Closed Bug 1486185 Opened 6 years ago Closed 6 years ago

Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior

Categories

(Core :: DOM: Security, enhancement, P1)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox63 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(2 files)

Part 1: Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior
6.12 KB, patch
baku
: review+
Details | Diff | Splinter Review
Part 2: Ensure that anti-tracking tests are run in a mode where blocking is active but the top-level site is white-listed for content blocking
11.89 KB, patch
baku
: review+
Details | Diff | Splinter Review
No description provided.
Assignee: nobody → ehsan
Blocks: 1484788
Attachment #9003970 - Flags: review?(amarchesini) → review+
Attachment #9003969 - Flags: review?(amarchesini) → review+
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/83388bace8ff Part 1: Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior; r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/fc7618dd27c9 Part 2: Ensure that anti-tracking tests are run in a mode where blocking is active but the top-level site is white-listed for content blocking; r=baku
:Ehsan Akhgari The TV failures just turned into tier 1 browser chrome failures with https://treeherder.mozilla.org/logviewer.html#?job_id=196094888&repo=mozilla-inbound so please consider this when looking at these issues.
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/27b7d1d053fb Part 1: Make the Disable Protection button in the control centre UI work for the reject tracker cookie behavior; r=baku https://hg.mozilla.org/integration/mozilla-inbound/rev/8e9cb8f36114 Part 2: Ensure that anti-tracking tests are run in a mode where blocking is active but the top-level site is white-listed for content blocking; r=baku
Flags: needinfo?(ehsan)
Priority: -- → P1
Whiteboard: [domsecurity-active]
https://hg.mozilla.org/mozilla-central/rev/27b7d1d053fb https://hg.mozilla.org/mozilla-central/rev/8e9cb8f36114
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
This is a follow-up to a discussion I had with Ehsan about why this is needed at all since channel classifications are supposed to take the Disable Protection button into account already. I reverted https://hg.mozilla.org/mozilla-central/rev/27b7d1d053fb and rebuilt central, then I ran the tests and only one test failed: $ ./mach test toolkit/components/antitracking ... mochitest-browser ~~~~~~~~~~~~~~~~~ Ran 103 checks (3 tests, 100 subtests) Expected results: 98 Unexpected results: 4 subtest: 4 (4 fail) Unexpected Results ------------------ toolkit/components/antitracking/test/browser/browser_blockingCookies.js FAIL Some cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 FAIL Some cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 FAIL We should have cookies - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 FAIL Some Cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 I re-ran that test with logging enabled: $ export MOZ_LOG="nsChannelClassifier:3" $ ./mach test toolkit/components/antitracking/test/browser/browser_blockingCookies.js ... 0:14.85 INFO Starting blocking cookieBehavior (1) and blocking contentBlocking with allow list test Set/Get Cookies 0:14.94 INFO Creating a new tab ... 0:15.39 INFO Creating a 3rd party content ... 0:15.48 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "resource://testing-common/content-task.js line 59 > eval" line: 32}] 0:15.48 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61db00]: User override on channel[0x7f719fc21050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html) 0:15.48 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61db00]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html on channel[0x7f719fc21050] ... 0:15.55 INFO Sending code to the 3rd party content 0:15.60 PASS No cookies for me - true == true - 0:15.60 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 2}] 0:15.60 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d644cc0]: User override on channel[0x7f71a4e22050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs) 0:15.60 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d644cc0]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs on channel[0x7f71a4e22050] 0:15.63 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "http://example.net/browser/toolkit/components/antitracking/test/browser/page.html" line: 0}] 0:15.65 PASS We should not have cookies - true == true - 0:15.65 FAIL Some cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 0:15.65 FAIL Some cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 8}] 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 9}] 0:15.65 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 10}] 0:15.65 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61b840]: User override on channel[0x7f71a4e0e050] (https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs) 0:15.65 GECKO(1024) [Parent 1024: Main Thread]: I/nsChannelClassifier nsChannelClassifier[0x7f719d61b840]: Classifying principal https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs on channel[0x7f71a4e0e050] 0:15.70 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/server.sjs” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "http://example.net/browser/toolkit/components/antitracking/test/browser/page.html" line: 0}] 0:15.70 FAIL We should have cookies - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 0:15.70 INFO Console message: [JavaScript Warning: "Request to access cookie or storage on “https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled." {file: "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/3rdParty.html line 23 > eval" line: 16}] 0:15.71 FAIL Some Cookies for me - false == true - Stack trace: resource://testing-common/content-task.js line 59 > eval:msg:19 From there, I can see that: - the user override is correctly identified during channel classification - the only test failure is the case where third-party cookies are disabled entirely: network.cookie.cookieBehavior == 1 (dontAcceptForeign). It makes sense that we need to check the user overrides directly because even though the channel is not classified as a tracker (due to the override), it's still third-party and this value of cookieBehavior will block all third-party cookies. In other words, this bug is needed but badly named because this is fixing the case where ALL third-party cookies are rejected. The case where only 3rd-party TRACKING cookies are rejected was already working fine without this patch.
Thanks a lot for the thorough analysis, this makes perfect sense now and explains very well why fastblock wasn't affected by this.
Depends on: 1493357
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: