Closed Bug 1663192 Opened 5 years ago Closed 5 years ago

localStorage and sessionStorage no longer work on file: URLs when third-party cookies are blocked

Categories

(Core :: Networking: File, defect, P3)

Firefox 81
x86_64
Linux
defect

Tracking

()

VERIFIED FIXED
83 Branch
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox80 --- unaffected
firefox81 --- wontfix
firefox82 --- wontfix
firefox83 --- verified

People

(Reporter: kevink9876543, Assigned: timhuang)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(2 files)

Firefox 81.0b6 Dev Edition
new profile

Steps to reproduce:

  1. about:preferences > Privacy & Security, select Custom and set to block all third-party cookies

  2. drag&drop this local HTML file to tab bar -

<!DOCTYPE html>
<script>
window.addEventListener("DOMContentLoaded", function() {
  let t = 'foo' in window.localStorage ? window.localStorage.getItem("foo") : null;
  if (!t) {
    window.localStorage.setItem("foo", "Stored Value");
    t = 'nothing';
  }
  document.body.appendChild(document.createTextNode(t));
}, false);
</script>
<body></body>
  1. reload that page

Expected results:
Should say "nothing" on first load and "Stored Value" on reload.

Actual results:

Blank page. These errors appear in Web Console -

Uncaught DOMException: The operation is insecure. localStorage-Test.html:4
Request to access cookie or storage on “file:///<snip>/localStorage-Test.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.

Works as expected in Firefox 80.0.1 and earlier.

18:59.26 INFO: Last good revision: 2ce43b1fe3db5a3121cb01e5ea3045da7b85b1c9
18:59.26 INFO: First bad revision: 1e2a698cb1870ac8fc161f1e0c23111d071384c1
18:59.26 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2ce43b1fe3db5a3121cb01e5ea3045da7b85b1c9&tochange=1e2a698cb1870ac8fc161f1e0c23111d071384c1

@Tim, Dimi seems to be on PTO - can you take a look at this?

Flags: needinfo?(tihuang)
Regressed by: 1652244
Has Regression Range: --- → yes

Set release status flags based on info from the regressing bug 1652244

Flags: needinfo?(jstutte)
Severity: -- → S3
Flags: needinfo?(jstutte)
Priority: -- → P3
Assignee: nobody → tihuang
Flags: needinfo?(tihuang)
Status: NEW → ASSIGNED

We should also set IsThirdPartyToTopWindow flag in loadInfo for channels
loading file: uri. So, we set this flag in the
nsBaseChannel::AsyncOpen(). This change would affect about: and data:
channels.

Depends on D91001

Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b47fca4272fd Part 1: Add a test to ensure the top-level window in a file url is considered as top-level. r=dimi https://hg.mozilla.org/integration/autoland/rev/a12d9ab2562c Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r=dimi,kershaw,necko-reviewers
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
Blocks: 1666045
Whiteboard: [necko-triaged]

I believe the build bustage is caused by Bug 1605305. I will reland my patches.

Flags: needinfo?(tihuang)
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8d846fa9ada7 Part 1: Add a test to ensure the top-level window in a file url is considered as top-level. r=dimi https://hg.mozilla.org/integration/autoland/rev/5dc3497b7988 Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r=dimi,kershaw,necko-reviewers
Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch

The patch landed in nightly and beta is affected.
:timhuang, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(tihuang)

Comment on attachment 9177126 [details]
Bug 1663192 - Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r?dimi,kershaw

Beta/Release Uplift Approval Request

  • User impact if declined: The file: url won't be able to access localStorage, cookies, etc.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This patch doesn't change any behavior, it fixes a regression.
  • String changes made/needed: None
Flags: needinfo?(tihuang)
Attachment #9177126 - Flags: approval-mozilla-beta?
Attachment #9177125 - Flags: approval-mozilla-beta?

Comment on attachment 9177126 [details]
Bug 1663192 - Part 2: Set the IsThirdPartyToTopWindow in the nsBaseChannel. r?dimi,kershaw

this seems like a corner case (file: + blocking 3rd party cookies), I think it can ride the trains

Attachment #9177126 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Attachment #9177125 - Flags: approval-mozilla-beta? → approval-mozilla-beta-

Reproduced the issue on affected Firefox 82.0 (64-bit) on Windows 10 x64.
Verified-fixed on latest Firefox Nightly 84.0a1 (2020-10-22) (64-bit) and Beta 83.0b3 (64-bit) on Windows 10 x64, macOS 10.15 and Ubuntu 16.04.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: