Closed Bug 1630687 Opened 2 years ago Closed 1 year ago

Don't relax partitioning of all storage locations covered by the storage principal

Categories

(Core :: Privacy: Anti-Tracking, enhancement, P3)

enhancement

Tracking

()

RESOLVED INVALID

People

(Reporter: englehardt, Unassigned)

References

(Blocks 1 open bug)

Details

DFPI currently works like this:

  1. All storage locations on example.com are partitioned by StoragePrincipal
  2. User receives a storage access permission for tracker.example on example.com
  3. Everything covered by the StoragePrincipal is relaxed for tracker.example across the agent cluster and all future reloads.
  4. This gives tracker.example in that cluster access to their first-party window.localStorage, which is something we'd like. But it also means that other partitioned state (like caches) are no longer partitioned

Ideally, it seems like we'll only ever want to drop partitioning for cookies and the Storage APIs, rather than everything. We should define what we'd like to permanently partition.

It's more than ideal, it's security-critical for network-level caches due to XS-Leaks. Tackling this with dFPI makes a lot of sense to me as all the infrastructure is already there.

Severity: -- → N/A
Summary: Don't relax partitioning of storage locations not covered by the storage principal → Don't relax partitioning of all storage locations covered by the storage principal

This has already been addressed by the Storage Principal refactoring.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.