 1480780

    
  
Blocks: cookierestrictions
No longer blocks: 1480780

    
  

        Attachment #8997080 -
        Flags: review?(ehsan)

    
  

        Attachment #8997080 -
        Flags: review?(ehsan) → review+

    
    

    
  
This also needs a test...
Keywords: leave-open

    
    

    
  
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/6dfec7088c60
AntiTrackingCommon::IsFirstPartyStorageAccessGrantFor() should not grant permission to sub-sub-iframe channels; r=ehsan

    
    

    
  
Are you planning to write a test for this, Andrea?  Thanks!
Flags: needinfo?(amarchesini)

    
    

    
  
I already did here:
https://hg.mozilla.org/integration/mozilla-inbound/file/tip/dom/serviceworkers/test/browser_antitracking_subiframes.js

this test creates 2 nested iframes. The first one is controlled, the nested one is not. The 'antitracking' in the name is misleading: there are no trackers involved in that test.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(amarchesini)
Resolution: --- → FIXED

    
    

    
  
Thanks, great, sorry I didn't see that test!

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: