Closed Bug 1639542 (idb-private-browsing) Opened 4 years ago Closed 2 months ago

[meta] Support IndexedDB in Private Browsing Mode (with encrypted disk storage)

Categories

(Core :: Storage: IndexedDB, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED

People

(Reporter: sg, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed, DevAdvocacy, meta)

Attachments

(1 obsolete file)

No description provided.
Depends on: 1638396, 1634436
Depends on: 1639545
Depends on: 1639546
Depends on: 1639548
Depends on: 1639549
Depends on: 1639550

Depends on Bug 1593365 for removing exposure of origin information in disk paths.

Depends on: 1593365
Depends on: 1639552
See Also: → 781982
See Also: → 1634328
Depends on: 1641178
Depends on: 1671416

Any update or temporary fix available to workaround the issue ?

I mean this error DOMException: A mutation operation was attempted on a database that did not allow mutations.

to handle it gracefully in private mode

Depends on: 1699055

Comment on attachment 9181986 [details]
Bug 1639542 - Adapt browserchrome tests to support of IndexedDB in private browsing mode. r=#dom-workers-and-storage

Revision D93757 was moved to bug 1699055. Setting attachment 9181986 [details] to obsolete.

Attachment #9181986 - Attachment is obsolete: true
Assignee: sgiesecke → nobody
Status: ASSIGNED → NEW
Blocks: 1267582
No longer blocks: 1267582

Is this bug still being worked on?

Currently Netlfix is still broken for playback, and on a much smaller scale things like https://drive.fission.codes will never work in a private window without this.

There's an about:config workaround by setting

dom.indexedDB.privateBrowsing.enabled to true

Of course this will forego the privacy guarantees of private browsing, but it's a tradeoff you can make.

Webcompat Priority: --- → ?
Webcompat Priority: ? → ---

In my opinion the mechanism that grant access to the indexedDB in private mode should be very similar to the one grant access to microphone or camera.
Example scenario:

  1. user visit website A (he can be in a private mode or in apublic mode)
  2. website A request to "access indexedDB in provate mode" (eg. via dedicated API)
  3. user can see a popup and can make decision if he wants to grant permission (decision is permament - if user say yes, he do not have to confirm it again)

If user grant permission to "access indexedDB in private mode", then website "A" can store all data in the browser. If user does not grant access then webside "A" can make decision to store all data on the server.

With this approche it's very clear for the user and for the developer how to handle data storage.

Blocks: 1756974
See Also: → 1767036
Blocks: 1778813
Depends on: 1781200
No longer depends on: 1593365
Depends on: 1781201
Depends on: 1783919
Depends on: 1783921
Depends on: 1801151
Depends on: 1806398
Depends on: 1807662
Depends on: 1806821
Depends on: 1808306
Duplicate of this bug: 1813544
Depends on: 1818214

Maybe you could make it work like cookies: keep the storage content during the session and delete it at the end of the session.

Depends on: 1822889
Depends on: 1827376
Depends on: 1829295
Blocks: 1829295
No longer depends on: 1829295
Depends on: 1827377
Depends on: 1829819
See Also: → 701246
Depends on: 1830887
Depends on: 1831039
Depends on: 1831040
Depends on: 1831046
Depends on: 1831058
Depends on: 1831255

https://twitter.com/cedric_infosec/status/1658455734349070338

IndexedDB in private browsing works in FF 115 beta and if everything goes well it will be available in FF 115 release.

First of all, I can only express my greatest relief and gratitude at seeing this problem corrected, 11 years after I first encountered bug #781982.

So thanks again to everyone who made this possible.

Second, I have two questions:

  1. Is it expected that created indexedDBs do not appear in developer tools (Storage > Indexed DB) in private browsing mode? As a comparison, it is possible to inspect Local Storage in private browsing mode, so there would be a difference in behavior.

  2. The correction of this issue is not (yet) mentioned in upcoming release notes (Firefox Beta 115, Firefox 115 for developers
    ). Wouldn't it be relevant to communicate on the subject?

(In reply to Maxime RETY from comment #16)

  1. Is it expected that created indexedDBs do not appear in developer tools (Storage > Indexed DB) in private browsing mode? As a comparison, it is possible to inspect Local Storage in private browsing mode, so there would be a difference in behavior.

Yeah, that doesn't work yet. There are some complications specific to the way how IndexedDB stores data in private browsing mode.

  1. The correction of this issue is not (yet) mentioned in upcoming release notes (Firefox Beta 115, Firefox 115 for developers
    ). Wouldn't it be relevant to communicate on the subject?

I'm sure it will be added to release notes soon.

Understood, thans Jan for your feedback.

I can't wait to see those utterly bad sites who dose private mode detection with IDB on visitor to limit the sites availability go away!

The remaining defects this depends on look a bit like regressions rather than blocking bugs ? Should we close this and unlink and mark them accordingly ?

Flags: needinfo?(hsingh)

So, was this ever fixed? I came here after realizing that addons that rely on IndexedDB don't work in tor (but do without private mode), and was wondering if I should ask in tor or firefox. Currently tor is using firefox 115.7.0esr.

No longer depends on: 1801151
See Also: → 1801151
No longer depends on: 1639546
See Also: → 1639546
No longer depends on: 1699055
See Also: → 1699055

All the gating bugs for this meta bug has been closed already. Hence, closing this meta bug.

Status: NEW → RESOLVED
Closed: 2 months ago
Flags: needinfo?(hsingh)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: