Update the storage access flag when storage access is granted/denied

RESOLVED FIXED in Firefox 64

Status

()

enhancement
P2
normal
RESOLVED FIXED
8 months ago
2 months ago

People

(Reporter: Ehsan, Assigned: Ehsan)

Tracking

unspecified
mozilla64
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox64 fixed)

Details

Attachments

(1 attachment)

Assignee

Description

8 months ago
Consider the following scenario:

  1. example.com embeds two iframes from tracker.example.
  2. The first iframe calls requestStorageAccess() to obtain storage access.
  3. The second iframe will be left without storage access.

Right now we would automatically grant the second iframe storage access if it navigated to tracker.example after step 2 but not before.
Despite what we discussed today, this seems to work. See: https://senglehardt.com/test/storage_access/
Assignee

Comment 2

8 months ago
Yes, this works right now because we do a permission check in hasStorageAccess(): https://searchfox.org/mozilla-central/rev/1ce4e8a5601da8e744ca6eda69e782318afab54d/dom/base/nsDocument.cpp#13683

But it turns out that this isn't the right way to implement this, since doing this permission check means that when the subframe navigates away we can't easily revoke its access (since the access will continue to appear to be granted due to the permission check.)

So the proper way to implement this is to really look for permission change notifications and update our state accordingly.
Assignee

Updated

8 months ago
Blocks: 1498591
Assignee

Comment 3

8 months ago
I have a patch for this.  The patch itself doesn't include a test, but it is already being tested in browser_storageAccessWithHeuristics.js.  The hunk in nsIDocument::HasStorageAccess() being removed causes that test to fail, the rest of the patch makes it pass again.
Priority: -- → P2

Comment 5

7 months ago
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e362c18e1830
Update the storage access flag when storage access is granted/denied r=baku

Comment 6

7 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/e362c18e1830
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.