1686212 - Always reject requestStorageAccess without user gesture

Status: RESOLVED FIXED

(Core :: Privacy: Anti-Tracking, enhancement, P2)

Description

[Johann Hofmann [:johannh]]

See https://github.com/privacycg/storage-access/issues/36, we should align our behavior with other browsers and always reject the rSA promise without user interaction.

Comment 1

[minasmelas]

Hi, can I work on this bug? This will be one of my first bugs.
If yes, could you provide me with the steps to reproduce? Also, are there any specific tests that I should look at?

Comment 2

[Johann Hofmann [:johannh]]

Hi minasmelas,

this bug is relatively simple in itself, but I'm not sure whether there are any larger test failures that need to be cleaned up afterwards. So generally I would advise you to try to work on a few different good first bugs before coming back to this one (for example, it would be advisable for you to have access to our Try server already). If you feel confident that you can handle running and fixing the breaking tests then all that's needed here is to move this code: https://searchfox.org/mozilla-central/rev/4e87b5392eafe1f1d49017e76f7317b06ec0b1d8/dom/base/Document.cpp#16398 at the beginning of its function. The tests that this could break should mostly be located in https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/test/browser

Thanks!

Comment 3

[minasmelas]

I understand, I will go for some beginner friendly tasks then! Thanks for your help.

Comment 4

[Ethan Tseng [:ethan]]

Note: Set to P2 because of compatibility to web standards.

Comment 5

[Benjamin VanderSloot [:bvandersloot]]

Referenced in https://phabricator.services.mozilla.com/D127151.

While fixing Bug 1732919, Paul had to move consumption of the user activation/gesture up to the top of the function. In doing so, he also moved the case for rejecting if not activated up to the top of the function, potentially resolving this bug. I plan to make explicit tests for this once Bug 1732919 lands.