Ship site permission isolation by private browsing
Categories
(Core :: Permission Manager, enhancement)
Tracking
()
People
(Reporter: pbz, Assigned: pbz)
References
Details
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
We currently only set permissions.isolateBy.privateBrowsing for Nightly and early Beta. We should enable this for release as well.
This will separate private browsing and normal browsing permissions.
|
||
Comment 1•2 years ago
|
||
Is this enhancement already in our latest Nightly builds ? because we are seeing different behavior from beta, If so the flags from this enhancement needs to be updated.
If the user reaches a Normal Window and checks Remember this Decision and clicks Allow when reaching a Private Window he will be asked again to Allow or Deny permissions ??
Also if he checks Remember this decision and the user clicks Don't Allow, will the same rule apply ? will he be asked again for permissions or it will be automatically denied ??
|
Assignee | |
Comment 2•2 years ago
|
||
(In reply to Rares Doghi from comment #1)
Is this enhancement already in our latest Nightly builds ? because we are seeing different behavior from beta, If so the flags from this enhancement needs to be updated.
The patches in Bug 1422056 enabled isolation of permission for private browsing in Nightly. The behavior you're describing is expected in Nightly.
This bug is about enabling it for the release channel.
If the user reaches a Normal Window and checks Remember this Decision and clicks Allow when reaching a Private Window he will be asked again to Allow or Deny permissions ??
Yes, with the patch enabled, normal and private windows have separate permissions. Accepting or denying a permission prompt in a normal window won't change permissions for the private window (and vice versa).
Also if he checks Remember this decision and the user clicks Don't Allow, will the same rule apply ? will he be asked again for permissions or it will be automatically denied ??
The denied permission will not be shared with the private window, so the user will be asked again.
|
|
||
Comment 3•2 years ago
|
||
Thank you for all the info.
|
|
Assignee | |
Comment 4•2 years ago
|
||
I need to get back to Bug 1597751, the patch is stale at the moment. However, this shouldn't block us. The current default permissions imported here https://searchfox.org/mozilla-central/rev/3f97afc8db535f9b0232222cb48cc4cbf8334c76/browser/app/permissions aren't really needed in private browsing. The most important permission would be install. However, the permission check for that is skipped by the addon code if the addon is signed.
|
|
Assignee | |
Comment 5•2 years ago
|
||
|
||
Updated•2 years ago
|
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3f2b9a785581 Enable permission isolation by private browsing for the release channel. r=johannh
|
||
Comment 7•2 years ago
|
||
| bugherder | ||
|
|
||
Comment 8•2 years ago
|
||
Hi Paul, I was trying to Verify this issue, it seems Fixed in Nightly 88 but it seems that its also been fixed for 87.0b5, Permissions for Normal and Private windows are separate now and the user is asked again in a Private Window regardles of what he allows or denies in a normal window.
Has the fix reached beta as well ? or am I missing something ?
|
|
Assignee | |
Comment 9•2 years ago
|
||
Thanks for verifying! Permission isolation was already enabled in Nightly and early Beta. That's probably why you're seeing it in Beta already.
|
|
||
Comment 10•2 years ago
|
||
This issue is Verified as Fixed in our Latest Nightly build 88.0a1 (2021-03-04) as well as 87.0b5 on Windows 10, Mac OsX 11.0 and Ubuntu 20.04.
Will there be an uplift for this one for Release 86 ?
|
|
Assignee | |
Comment 11•2 years ago
|
||
We're still investigating whether Bug 1692567 is a result of PB permission isolation not enabled in release. Once we confirm that flipping the pref fixes it we'll try to get it uplifted into 87. Leaving NI for that.
|
|
Assignee | |
Comment 12•2 years ago
|
||
Comment on attachment 9206388 [details]
Bug 1680237 - Enable permission isolation by private browsing for the release channel. r=johannh!
Beta/Release Uplift Approval Request
- User impact if declined: See Bug 1692567. Under special circumstances users can be get logged out of websites they've also visited in private browsing due to premature tracker purging.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Pref flip only, has been enabled in Nightly and early Beta for 1 year already.
Since we don't import default permissions for private browsing yet, users with custom default permissions may unexpectedly get prompted for permission again in private browsing. However, this is considered an edge-case. - String changes made/needed:
|
||
Comment 13•2 years ago
|
||
Comment on attachment 9206388 [details]
Bug 1680237 - Enable permission isolation by private browsing for the release channel. r=johannh!
approved for 87.0b7
|
|
||
Comment 14•2 years ago
|
||
| bugherderuplift | ||
|
|
||
Comment 15•2 years ago
|
||
This issue is Verified as fixed in 87.0b7 as well.
Will this issue be uplifted to Release 86 as well or can we update the status flag as well with Verified ?
|
|
Assignee | |
Comment 16•2 years ago
|
||
(In reply to Rares Doghi from comment #15)
This issue is Verified as fixed in 87.0b7 as well.
Will this issue be uplifted to Release 86 as well or can we update the status flag as well with Verified ?
Thanks! No, we don't want to enable this in 86.
Description
•