Closed Bug 1486185 Opened Last year Closed Last year

Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior

Categories

(Core :: DOM: Security, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(2 files)

No description provided.
Assignee: nobody → ehsan
Blocks: 1484788
Attachment #9003970 - Flags: review?(amarchesini) → review+
Attachment #9003969 - Flags: review?(amarchesini) → review+
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/83388bace8ff
Part 1: Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior; r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/fc7618dd27c9
Part 2: Ensure that anti-tracking tests are run in a mode where blocking is active but the top-level site is white-listed for content blocking; r=baku
:Ehsan Akhgari The TV failures just turned into tier 1 browser chrome failures with https://treeherder.mozilla.org/logviewer.html#?job_id=196094888&repo=mozilla-inbound so please consider this when looking at these issues.
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/27b7d1d053fb
Part 1: Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior; r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/8e9cb8f36114
Part 2: Ensure that anti-tracking tests are run in a mode where blocking is active but the top-level site is white-listed for content blocking; r=baku
Flags: needinfo?(ehsan)
Priority: -- → P1
Whiteboard: [domsecurity-active]
https://hg.mozilla.org/mozilla-central/rev/27b7d1d053fb
https://hg.mozilla.org/mozilla-central/rev/8e9cb8f36114
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
This is a follow-up to a discussion I had with Ehsan about why this is needed at all since channel classifications are supposed to take the Disable Protection button into account already.

I reverted https://hg.mozilla.org/mozilla-central/rev/27b7d1d053fb and rebuilt central, then I ran the tests and only one test failed:

$ ./mach test toolkit/components/antitracking
...
mochitest-browser
~~~~~~~~~~~~~~~~~
Ran 103 checks (3 tests, 100 subtests)
Expected results: 98
Unexpected results: 4
  subtest: 4 (4 fail)

Unexpected Results
------------------
toolkit/components/antitracking/test/browser/browser_blockingCookies.js
  FAIL Some cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
  FAIL Some cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
  FAIL We should have cookies - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
  FAIL Some Cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19

I re-ran that test with logging enabled:

$ export MOZ_LOG="nsChannelClassifier:3"
$ ./mach test toolkit/components/antitracking/test/browser/browser_blockingCookies.js
...
 0:14.85 INFO Starting blocking cookieBehavior (1) and blocking contentBlocking with allow list test Set/Get Cookies
 0:14.94 INFO Creating a new tab
...
 0:15.39 INFO Creating a 3rd party content
...
 0:15.48 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "resource://testing-common/content-task.js line 59 > eval" line: 32}]
 0:15.48 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61db00]: User override on channel[0x7f719fc21050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html)
 0:15.48 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61db00]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html on channel[0x7f719fc21050]
...
 0:15.55 INFO Sending code to the 3rd party content
 0:15.60 PASS No cookies for me - true == true - 
 0:15.60 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 2}]
 0:15.60 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d644cc0]: User override on channel[0x7f71a4e22050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs)
 0:15.60 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d644cc0]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs on channel[0x7f71a4e22050]
 0:15.63 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "http://example.net/browser/toolkit/components/antitracking/test/browser/page.html" line: 0}]
 0:15.65 PASS We should not have cookies - true == true - 
 0:15.65 FAIL Some cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
 0:15.65 FAIL Some cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 8}]
 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 9}]
 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 10}]
 0:15.65 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61b840]: User override on channel[0x7f71a4e0e050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs)
 0:15.65 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61b840]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs on channel[0x7f71a4e0e050]
 0:15.70 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "http://example.net/browser/toolkit/components/antitracking/test/browser/page.html" line: 0}]
 0:15.70 FAIL We should have cookies - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19
 0:15.70 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 16}]
 0:15.71 FAIL Some Cookies for me - false == true - 
Stack trace:
resource://testing-common/content-task.js line 59 > eval:msg:19

From there, I can see that:

- the user override is correctly identified during channel classification

- the only test failure is the case where third-party cookies are disabled entirely: network.cookie.cookieBehavior == 1 (dontAcceptForeign).

It makes sense that we need to check the user overrides directly because even though the channel is not classified as a tracker (due to the override), it's still third-party and this value of cookieBehavior will block all third-party cookies.

In other words, this bug is needed but badly named because this is fixing the case where ALL third-party cookies are rejected. The case where only 3rd-party TRACKING cookies are rejected was already working fine without this patch.
Thanks a lot for the thorough analysis, this makes perfect sense now and explains very well why fastblock wasn't affected by this.
Depends on: 1493357
You need to log in before you can comment on or make changes to this bug.