Closed Bug 1580189 Opened 5 years ago Closed 5 years ago

"Allow Location Access" permission is kept even if previously removed from Permissions Panel

Categories

(Firefox :: Site Identity, defect, P1)

Product:
Firefox
Component:
Site Identity
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 71
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- wontfix
firefox71 --- verified

People

(Reporter: cbadau, Assigned: pbz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files)

issue geolocation.mp4
1.86 MB, video/mp4
Details
Bug 1580189 - Clear geolocation permission for sub-frames with active sharing state. r=johannh
47 bytes, text/x-phabricator-request
Details | Review
Attached video issue geolocation.mp4

Affected versions

  • Firefox 70 Beta 5
  • latest Nightly 71.0a1 (2019-09-09)

Affected platforms

  • Ubuntu 18.04 x64
  • Windows 8.1 x64
  • macOS 10.13

Steps to reproduce

  1. Launch Firefox and go to https://goo.gl/oosgTZ.
  2. Click on "Show my location".
  3. Check "Remember this decision" and select "Allow Location Access" from doorhanger.
  4. Refresh the page and click again "Show my location".
  5. Open the Permissions Panel from Toolbar and clear ("X") the permission "Access your location".
  6. Refresh the page and click again "Show my location".

Expected result

  • The doorhanger asking for permission to share location appears (with "Allow Location Access" and "Don't Allow" options).

Actual result

  • The doorhanger asking for permission to share location isn't displayed. The "Allow you location" is still allowed in Permissions Panel (and in about:preferences#privacy -> Permissions -> Location). Please see "issue geolocation.mp4".

Regression range

Additional notes

  • On Firefox 69 RC, I can't reproduce the issue because there I don't have "Access your location" in Permissions Panel.
Has Regression Range: --- → yes
Has STR: --- → yes

This affects sites with iframes where the iframe is granted geo-location permission. I think the site identity code fails to clear the permission, because the permission manager is called with the top level principal.
I'll look into this further.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Priority: -- → P1
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e6f9d4a2f40c
Clear geolocation permission for sub-frames with active sharing state. r=johannh

https://hg.mozilla.org/mozilla-central/rev/e6f9d4a2f40c

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 71

Verified fixed on Windows 7 x64, Ubuntu 18.04 x64 and macOS 10.14 using latest Nightly 71.0a1 (2019-09-27).

status-firefox71: fixedverified

Is this something we should consider uplifting to Beta for Fx70 or can this fix ride Fx71 to release?

Flags: needinfo?(pbz)

While it would be low risk uplifting, I don't think the issue is that critical. What do you think Johann?

Flags: needinfo?(pbz) → needinfo?(jhofmann)

Considering that websites rarely use iframes for geolocation prompting I think we can let this ride the trains and take the regression for one release.

Flags: needinfo?(jhofmann)

wontfix for 70 per comments 7 and 8.

status-firefox70: affectedwontfix
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: