Closed Bug 1504581 Opened 6 years ago Closed 6 years ago

Security testing of the Storage Access API

Categories

(Firefox Graveyard :: Security: Review Requests, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: pauljt, Assigned: freddy)

References

Details

(Whiteboard: testing)

In bug 1469714 we shipped the Storage Access API [1]. This bug is to consider doing security testing to validate the properties of this API, and check for implementation bugs. [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
Freddy, can you take a look into this and decide if testing is something which is worthwhile to pursue here?
Assignee: nobody → fbraun
Flags: needinfo?(fbraun)

I'm leaning towards closing this - the API itself seems low risk: the API doesnt grant any additional access to storage, rather it re-adds access for pages which have been blocked access to storage by tracking protection.

The most likely risk I see is that the API fails to work, and might break a website. Apart from the normal implementation risks, this doesn't seem like a particularly risky change.

Closing as WONTFIX, as suggested

Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(fbraun)
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.