Closed
Bug 1497192
Opened 6 years ago
Closed 6 years ago
Grant storage access after a window.open if interacted
Categories
(Core :: DOM: Security, enhancement, P2)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1494476
People
(Reporter: baku, Assigned: baku)
Details
(Whiteboard: [domsecurity-active])
Attachments
(3 files, 1 obsolete file)
3.21 KB,
patch
|
ehsan.akhgari
:
review-
|
Details | Diff | Splinter Review |
2.95 KB,
patch
|
ehsan.akhgari
:
review-
|
Details | Diff | Splinter Review |
9.05 KB,
patch
|
ehsan.akhgari
:
review-
|
Details | Diff | Splinter Review |
When a 3rd party context does a window.open(), AntiTrackingCommon should grant storage access permission only if the opener has already been interacted.
Assignee | ||
Comment 1•6 years ago
|
||
Waiting for ehsan.
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #9015235 -
Attachment is obsolete: true
Assignee | ||
Comment 3•6 years ago
|
||
Assignee | ||
Comment 4•6 years ago
|
||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Assignee | ||
Updated•6 years ago
|
Attachment #9015245 -
Flags: review?(ehsan)
Assignee | ||
Updated•6 years ago
|
Attachment #9015246 -
Flags: review?(ehsan)
Assignee | ||
Updated•6 years ago
|
Attachment #9015261 -
Flags: review?(ehsan)
Comment 5•6 years ago
|
||
Sorry for the long delay, I looked at these patches last week and for some reason I thought I responded to the review comments, just realized I never did. :-( I think the approach that I took in bug 1494476 is better overall, since it handles things centrally in AddFirstPartyStorageAccessGrantedFor() so there is no way for anything to skip our interaction checks. Also the testing approach I took in that bug is much more exhaustive. The tests there ensure that first off, you don't have storage access before user interaction has been obtained, then they proceed to obtain user interaction as a first party and then they retry the storage access and assert that the second time the storage access attempts succeed, and I made sure that all test paths go through this double retry round. With that in mind, your patches here are a subset of what has already landed. So I'm gonna dupe this bug and r- your patches. Sorry that we duplicated work. :-)
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Attachment #9015245 -
Flags: review?(ehsan) → review-
Updated•6 years ago
|
Attachment #9015246 -
Flags: review?(ehsan) → review-
Updated•6 years ago
|
Attachment #9015261 -
Flags: review?(ehsan) → review-
You need to log in
before you can comment on or make changes to this bug.
Description
•