Closed Bug 1689600 Opened 2 years ago Closed 2 years ago

Dragging images from websites with access control to Explorer resulted in 403 page being created instead

Categories

(Core :: Privacy: Anti-Tracking, defect, P1)

Firefox 85
defect

Tracking

()

VERIFIED FIXED
87 Branch
Tracking Status
firefox-esr78 --- disabled
firefox84 --- disabled
firefox85 --- wontfix
firefox86 --- verified
firefox87 --- verified

People

(Reporter: yaema.vandermerwe, Assigned: timhuang)

References

(Regression)

Details

(Keywords: regression, reproducible)

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0

Steps to reproduce:

  1. Log in to a website with access control (e.g. Pixiv)
  2. Open an access-controlled image in a new tab.
  3. Drag that image and drop into Explorer.

Actual results:

The file size that Firefox exposed to Explorer is noted to be a constant size instead of the size it's supposed to be. This affects any files from the website.
Examining the image file with a text editor reveals that it is in fact the website's 403 page.

Expected results:

Actual image gets created.
The browser should copy the image data from the tab, and not despatch a separate, non-access-controlled call to the website to create the resource which results in 403 pages.

This is the case (therefore, this bug didn't exist) in previous version of Firefox.

Status: UNCONFIRMED → NEW
Component: Untriaged → Privacy: Anti-Tracking
Ever confirmed: true
Product: Firefox → Core
Regressed by: 1639154

BTW, Bug 1641270 does not fix this case if privacy.partition.network_state = true.

Regressed by: 1681330
Has Regression Range: --- → yes
Has STR: --- → yes
See Also: → 1689960
Severity: -- → S2
Priority: -- → P1

Hi Alice,

Thanks for providing the regression window. I cannot reproduce this on my MAC though.

Would you be able to provide a link and detailed STR? And is this issue Windows exclusive? Thanks.

Flags: needinfo?(alice0775)

I've found a way to reproduce this on Windows. Thanks.

Flags: needinfo?(alice0775)
Assignee: nobody → tihuang
Status: NEW → ASSIGNED

The channel used in Windows for Drag&Drop doesn't have the correct
cookieJarSettings. The patch fixes this issue that it will pass the
correct cookieJarSettings to the channel.

Attachment #9200445 - Attachment description: Bug 1689600 - Part 1: Making the Drag&Drop to be aware of cookieJarSettings on Windows platform. → Bug 1689600 - Making the Drag&Drop downloading be aware of cookieJarSettings on Windows platform. r?smaug
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/932f35a99bca
Making the Drag&Drop downloading be aware of cookieJarSettings on Windows platform. r=smaug
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
Flags: qe-verify?

The patch landed in nightly and beta is affected.
:timhuang, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(tihuang)

Comment on attachment 9200445 [details]
Bug 1689600 - Making the Drag&Drop downloading be aware of cookieJarSettings on Windows platform. r?smaug

Beta/Release Uplift Approval Request

  • User impact if declined: The drag&drop downloading of access-controlled images will break in Windows
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1. Log in to a website with access control (e.g. Pixiv)
  1. Open an access-controlled image in a new tab.
  2. Drag that image and drop it into Explorer.
  3. Verify if the image is downloaded correctly.
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a simple fix and only affects Windows.
  • String changes made/needed: None
Flags: needinfo?(tihuang)
Attachment #9200445 - Flags: approval-mozilla-beta?
Flags: qe-verify? → qe-verify+
QA Whiteboard: [qa-triaged]

Comment on attachment 9200445 [details]
Bug 1689600 - Making the Drag&Drop downloading be aware of cookieJarSettings on Windows platform. r?smaug

Low risk fix according to the author, was on nightly for a few days and this is a recent 85 regression, approved for 86 beta 8, thanks.

Attachment #9200445 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Reproduced with Fx 85.0 on Windows 10.
Verified fixed with Fx 86.0b8 and Fx 87.0a1 (2021-02-09) on Windows 10.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
See Also: → 1796524
You need to log in before you can comment on or make changes to this bug.