QuotaCleaner deleteByPrincipal over-clears sessionStorage and legacy localStorage
Categories
(Toolkit :: Data Sanitization, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox100 | --- | fixed |
People
(Reporter: pbz, Assigned: pbz)
References
(Blocks 1 open bug)
Details
Attachments
(4 files, 2 obsolete files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
35.04 KB,
patch
|
Details | Diff | Splinter Review | |
|
6.13 KB,
patch
|
Details | Diff | Splinter Review |
QuotaCleaner#deleteByPrincipal over-clears sessionStorage and legacy localStorage.
It only passes a host here:
https://searchfox.org/mozilla-central/rev/4dac9993b609fccc87e82682614faf2a44cda306/toolkit/components/cleardata/ClearDataService.jsm#473,480
This means that the StorageObserver will clear all localStorage and sessionStorage for a host, without taking origin attributes into account:
https://searchfox.org/mozilla-central/rev/4dac9993b609fccc87e82682614faf2a44cda306/dom/storage/StorageObserver.cpp#294,316
Looking at the interface, it seems that the legacy implementation does not support clearing by full origin: https://searchfox.org/mozilla-central/rev/4dac9993b609fccc87e82682614faf2a44cda306/dom/storage/PBackgroundStorage.ipdl#51
|
||
Updated•3 years ago
|
|
Assignee | |
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
This patch introduces two new observer notifications for clearing sessionStorage and legacy localStorage
by principal / exact origin. This is a requirement for the Clear-Site-Data header which allows sites to clear
storages. For privacy reasons, it's important that a site can only clear the exact storage scope it has access to.
nsIClearDataService will call observer notifications to clear by principal, which are consumed by the
StorageObserver. StorageObserver will forward these messages to SessionStorageManager and LocalStorageManager.
|
|
Assignee | |
Comment 2•3 years ago
|
||
Depends on D121639
|
|
Assignee | |
Comment 3•2 years ago
|
||
The work here has been blocked on review for many months already. Since this plays an important part in supporting the ClearSiteData header when TCP/dFPI is enabled, I think it would be good to get it landed soon.
Andrew, Jan, could you or somebody from your team please take a look at the patches? They are relatively simple. Happy to connect via Zoom or Slack too if it's helpful. Thanks!
|
||
Updated•2 years ago
|
|
||
Comment 4•2 years ago
|
||
Jan will get to this very soon, sorry for the delay.
|
||
Comment 5•2 years ago
|
||
The original patch D121639 has been developed by pbz.
Depends on D139812
|
|
||
Comment 6•2 years ago
|
||
The original patch D121640 has been developed by pbz.
Depends on D139813
|
|
||
Comment 7•2 years ago
|
||
|
|
||
Comment 8•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Pushed by jvarga@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8010a4d4ffc9 Support for clearing sessionStorage by principal; r=pbz https://hg.mozilla.org/integration/autoland/rev/d9329294168f Updated tests for clearing localStorage and sessionStorage by principal; r=pbz
|
||
Comment 10•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/8010a4d4ffc9
https://hg.mozilla.org/mozilla-central/rev/d9329294168f
Description
•