Closed Bug 1625599 Opened 5 years ago Closed 5 years ago

Allow WebExtensions to bypass tracking protection for XHR/fetch

Categories

(WebExtensions :: General, enhancement)

Product:
WebExtensions
Component:
General
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1629436

People

(Reporter: evilpie, Unassigned)

References

Details

Attachments

(1 obsolete file)

I know this is a very contentious issue. However please do consider that the current approach for tracking protection makes it impossible for us to implement Livemarks in a sane manner. I really don't understand this desire for keeping this feature that randomly breaks extensions enabled.

Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1502987#c3 for a description of our problem.

I implemented a very targeted fix that allows XHR/fetch to bypass tracking protection for URLs the extension has access to.

I would like to point out that it's possible to bypass tracking protection by hacking your own Cookie header: https://github.com/evilpie/livemarks/commit/ff996813a6601e0585c5c24d176badc3940ac30e. I am however rejecting this approach as too well hacky. And we really don't want all users to have to accept a new permission that we really shouldn't have to use anyway.

Bug 1308640 has some historical discussion on the relation between extension permissions and tracking protection (of which you are probably aware).

How about the iframe case (bug 1376611)?

I'll bring this up at the next triage meeting.

See Also: → 1308640
Whiteboard: webext?

Too clarify, fixing Bug 1502987 would also be a possible solution. Personally I would like to avoid having to ask for explicit permissions. This patch is most likely also a lot simpler than what we Bug 1502987 requires.

We'll see what happens in bug 1502987 first.

Depends on: 1502987

:mixedpuppy, :rpl, :zombie and I discussed this, and our discussion can be summarized as follows:

We'd like consistent behavior. This means:

  • There should be one rule that applies to all kinds of requests (not just fetch/xhr, but also images, documents, etc.)
  • Extensions are supposed to represent the interest of users, and host permissions allow them to modify requests anyway. So any request that is obviously triggered by an extension should not be subjected to tracking protection. I.e. if topLevelPrincipal == triggeringPrincipal, and those principals are moz-extension principals belonging to an extension that has (non-explicit) host permissions for the requested URL, then tracking protection should not apply.

Shane is going to discuss this further with Philipp.

Flags: needinfo?(philipp)
Flags: needinfo?(mixedpuppy)
Whiteboard: webext?
Whiteboard: webext?
See Also: → 1629436

So how do we continue here? It would be trivial to update my patch to allow all kinds of WebExtension loads to bypass tracking protection. I guess we want to test a select number of things? (Testing every possible fetch in a browser sounds exhausting)

Attachment #9136474 - Attachment is obsolete: true

This will be resolved by bug 1629436.

Note: only for requests from extension pages, not from content scripts.

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(philipp)
Flags: needinfo?(mixedpuppy)
Resolution: --- → DUPLICATE
Whiteboard: webext?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: