Enforce XFO and frame-ancestors in parent process if fission is enabled and in content if running in regular mode until we can determine whether a load results in a download in the parent process
Categories
(Core :: DOM: Security, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox70 | --- | unaffected |
firefox71 | --- | unaffected |
firefox72 | + | fixed |
People
(Reporter: handyman, Assigned: ckerschb)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [domsecurity-active])
Attachments
(1 file)
I am experiencing a lot of BSODs so I went to Dell's site to update drivers. The direct link includes my service code but the product page [1] leads directly to it when the code is entered. That takes me to a page where it asks to run their ServiceAssist app, which reports that I need to update some drivers. The "Download" button then says its starting the download but the "Download in progress" line spins at 0% forever. In contrast, both Chrome and Firefox 69 (the latest release I had installed) download the drivers as expected at this stage.
I had tried this with a new profile on nightly and it still failed. I also turned off tracking protection for the site and it still failed in the same way. I don't see anything useful in the consoles.
I'm not sure I'll be able to run this test again since I am installing the updates now but I can try if needed (I've been BSODing a lot.)
[1] https://www.dell.com/support/home/us/en/04/product-support/product/xps-15-9570-laptop/overview
Comment 1•5 years ago
|
||
I can reproduce this in Nightly. Web console shows this error message: "Load denied by X-Frame-Options: “SAMEORIGIN” from “https://dl.dell.com/FOLDER05869942M/2/MSPIP_V1.0.0.2_ZPE.exe…3d1d9c-c9eb-437d-7bcd-fb1dfdffb5e9&fn=MSPIP_V1.0.0.2_ZPE.exe”, site does not permit cross-origin framing from “https://www.dell.com/support/home/ca/en/cabsdt1/product-support/product/xps-15-9570-laptop/overview”."
Download works on Fx70.0.1.
Assignee | ||
Comment 2•5 years ago
|
||
This is a regression from Bug 1584998, I'll take a look ASAP.
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Pushed by aciure@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/432a6d44236d Enforce XFO and frame-ancestors in parent process if fission is enabled and in content if running in regular mode until we can determine whether a load results in a download in the parent process. r=bzbarsky,jkt
Comment 6•5 years ago
|
||
bugherder |
Updated•2 years ago
|
Description
•