localStorage accessibility within extension privileged pages in Private Window
Categories
(WebExtensions :: General, defect)
Tracking
(Not tracked)
People
(Reporter: eros_uk, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Steps to reproduce:
AFAIK, extension are given their own domain where data can be shared within that domain.
A localStorage set in an extension background page, can be accessed by extension option page or browser action popup or other privileged extension pages, and vice versa.
Above works fine in non-private windows.
In a Private window, localStorage set in extension pages are shared with other extension pages within the private window environment. However, the background page is unable to access the data.
As an example, I use a button on extension browser action popup to open another extension privileged page (e.g. option page) and share some data via localStorage.
Above process works fine in both private and non-private windows.
I also have a browserAction context-menu for the same process which has to be processed from the background script.
The context-menu action works fine in non-private window but fails in private window as the option page can not get the localStorage set by background script.
I can envisage why there my be issues where some extensions may abuse the privacy of private window (but that can be done in many other ways as well).
Shouldn't privileged extension pages always be able to share localStorage within their own privileged domain within the same window??!
I mean share data within the private environment with other same extension pages in the same private environment (I do not mean sharing between private and non-private).
PS. I am guessing the issue is not limited to localStorage and other window data may be affected.
It is possible that it relates to runtime.getBackgroundPage() bug 1329304
Also note that this method cannot be used in a private window in Firefox—it always returns
null. For more info see related bug at bugzilla.
|
||
Comment 2•4 years ago
|
||
In Firefox, an extension page (tab, browserAction panel, sidebar, etc.) in a private window is associated with private browsing mode because it is in a Private Window. An extension's background page is usually in a non-private browsing context. As a result, localStorage (and other origin-based APIs) are not shared between the private window and the background page.
In Chrome, the following happens:
- Extension tabs cannot be loaded, unless
"incognito":"split"is used (which is not supported in Firefox - bug 1380812). - Extension panels (browserAction/pageAction) are in non-incognito mode (with
"incognito":"split", which is the default).
In Firefox we have chosen to not implement "incognito":"split", only "incognito":"spanning", and simultaneously isolate the extension page depending on where it is running (in a private window, a container tab, etc.). A natural consequence of this is that extension pages are not guaranteed to be able to share origin-based DOM APIs).
If you want one shared storage space, use the browser.storage API. If you want to insist with using localStorage, access it from the background page and use extension messaging.
Description
•