localStorage and sessionStorage no longer work on file: URLs when third-party cookies are blocked
Categories
(Core :: Networking: File, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | unaffected |
firefox80 | --- | unaffected |
firefox81 | --- | wontfix |
firefox82 | --- | wontfix |
firefox83 | --- | verified |
People
(Reporter: kevink9876543, Assigned: timhuang)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [necko-triaged])
Attachments
(2 files)
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta-
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta-
|
Details | Review |
Firefox 81.0b6 Dev Edition
new profile
Steps to reproduce:
-
about:preferences > Privacy & Security, select Custom and set to block all third-party cookies
-
drag&drop this local HTML file to tab bar -
<!DOCTYPE html>
<script>
window.addEventListener("DOMContentLoaded", function() {
let t = 'foo' in window.localStorage ? window.localStorage.getItem("foo") : null;
if (!t) {
window.localStorage.setItem("foo", "Stored Value");
t = 'nothing';
}
document.body.appendChild(document.createTextNode(t));
}, false);
</script>
<body></body>
- reload that page
Expected results:
Should say "nothing" on first load and "Stored Value" on reload.
Actual results:
Blank page. These errors appear in Web Console -
Uncaught DOMException: The operation is insecure. localStorage-Test.html:4
Request to access cookie or storage on “file:///<snip>/localStorage-Test.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.
Works as expected in Firefox 80.0.1 and earlier.
18:59.26 INFO: Last good revision: 2ce43b1fe3db5a3121cb01e5ea3045da7b85b1c9
18:59.26 INFO: First bad revision: 1e2a698cb1870ac8fc161f1e0c23111d071384c1
18:59.26 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2ce43b1fe3db5a3121cb01e5ea3045da7b85b1c9&tochange=1e2a698cb1870ac8fc161f1e0c23111d071384c1
@Tim, Dimi seems to be on PTO - can you take a look at this?
Updated•5 years ago
|
Comment 2•5 years ago
|
||
Set release status flags based on info from the regressing bug 1652244
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Comment 4•5 years ago
|
||
We should also set IsThirdPartyToTopWindow flag in loadInfo for channels
loading file:
uri. So, we set this flag in the
nsBaseChannel::AsyncOpen(). This change would affect about: and data:
channels.
Depends on D91001
Comment 6•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b47fca4272fd
https://hg.mozilla.org/mozilla-central/rev/a12d9ab2562c
Comment 7•5 years ago
|
||
Backed out for build bustages.
Backout: https://hg.mozilla.org/integration/autoland/rev/ba2acef0565237b9d0efc0e3717c33469ceba4c1
Updated•5 years ago
|
![]() |
||
Comment 8•5 years ago
|
||
Assignee | ||
Comment 9•5 years ago
|
||
I believe the build bustage is caused by Bug 1605305. I will reland my patches.
Comment 10•5 years ago
|
||
Comment 11•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/8d846fa9ada7
https://hg.mozilla.org/mozilla-central/rev/5dc3497b7988
Comment 13•5 years ago
|
||
The patch landed in nightly and beta is affected.
:timhuang, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 14•5 years ago
|
||
Comment on attachment 9177126 [details]
Bug 1663192 - Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r?dimi,kershaw
Beta/Release Uplift Approval Request
- User impact if declined: The file: url won't be able to access localStorage, cookies, etc.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This patch doesn't change any behavior, it fixes a regression.
- String changes made/needed: None
Assignee | ||
Updated•5 years ago
|
Comment 15•5 years ago
|
||
Comment on attachment 9177126 [details]
Bug 1663192 - Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r?dimi,kershaw
this seems like a corner case (file: + blocking 3rd party cookies), I think it can ride the trains
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 17•5 years ago
|
||
Reproduced the issue on affected Firefox 82.0 (64-bit) on Windows 10 x64.
Verified-fixed on latest Firefox Nightly 84.0a1 (2020-10-22) (64-bit) and Beta 83.0b3 (64-bit) on Windows 10 x64, macOS 10.15 and Ubuntu 16.04.
Description
•