Closed Bug 1531538 Opened 1 year ago Closed 1 year ago

Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla67
Tracking Status
firefox67 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

(Whiteboard: [anti-tracking])

Attachments

(1 file)

Right now our implementation of the Storage Access API allows automatic short-lived temporary access grants. This is something that websites can detect reliably, i.e., they can detect whether Firefox granted this access based on our automated heuristic or not by timing how long it would take for the promise to get resolved and then looking inside the cookie jar to check whether they've called requestStorageAccess() successfully before.

In order to mitigate this, we should resolve the promise with a large random delay to make it indistinguishable from the user clicking on the prompt.

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8cbf86043273
Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked; r=baku
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Depends on: 1603968
You need to log in before you can comment on or make changes to this bug.