Closed Bug 1581683 Opened 6 years ago Closed 6 years ago

First-party isolation allows sites with blocked site data to store localStorage

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Version:
71 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1556212

People

(Reporter: andrew, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

  1. Open Firefox with a new profile
  2. Visit Preferences → Privacy & Security → Cookies and Site Data → Manage Permissions…
  3. Add “https://mdn.github.io” with “Block” and press “Save Changes”
  4. Visit https://mdn.github.io/dom-examples/web-storage/
  5. Open Web Developer → Storage → Local Storage
  6. Observe that there is no local storage data.
  7. Open about:config and change privacy.firstparty.isolate to true
  8. Repeat steps (4) and (5)

Actual results:

There is local storage data despite being blocked in site settings. Tested on 69.0, 70.0b6, & 71.0a1.

Expected results:

No local storage data, as the site is blocked from saving site data.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Preferences
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.