Open Bug 1692016 Opened 3 years ago Updated 3 years ago

blob: hrefs in out-of-process frames don't navigate the page

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

People

(Reporter: u608768, Unassigned)

References

(Regression)

Details

(Keywords: regression)

  1. In Nightly, open https://developer.mozilla.org/en-US/docs/Web/API/Blob#Result.
  2. Click the "Open the array URL" link. Note that the frame is hosted on https://yari-demos.prod.mdn.mozit.cloud and is attempting to open a blob URL on the same host.

I expect the frame to navigate, but nothing happens.

Oops, this repros in Nightly without Fission enabled as well. Doesn't repro in Release. Looking for regression range.

No longer blocks: fission-dogfooding
Fission Milestone: M7 → ---
Summary: [Fission] blob: hrefs in out-of-process frames don't navigate the page → blob: hrefs in out-of-process frames don't navigate the page

(In reply to :kashav from comment #1)

Looking for regression range.

Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=fe1f580e78c1f07163d3e129a10fb8e8ff9c5f9f&tochange=626c0384ddb82f690f173af5730a5e07b0d28f53

Maybe dupe of bug 1667348?

Component: DOM: Navigation → Privacy: Anti-Tracking
Regressed by: 1658878
See Also: → 1667348
Has Regression Range: --- → yes

Tim, can you take a look? What’s our state on blob url isolation?

Flags: needinfo?(tihuang)

We've blocked the Blob URL access because it has been accessed from a different agent cluster. Thanks to Bug 1686441, we can easily confirm the issue by using the Web Console.

Currently, we still only enable blob URL isolation in Nightly and don't have a concrete plan to ship it to the release. I think we must address the issue of Blob URL access in the top-level navigation scenario before we moving forward.

Flags: needinfo?(tihuang)
Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.