Closed Bug 1531538 Opened 6 years ago Closed 6 years ago

Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

(Whiteboard: [anti-tracking])

Attachments

(1 file)

Bug 1531538 - Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked;
47 bytes, text/x-phabricator-request
Details | Review

Right now our implementation of the Storage Access API allows automatic short-lived temporary access grants. This is something that websites can detect reliably, i.e., they can detect whether Firefox granted this access based on our automated heuristic or not by timing how long it would take for the promise to get resolved and then looking inside the cookie jar to check whether they've called requestStorageAccess() successfully before.

In order to mitigate this, we should resolve the promise with a large random delay to make it indistinguishable from the user clicking on the prompt.

Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8cbf86043273 Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked; r=baku

https://hg.mozilla.org/mozilla-central/rev/8cbf86043273

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox67: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Assignee: nobody → ehsan
Depends on: 1603968
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: