Closed Bug 1683880 Opened 5 years ago Closed 1 year ago

Storage access API prompt is not displayed for cookieBehavior 3

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox85 --- affected
firefox86 --- affected

People

(Reporter: hyacoub, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: priv-triaged)

Preconditions

The following prefs are set in about:config:

  • browser.contentblocking.state-partitioning.mvp.ui.enabled = true
  • network.cookie.cookieBehavior = 3
  • privacy.partition.network_state = true
  • urlclassifier.trackingAnnotationTable.testEntries = known-tracker.englehardt-tracker.com
  • dom.storage_access.auto_grants = false
  • network.cookie.rejectForeignWithExceptions.enabled = true

Affected versions

Firefox 85.0b4
Firefox 86.0a1

Affected platforms

MacOS 10.15
Windows 10 x64

Steps to reproduce

  1. Navigate to https://senglehardt.com/test/dfpi/storage_access_api.html
  2. Click on the requestStorageAccess() button from the fourth known-tracker.englehardt-tracker.com iframe.

Expected result

Storage Access API prompt should be triggered.

Actual Result

Storage Access API prompt is not shown.

Note

We tried using a fresh profile and also clearing all history before testing.

Severity-Suggestion

S2.

Blocks: dfpi-mvp-ui, 1683875

I'm able to reproduce. I don't see a prompt when requestStorageAccess() is called, but the promise resolves as granted. However no cookie access is provided.

Severity: -- → S3
Priority: -- → P3

We don't consider this a bug with dFPI, but will track for storage access improvements.

Blocks: storage-access-experience
No longer blocks: dfpi-mvp-ui
Flags: qe-verify+

Note: network.cookie.cookieBehavior 3 means: Reject third-party cookies from websites which a user hasn't visited.

Firefox Nightly 123.0a1 returns access denied with no prompt showed using the same prefs.

Keywords: priv-triaged

Do you want to take a closer look into this William?

Flags: needinfo?(wwen)

I'm wondering whether it makes sense to put work into this given we don't really want to support cookie behavior 3 BEHAVIOR_LIMIT_FOREIGN going forward.

I can definitely take a look into this anyway, if it looks like it would be a lot of work to fix then we can maybe reevaluate later.

Flags: needinfo?(wwen)

From a discussion with the team today, automatic rejection looks like the expected behaviour for network.cookie.cookieBehavior = 3.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.