PDF thumbnails not working when privacy.resistFingerprinting enabled
Categories
(Core :: Graphics: Canvas2D, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | wontfix |
firefox-esr91 | --- | wontfix |
firefox-esr115 | 123+ | fixed |
firefox88 | --- | wontfix |
firefox89 | --- | wontfix |
firefox90 | --- | wontfix |
firefox91 | --- | wontfix |
firefox93 | --- | wontfix |
firefox94 | --- | wontfix |
firefox95 | --- | wontfix |
firefox121 | --- | wontfix |
firefox122 | --- | wontfix |
firefox123 | --- | fixed |
People
(Reporter: sr1.mozbugzilla, Assigned: tschuster)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: regression)
Attachments
(3 files, 1 obsolete file)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
- In about:preferences, under Applications, set action for PDF documents to "Open in Firefox".
- Enable privacy.resistFingerprinting.
- Navigate to a URL that returns a PDF document that can be displayed by Firefox. For example, navigate to https://web.pa.msu.edu/people/duxbury/courses/phy480/Cpp_refcard.pdf.
- Firefox may display a 'Allow pdf.js t use your HTML5 canvas image data?' dialog near the address bar. If displayed, ignore the prompt or click on [X] 'Close this message' in top-right corner of the dialog.
- If Sidebar is not visible, click on Toggle Sidebar button to display the sidebar.
Actual results:
Sidebar displays thumbnails of PDF document pages. Each thumbnail is a white rectangle hatched with a different colour. Thumbnails are not actual representations of the PDF pages.
Work-around:
- Allow HTML5 canvas for the specified URL.
- Refresh page.
Expected results:
Each thumbnail in the sidebar should be a faithful representation of the actual PDF document page, regardless of privacy.resistFingerprinting setting.
Firefox internal PDF viewer should not need to ask for canvas permissions.
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox::PDF Viewer' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Comment 2•3 years ago
|
||
Yes; we should be able to allow these thumbnails through (I'm assuming that pdf JS can't read DOM data.)
It looks like this was discussed ~5 years ago on tor trac and on the pdf.js github, the conclusion then seems to be giving pdf.js an exemption from the canvas routines. My quick guess is that pdf.js's recent move to being an addon from an extension broke those special privileges and they need to be reinstated.
Updated•3 years ago
|
Comment 4•3 years ago
|
||
Could find a regression range in using mozregression:
https://mozilla.github.io/mozregression/
Comment 5•3 years ago
|
||
Updated•3 years ago
|
Updated•3 years ago
|
Comment 6•3 years ago
•
|
||
While I really cannot claim to understand the following code https://searchfox.org/mozilla-central/rev/489e82dcc1e5afbe691ff3b1c982382914637e38/dom/canvas/CanvasUtils.cpp#82-87, I nonetheless cannot help thinking that the particular file-check used there isn't correct.
Note that the (thumbnail) canvases are not being created in that particular file, and the following search suggests that most call-sites (be it in C++ or JS code) are checking the principal or origin for "resource://pdf.js/web/viewer.html" respectively "resource://pdf.js".
Maybe the code in CanvasUtils.cpp could simply utilize this existing helper: https://searchfox.org/mozilla-central/rev/489e82dcc1e5afbe691ff3b1c982382914637e38/dom/base/nsContentUtils.cpp#6717-6725, unless I'm completely misunderstanding things?
Updated•3 years ago
|
Comment 7•3 years ago
|
||
The severity field is not set for this bug.
:lsalzman, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Assignee | ||
Comment 8•5 months ago
|
||
Updated•5 months ago
|
Pushed by tschuster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8cd1fc9da2b4 Exempt chrome/resource (incl PDF.js) principals from canvas randomization/placeholders. r=lsalzman
Comment 10•5 months ago
|
||
Why do we need this? What's wrong in my assumption in Bug 1830629 that our current exemption for resource:// isn't sufficient?
Assignee | ||
Comment 11•5 months ago
|
||
Because when we are in Document::RecomputeResistFingerprinting
we are using the mChannel, which in this case has the principal/uri of e.g. https://web.pa.msu.edu/people/duxbury/courses/phy480/Cpp_refcard.pdf.
The exemption uses the SubjectPrincipal, which will be the actual principal of the running pdf.js code.
Comment 12•5 months ago
|
||
Okay, gotcha, thanks
Comment 13•5 months ago
|
||
bugherder |
Updated•5 months ago
|
Comment 14•5 months ago
|
||
The patch landed in nightly and beta is affected.
:tschuster, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox122
towontfix
.
For more information, please visit BugBot documentation.
Assignee | ||
Comment 15•5 months ago
|
||
Long standing minor bug in a non-default config => wontfix.
Assignee | ||
Updated•5 months ago
|
Comment 16•5 months ago
|
||
[Tracking Requested - why for this release]: Would it be possible to backport this to ESR for Tor?
Assignee | ||
Comment 17•4 months ago
|
||
(In reply to Tom Ritter [:tjr] from comment #16)
Would it be possible to backport this to ESR for Tor?
We would need a new patch for ESR. Really should have a test for this too.
Assignee | ||
Comment 18•4 months ago
|
||
Updated•4 months ago
|
Assignee | ||
Comment 19•4 months ago
|
||
Comment on attachment 9370871 [details]
Bug 1713619 - ESR 115: Exempt chrome/resource principals from canvas randomization/placeholders. r?lsalzman
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is a longstanding issue with privacy.resistFingerprinting, that we want to fix (mostly) for TOR.
- User impact if declined: PDF.js sidebar is unusable in certain configurations.
- Fix Landed on Version: 123
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Manually verified on ESR and verified on Nightly. Non-default config impacted.
Assignee | ||
Updated•4 months ago
|
Assignee | ||
Comment 20•4 months ago
|
||
Assignee | ||
Updated•4 months ago
|
Comment 21•4 months ago
|
||
Pushed by tschuster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c9b705d69a04 Test canvas placeholder exemption for pdf.js. r=tjr
Comment 22•4 months ago
|
||
Backout by abutkovits@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/06986c8d3305 Backed out changeset c9b705d69a04 for causing failures at PerformanceMainThread.cpp.
Comment 23•4 months ago
|
||
Comment on attachment 9371275 [details]
Bug 1713619 - Test canvas placeholder exemption for pdf.js. r?tjr
Revision D197779 was moved to bug 1873405. Setting attachment 9371275 [details] to obsolete.
Updated•4 months ago
|
Comment 24•4 months ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-esr115/rev/8945a4850ae5
Comment 25•4 months ago
|
||
Comment on attachment 9370871 [details]
Bug 1713619 - ESR 115: Exempt chrome/resource principals from canvas randomization/placeholders. r?lsalzman
Approved for ESR
Updated•4 months ago
|
Description
•