Flash permissions for framed pages set for framed principal but checked using top page principal (e.g. facebook apps)
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox-esr68 unaffected, firefox70 wontfix, firefox71 verified, firefox72 verified)
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox70 | --- | wontfix |
| firefox71 | --- | verified |
| firefox72 | --- | verified |
People
(Reporter: ajpeavler, Assigned: Gijs)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
I was following bug 1581664, which is verified as "fixed," and was requested to file a new bug because it's still not working for me. It's not a big deal to me but if it's not working for me it still might be a problem for others. I play a couple of Facebook games which use Flash and I now have to "allow" Flash every time I visit the page or refresh the page, even if it's only been a couple of minutes and even though the browser was not closed.
I was asked on the other thread to provide the following information:
Website with the problem: https://apps.facebook.com/bejeweledblitz/?fb_source=bookmark&ref=bookmarks&count=40&fb_bmpos=_40 also this website: https://apps.facebook.com/solitaireblitz/?fb_source=canvas_bookmark I think this might apply to everything for https://apps.facebook.com, because previously when I temporarily allowed Flash player, I could switch from Bejeweled Blitz to Solitaire Blitz without having to re-allow Flash.
OS I'm using: Windows 10 Pro version 1903 build 18362.418
This is a brand new laptop purchased in April, 64 bit OS and 64 bit processor, Intel Core i5-7200U @ 2.50 GHz 2.760 GHz and 16.0 GB of RAM.
Version of Flash: 32.0.0.270 NPAPI version. The PPAPI version says "Not Installed." I have Firefox as my default browser and am using version 70.0.1; there are no updates available for either Firefox or Adobe Flash Player.
Actual results:
If I go to one of these game pages on Facebook and need to refresh my the page in my browser, I always need to re-allow Flash Player. This happens even if I have been on the page only a couple of minutes. If I navigate out of the game page and then back to the page, I also need to re-allow Flash Player.
Expected results:
I expected that Flash Player would still load whenever I refreshed or otherwise re-accessed the page for the duration of my browser session (in other words, until I closed and re-opened the browser).
|
||
Comment 1•5 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
|
||
Comment 2•5 years ago
|
||
Thanks for reporting this bug.
I'm not able to test it because, for some reason, Facebook thinks I don't have Flash installed I can successfully activate Flash on other sites, such as https://helpx.adobe.com/flash-player.html and http://www.zombo.com/. I'm not sure what is different about my Firefox configuration. I have the same Flash version as you (32.0.0.270) and Windows 10.
|
Assignee | |
Comment 3•5 years ago
|
||
I can reproduce this. It seems we're setting the permission for the frame containing the flash document (which makes sense to me), but we check it using the toplevel frame (which then obviously doesn't work, because they're different - the toplevel page is apps.facebook.com, the game itself is on awspopcap.com).
I suspect this is a regression from bug 1505913. I'll try to look at this later this week.
|
|
||
Updated•5 years ago
|
(In reply to :Gijs (he/him) from comment #3)
I can reproduce this. It seems we're setting the permission for the frame containing the flash document (which makes sense to me), but we check it using the toplevel frame (which then obviously doesn't work, because they're different - the toplevel page is apps.facebook.com, the game itself is on
awspopcap.com).I suspect this is a regression from bug 1505913. I'll try to look at this later this week.
This makes a lot of sense, because previously when I allowed Bejeweled Blitz I did not need to re-allow Flash for Solitaire Blitz when I switched games within the session. Both games are by the same company (Popcap.com), so I don't know if it was previously authorizing apps.facebook.com or if it authorized everything from popcap.com, but it had previously been remembering it for the prescribed length of time. Then a few weeks ago something changed and I had to allow Flash every time I went into one of the games. I didn't know that the fix had been finalized for bug 1581664 until yesterday. After I posted this bug I found out I could access the Adobe Flash Player site without having to re-authorize Flash each time. I wonder if the fix for 1581664 caused the change with the frames???
|
|
Assignee | |
Comment 5•5 years ago
|
||
This is the historical behaviour here (cf. bug 1305232, bug 853855). I accidentally
broke it when I refactored this code for fission. This restores the "old" behaviour.
Pushed by gijskruitbosch@gmail.com: https://hg.mozilla.org/integration/autoland/rev/57308405ef98 fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r=mconley
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 8•5 years ago
|
||
Comment on attachment 9109300 [details]
Bug 1595647 - fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r?mconley
Beta/Release Uplift Approval Request
- User impact if declined: Flash permissions don't persist for any length of time for framed pages
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: See comment #0 (you'll need a facebook login)
- List of other uplifts needed: n/a
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): We're just using
browsingContext.topinstead of justbrowsingContextto determine the principal, so the actual code fix is pretty small; it's the test that takes up most of this patch. - String changes made/needed: nope
|
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Comment 9•5 years ago
|
||
I have reproduced this issue using Firefox 72.0a1 (2019.11.11) on Win 8.1 x64.
I can confirm this issue is fixed, I verified using Firefox 72.0a1 latest nightly on Win 10 x64, Win 8.1 x64, Ubuntu 18.04 x64 and macOS 10.14, waiting for fix in beta 71.
|
||
Comment 10•5 years ago
|
||
Comment on attachment 9109300 [details]
Bug 1595647 - fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r?mconley
Flash fix, has tests and was verified by QA, uplift approved for 71 beta 12, thanks.
|
||
Comment 11•5 years ago
|
||
| bugherder uplift | ||
|
||
Comment 12•5 years ago
|
||
Fix verified with 71.0b12 as well on the same platofms mentioned on comment 9.
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Description
•