Closed Bug 1680237 Opened 3 years ago Closed 3 years ago

Ship site permission isolation by private browsing

Categories

(Core :: Permission Manager, enhancement)

enhancement

Tracking

()

VERIFIED FIXED
88 Branch
Tracking Status
firefox87 --- verified
firefox88 --- verified

People

(Reporter: pbz, Assigned: pbz)

References

Details

Attachments

(1 file)

We currently only set permissions.isolateBy.privateBrowsing for Nightly and early Beta. We should enable this for release as well.
This will separate private browsing and normal browsing permissions.

Is this enhancement already in our latest Nightly builds ? because we are seeing different behavior from beta, If so the flags from this enhancement needs to be updated.

If the user reaches a Normal Window and checks Remember this Decision and clicks Allow when reaching a Private Window he will be asked again to Allow or Deny permissions ??

Also if he checks Remember this decision and the user clicks Don't Allow, will the same rule apply ? will he be asked again for permissions or it will be automatically denied ??

Flags: needinfo?(jhofmann)

(In reply to Rares Doghi from comment #1)

Is this enhancement already in our latest Nightly builds ? because we are seeing different behavior from beta, If so the flags from this enhancement needs to be updated.

The patches in Bug 1422056 enabled isolation of permission for private browsing in Nightly. The behavior you're describing is expected in Nightly.
This bug is about enabling it for the release channel.

If the user reaches a Normal Window and checks Remember this Decision and clicks Allow when reaching a Private Window he will be asked again to Allow or Deny permissions ??

Yes, with the patch enabled, normal and private windows have separate permissions. Accepting or denying a permission prompt in a normal window won't change permissions for the private window (and vice versa).

Also if he checks Remember this decision and the user clicks Don't Allow, will the same rule apply ? will he be asked again for permissions or it will be automatically denied ??

The denied permission will not be shared with the private window, so the user will be asked again.

Flags: needinfo?(jhofmann)

Thank you for all the info.

I need to get back to Bug 1597751, the patch is stale at the moment. However, this shouldn't block us. The current default permissions imported here https://searchfox.org/mozilla-central/rev/3f97afc8db535f9b0232222cb48cc4cbf8334c76/browser/app/permissions aren't really needed in private browsing. The most important permission would be install. However, the permission check for that is skipped by the addon code if the addon is signed.

No longer depends on: 1597751
See Also: → 1597751
Assignee: nobody → pbz
Status: NEW → ASSIGNED
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3f2b9a785581
Enable permission isolation by private browsing for the release channel. r=johannh
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch

Hi Paul, I was trying to Verify this issue, it seems Fixed in Nightly 88 but it seems that its also been fixed for 87.0b5, Permissions for Normal and Private windows are separate now and the user is asked again in a Private Window regardles of what he allows or denies in a normal window.

Has the fix reached beta as well ? or am I missing something ?

Flags: needinfo?(pbz)

Thanks for verifying! Permission isolation was already enabled in Nightly and early Beta. That's probably why you're seeing it in Beta already.

Flags: needinfo?(pbz)

This issue is Verified as Fixed in our Latest Nightly build 88.0a1 (2021-03-04) as well as 87.0b5 on Windows 10, Mac OsX 11.0 and Ubuntu 20.04.
Will there be an uplift for this one for Release 86 ?

We're still investigating whether Bug 1692567 is a result of PB permission isolation not enabled in release. Once we confirm that flipping the pref fixes it we'll try to get it uplifted into 87. Leaving NI for that.

Flags: needinfo?(pbz)

Comment on attachment 9206388 [details]
Bug 1680237 - Enable permission isolation by private browsing for the release channel. r=johannh!

Beta/Release Uplift Approval Request

  • User impact if declined: See Bug 1692567. Under special circumstances users can be get logged out of websites they've also visited in private browsing due to premature tracker purging.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Pref flip only, has been enabled in Nightly and early Beta for 1 year already.
    Since we don't import default permissions for private browsing yet, users with custom default permissions may unexpectedly get prompted for permission again in private browsing. However, this is considered an edge-case.
  • String changes made/needed:
Flags: needinfo?(pbz)
Attachment #9206388 - Flags: approval-mozilla-beta?
Blocks: 1692567

Comment on attachment 9206388 [details]
Bug 1680237 - Enable permission isolation by private browsing for the release channel. r=johannh!

approved for 87.0b7

Attachment #9206388 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

This issue is Verified as fixed in 87.0b7 as well.
Will this issue be uplifted to Release 86 as well or can we update the status flag as well with Verified ?

(In reply to Rares Doghi from comment #15)

This issue is Verified as fixed in 87.0b7 as well.
Will this issue be uplifted to Release 86 as well or can we update the status flag as well with Verified ?

Thanks! No, we don't want to enable this in 86.

See Also: → 1692776

Thanks, I will update the status flags.

Status: RESOLVED → VERIFIED
Regressions: 1701814
Regressions: 1702290
See Also: → 1720458
Regressions: 1740604
You need to log in before you can comment on or make changes to this bug.