Without prior 1p user interaction, requestStorageAccess should always result in a permission prompt
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox97 | --- | fixed |
People
(Reporter: johannh, Assigned: bvandersloot)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 1 obsolete file)
We should not automatically grant storage access to cross-origin iframes without first party user interaction. However, automatically denying seems too extreme given that the website is forced to show users a weird interstitial then. A compromise would be to always prompt in this case. Note that combined with bug 1680844 this would mean that the 3rd party can then obtain first party user interaction when the user confirms the permission prompt.
Reporter | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
Adding dependencies that prevent breakage.
Updated•2 years ago
|
Assignee | ||
Comment 3•2 years ago
|
||
This also includes the removal of the test file browser_storageAccessAutograntedGivesUserInteraction.js.
That test pre-supposes that it is possible to autogrant without the storageAccessAPI permission, which is no longer possible.
Depends on D127276
Assignee | ||
Comment 4•2 years ago
|
||
A few tests relied upon autogrants without storageAccessAPI permission.
I modified these tests to click the Accept button in the prompt that now appears, automating a manual grant.
Depends on D132597
Updated•2 years ago
|
Pushed by bvandersloot@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d916d9ac25e9 Part 1 - requestStorageAccess should always result in a permission prompt for 3p requests and no prior 1p interaction r=timhuang https://hg.mozilla.org/integration/autoland/rev/625308c5c0a5 Part 2 - Add new tests that verifies that autogrants of SAA require the storageAccessAPI permission, r=timhuang
Comment 6•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d916d9ac25e9
https://hg.mozilla.org/mozilla-central/rev/625308c5c0a5
Description
•