Closed
Bug 1645861
Opened 4 years ago
Closed 4 years ago
Make sure external.AddSearchProvider channels obey FPI
Categories
(Core :: DOM: Security, enhancement, P2)
Core
DOM: Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: acat, Assigned: acat)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor 32414][domsecurity-active])
Attachments
(1 obsolete file)
We would like to upstream a patch from Tor Browser (https://gitlab.torproject.org/legacy/trac/-/issues/32414) to make the channels created when the window.external.AddSearchProvider
is called obey first party isolation.
Assignee | ||
Updated•4 years ago
|
Summary: Make sure external.AddSearchProvider channels have the right origin attributes → Make sure external.AddSearchProvider channels obey FPI
Assignee | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [tor 32414] → [tor 32414][domsecurity-active]
Comment 2•4 years ago
|
||
We are removing external.AddSearchProvider. See bug 1632448. And in bug 1632447 we disable it by default.
Do we still need this fix?
Flags: needinfo?(acat)
Assignee | ||
Comment 3•4 years ago
|
||
Oh, I completely missed bug 1632447, sorry. Then I guess the fix is not needed. Closing this, thanks.
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(acat)
Resolution: --- → INVALID
Updated•4 years ago
|
Attachment #9156790 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•