Add a same-tab requirement to the existing dFPI interaction heuristics
Categories
(Core :: Privacy: Anti-Tracking, task, P3)
Tracking
()
People
(Reporter: englehardt, Unassigned)
References
(Blocks 1 open bug)
Details
The dFPI interaction heuristic implemented in Bug 1616585 Comment 12 can be summarized as:
Site B will receive storage access on site A when a top-level document redirect occurs from site B to site A, where:
1. both site A and site B have received user interaction as a first-party within the past 30 days
2. both site A and site B been visited as a first party within the past 10 minutes
We should add in an additional requirement that (2) has occurred within the same tab. We don't want to rely on the tab's history since this can be manipulated by sites. Instead, we'd need to add in a new object.
|
||
Comment 1•4 years ago
|
||
I was expecting that we can obtain CanonicalBrowsingContext from the given nsIChannel in parent process, and get session history to see if there's any historical visit in the tab.
But seems fission.sessionHistoryInParent is not enabled by default, so I'm thinking if we can/should implement another component to store tab history.
Peter, any suggestion?
|
Reporter | |
Updated•4 years ago
|
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Currently, the Session History in Parent has been enabled along with Fission. So, I believe we can use Session History to implement this bug.
Description
•