Closed Bug 1497192 Opened 6 years ago Closed 6 years ago

Grant storage access after a window.open if interacted

Categories

(Core :: DOM: Security, enhancement, P2)

enhancement

Tracking

()

RESOLVED DUPLICATE of bug 1494476

People

(Reporter: baku, Assigned: baku)

Details

(Whiteboard: [domsecurity-active])

Attachments

(3 files, 1 obsolete file)

When a 3rd party context does a window.open(), AntiTrackingCommon should grant storage access permission only if the opener has already been interacted.
Attached patch part 1 - user-interaction check (obsolete) — Splinter Review
Waiting for ehsan.
Attachment #9015235 - Attachment is obsolete: true
Attached patch part 2 - testsSplinter Review
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Attachment #9015245 - Flags: review?(ehsan)
Attachment #9015246 - Flags: review?(ehsan)
Attachment #9015261 - Flags: review?(ehsan)
Sorry for the long delay, I looked at these patches last week and for some reason I thought I responded to the review comments, just realized I never did.  :-(

I think the approach that I took in bug 1494476 is better overall, since it handles things centrally in AddFirstPartyStorageAccessGrantedFor() so there is no way for anything to skip our interaction checks.  Also the testing approach I took in that bug is much more exhaustive.  The tests there ensure that first off, you don't have storage access before user interaction has been obtained, then they proceed to obtain user interaction as a first party and then they retry the storage access and assert that the second time the storage access attempts succeed, and I made sure that all test paths go through this double retry round.

With that in mind, your patches here are a subset of what has already landed.

So I'm gonna dupe this bug and r- your patches.  Sorry that we duplicated work.  :-)
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Attachment #9015245 - Flags: review?(ehsan) → review-
Attachment #9015246 - Flags: review?(ehsan) → review-
Attachment #9015261 - Flags: review?(ehsan) → review-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: