Closed Bug 1616297 Opened 4 years ago Closed 2 years ago

Ensure data sanitization is compatible with dFPI

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: johannh, Unassigned)

References

(Blocks 1 open bug)

Details

Johann Hofmann [:johannh]

Reporter

Description

•

4 years ago

With dFPI we'll end up storing data for both first parties and third parties under principals with different origin attributes, which has the potential to break data sanitization.

We should ensure that:

Forget About This Site still deletes all traces of a site (including third-party principals, I suppose)
Clear History still clears history
Delete Site Data and the Site Data Manager still correctly delete data by origin

Johann Hofmann [:johannh]

Reporter

Updated

•

4 years ago

Blocks: DynamicFirstPartyIsolation

Steven Englehardt [:englehardt]

Updated

•

4 years ago

Depends on: 1629664

Steven Englehardt [:englehardt]

Comment 1

•

4 years ago

I tested all three items and they seems to work as expected for cookies, localStorage, sessionStorage, and IndexedDB. The exceptions are Bug 1629664 and two bugs unrelated to dfpi (Bug 1629667 and Bug 1629658). In general, both isolated and non-isolated storage is cleared when clearing happens per-origin (expected), and time-based clearing / clearing all origins clear all storage locations from all origins.

Paul Zühlcke [:pbz]

Updated

•

2 years ago

Status: NEW → RESOLVED

Closed: 2 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Ensure data sanitization is compatible with dFPI

Categories

(Toolkit :: Data Sanitization, task, P3)

Tracking

()

People

(Reporter: johannh, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Updated