Closed
Bug 1504581
Opened 6 years ago
Closed 5 years ago
Security testing of the Storage Access API
Categories
(Firefox Graveyard :: Security: Review Requests, enhancement)
Firefox Graveyard
Security: Review Requests
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: pauljt, Assigned: freddy)
References
Details
(Whiteboard: testing)
In bug 1469714 we shipped the Storage Access API [1]. This bug is to consider doing security testing to validate the properties of this API, and check for implementation bugs. [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
|
Reporter | |
Comment 1•6 years ago
|
||
Freddy, can you take a look into this and decide if testing is something which is worthwhile to pursue here?
Assignee: nobody → fbraun
|
|
Reporter | |
Updated•6 years ago
|
Flags: needinfo?(fbraun)
|
|
Reporter | |
Comment 2•5 years ago
|
||
I'm leaning towards closing this - the API itself seems low risk: the API doesnt grant any additional access to storage, rather it re-adds access for pages which have been blocked access to storage by tracking protection.
The most likely risk I see is that the API fails to work, and might break a website. Apart from the normal implementation risks, this doesn't seem like a particularly risky change.
|
Assignee | |
Comment 3•5 years ago
|
||
Closing as WONTFIX, as suggested
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(fbraun)
Resolution: --- → WONTFIX
|
||
Updated•4 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•