Open Bug 1616297 Opened 2 years ago Updated 2 years ago

Ensure data sanitization is compatible with dFPI

Categories

(Toolkit :: Data Sanitization, task, P3)

task

Tracking

()

People

(Reporter: johannh, Unassigned)

References

(Blocks 1 open bug)

Details

With dFPI we'll end up storing data for both first parties and third parties under principals with different origin attributes, which has the potential to break data sanitization.

We should ensure that:

  • Forget About This Site still deletes all traces of a site (including third-party principals, I suppose)
  • Clear History still clears history
  • Delete Site Data and the Site Data Manager still correctly delete data by origin

I tested all three items and they seems to work as expected for cookies, localStorage, sessionStorage, and IndexedDB. The exceptions are Bug 1629664 and two bugs unrelated to dfpi (Bug 1629667 and Bug 1629658). In general, both isolated and non-isolated storage is cleared when clearing happens per-origin (expected), and time-based clearing / clearing all origins clear all storage locations from all origins.

You need to log in before you can comment on or make changes to this bug.