Closed Bug 1595647 Opened 3 months ago Closed 3 months ago

Flash permissions for framed pages set for framed principal but checked using top page principal (e.g. facebook apps)

Categories

(Core :: Plug-ins, defect)

70 Branch
All
Unspecified
defect
Not set

Tracking

()

VERIFIED FIXED
mozilla72
Tracking Status
firefox-esr68 --- unaffected
firefox70 --- wontfix
firefox71 --- verified
firefox72 --- verified

People

(Reporter: ajpeavler, Assigned: Gijs)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

I was following bug 1581664, which is verified as "fixed," and was requested to file a new bug because it's still not working for me. It's not a big deal to me but if it's not working for me it still might be a problem for others. I play a couple of Facebook games which use Flash and I now have to "allow" Flash every time I visit the page or refresh the page, even if it's only been a couple of minutes and even though the browser was not closed.

I was asked on the other thread to provide the following information:

Website with the problem: https://apps.facebook.com/bejeweledblitz/?fb_source=bookmark&ref=bookmarks&count=40&fb_bmpos=_40 also this website: https://apps.facebook.com/solitaireblitz/?fb_source=canvas_bookmark I think this might apply to everything for https://apps.facebook.com, because previously when I temporarily allowed Flash player, I could switch from Bejeweled Blitz to Solitaire Blitz without having to re-allow Flash.

OS I'm using: Windows 10 Pro version 1903 build 18362.418
This is a brand new laptop purchased in April, 64 bit OS and 64 bit processor, Intel Core i5-7200U @ 2.50 GHz 2.760 GHz and 16.0 GB of RAM.

Version of Flash: 32.0.0.270 NPAPI version. The PPAPI version says "Not Installed." I have Firefox as my default browser and am using version 70.0.1; there are no updates available for either Firefox or Adobe Flash Player.

Actual results:

If I go to one of these game pages on Facebook and need to refresh my the page in my browser, I always need to re-allow Flash Player. This happens even if I have been on the page only a couple of minutes. If I navigate out of the game page and then back to the page, I also need to re-allow Flash Player.

Expected results:

I expected that Flash Player would still load whenever I refreshed or otherwise re-accessed the page for the duration of my browser session (in other words, until I closed and re-opened the browser).

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Plug-ins
Product: Firefox → Core

Thanks for reporting this bug.

I'm not able to test it because, for some reason, Facebook thinks I don't have Flash installed I can successfully activate Flash on other sites, such as https://helpx.adobe.com/flash-player.html and http://www.zombo.com/. I'm not sure what is different about my Firefox configuration. I have the same Flash version as you (32.0.0.270) and Windows 10.

I can reproduce this. It seems we're setting the permission for the frame containing the flash document (which makes sense to me), but we check it using the toplevel frame (which then obviously doesn't work, because they're different - the toplevel page is apps.facebook.com, the game itself is on awspopcap.com).

I suspect this is a regression from bug 1505913. I'll try to look at this later this week.

Assignee: nobody → gijskruitbosch+bugs
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Regressed by: 1505913
Summary: Still Having Problems Allowing Flash Player For Duration of Browser Session → Flash permissions for framed pages set for framed principal but checked using top page principal (e.g. facebook apps)

(In reply to :Gijs (he/him) from comment #3)

I can reproduce this. It seems we're setting the permission for the frame containing the flash document (which makes sense to me), but we check it using the toplevel frame (which then obviously doesn't work, because they're different - the toplevel page is apps.facebook.com, the game itself is on awspopcap.com).

I suspect this is a regression from bug 1505913. I'll try to look at this later this week.

This makes a lot of sense, because previously when I allowed Bejeweled Blitz I did not need to re-allow Flash for Solitaire Blitz when I switched games within the session. Both games are by the same company (Popcap.com), so I don't know if it was previously authorizing apps.facebook.com or if it authorized everything from popcap.com, but it had previously been remembering it for the prescribed length of time. Then a few weeks ago something changed and I had to allow Flash every time I went into one of the games. I didn't know that the fix had been finalized for bug 1581664 until yesterday. After I posted this bug I found out I could access the Adobe Flash Player site without having to re-authorize Flash each time. I wonder if the fix for 1581664 caused the change with the frames???

This is the historical behaviour here (cf. bug 1305232, bug 853855). I accidentally
broke it when I refactored this code for fission. This restores the "old" behaviour.

Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/57308405ef98
fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r=mconley
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72

Comment on attachment 9109300 [details]
Bug 1595647 - fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r?mconley

Beta/Release Uplift Approval Request

  • User impact if declined: Flash permissions don't persist for any length of time for framed pages
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: See comment #0 (you'll need a facebook login)
  • List of other uplifts needed: n/a
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): We're just using browsingContext.top instead of just browsingContext to determine the principal, so the actual code fix is pretty small; it's the test that takes up most of this patch.
  • String changes made/needed: nope
Attachment #9109300 - Flags: approval-mozilla-beta?
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

I have reproduced this issue using Firefox 72.0a1 (2019.11.11) on Win 8.1 x64.
I can confirm this issue is fixed, I verified using Firefox 72.0a1 latest nightly on Win 10 x64, Win 8.1 x64, Ubuntu 18.04 x64 and macOS 10.14, waiting for fix in beta 71.

Comment on attachment 9109300 [details]
Bug 1595647 - fix flash permissions so they get set for the toplevel page's principal instead of the subframe, r?mconley

Flash fix, has tests and was verified by QA, uplift approved for 71 beta 12, thanks.

Attachment #9109300 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Fix verified with 71.0b12 as well on the same platofms mentioned on comment 9.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Hardware: Unspecified → All
You need to log in before you can comment on or make changes to this bug.