Closed
Bug 1630687
Opened 4 years ago
Closed 4 years ago
Don't relax partitioning of all storage locations covered by the storage principal
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P3)
Core
Privacy: Anti-Tracking
Tracking
()
RESOLVED
INVALID
People
(Reporter: englehardt, Unassigned)
References
(Blocks 1 open bug)
Details
DFPI currently works like this:
- All storage locations on example.com are partitioned by StoragePrincipal
- User receives a storage access permission for tracker.example on example.com
- Everything covered by the StoragePrincipal is relaxed for tracker.example across the agent cluster and all future reloads.
- This gives tracker.example in that cluster access to their first-party window.localStorage, which is something we'd like. But it also means that other partitioned state (like caches) are no longer partitioned
Ideally, it seems like we'll only ever want to drop partitioning for cookies and the Storage APIs, rather than everything. We should define what we'd like to permanently partition.
|
||
Comment 1•4 years ago
|
||
It's more than ideal, it's security-critical for network-level caches due to XS-Leaks. Tackling this with dFPI makes a lot of sense to me as all the infrastructure is already there.
|
Reporter | |
Updated•4 years ago
|
Severity: -- → N/A
|
|
Reporter | |
Updated•4 years ago
|
Summary: Don't relax partitioning of storage locations not covered by the storage principal → Don't relax partitioning of all storage locations covered by the storage principal
|
|
Reporter | |
Comment 2•4 years ago
|
||
This has already been addressed by the Storage Principal refactoring.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•