Closed Bug 1721131 Opened 6 months ago Closed 6 months ago

Storage inspector does not show isolated Parent Process resources (cookie/indexeddb) when dfpi is active

Categories

(DevTools :: Storage Inspector, defect)

defect

Tracking

(Fission Milestone:MVP, firefox-esr78 unaffected, firefox90 wontfix, firefox91 wontfix, firefox92 verified, firefox93 verified)

VERIFIED FIXED
92 Branch
Fission Milestone MVP
Tracking Status
firefox-esr78 --- unaffected
firefox90 --- wontfix
firefox91 --- wontfix
firefox92 --- verified
firefox93 --- verified

People

(Reporter: jdescottes, Assigned: pbz)

References

(Blocks 3 open bugs, Regression)

Details

(Keywords: regression, Whiteboard: dt-fission-m3-mvp)

Attachments

(1 file)

Dynamic First Party Isolation (Bug 1549587) isolates third-party storage by double keying the storage using the First-Party origin attribute. When dfpi is active, the Storage Panel does not show isolated cookies with the exception of the first time they are set.

STR:

  1. In a fresh profile set network.cookie.cookieBehavior = 5
  2. Visit https://senglehardt.com/test/dfpi/first_and_third.html. You'll see cookies, localstorage, session storage, and indexed db data written for three iframes from separate origins.
  3. Open the Storage Panel and note that all storage locations show the expected results.
  4. Refresh the page. No new storage is set. Instead, storage is read from all locations.
  5. Open the Storage Panel and switch between the origins listed under "Cookies". Note that englehardt-tracker.com is empty

ER:

  • The storage panel displays the active storage area for all storage locations

AR:

  • No cookies for the isolated origin (englehardt-tracker.com) when storage is only read during the page visit. This does not reproduce when the storage location is not isolated.

This was first fixed in Bug 1628936, but was regressed by Bug 1700904.
A test should be added this time to avoid future regressions.

Summary: The devools storage inspector does not show isolated cookies when dfpi is active → Storage inspector does not show isolated Parent Process resources (cookie/indexeddb) when dfpi is active

This will be triaged during our next meeting, I am not restoring the need info because it would hide it from Bug 1628936 because it would hide from our triage query and also :ladybenko is off for now.

Set release status flags based on info from the regressing bug 1700904

Severity: S3 → --
Priority: P3 → --
Whiteboard: dt-fission-m3-triage
Duplicate of this bug: 1710451

The cookies are fetched with getCookiesFromHost, at https://searchfox.org/mozilla-central/rev/699174544b058f13f02e7586b3c8fdbf438f084b/devtools/server/actors/storage.js#655-656,669-683.

getCookiesFromHost looks up the cookies whose OriginAttributes are an exact match for the given OriginAttributes, by host only, via storageActor.getWindowFromHost. When I step through with a debugger I can see that the execution goes through https://searchfox.org/mozilla-central/rev/699174544b058f13f02e7586b3c8fdbf438f084b/devtools/server/actors/resources/utils/parent-process-storage.js#342,344

with partitionKey: "" while it should have been non-empty for child frames.

Fission Milestone: --- → MVP
Whiteboard: dt-fission-m3-triage → dt-fission-m3-mvp

We need to use documentStoragePrincipal rather than the regular document principal, because it
contains the partitionKey which is used to isolate storage of third-party resources.

Sorry, I've just realized :ladybenko was working on this in Bug 1710451.
It seems to be a simple fix now that we have access to the storage principal via WindowGlobalParent. I'm working on a test.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Attachment #9233122 - Attachment description: WIP: Bug 1721131 - [devtools] Use WindowGlobalParent documentStoragePrincipal for storage access. → Bug 1721131 - [devtools] Use WindowGlobalParent documentStoragePrincipal for storage access.
Attachment #9233122 - Attachment description: Bug 1721131 - [devtools] Use WindowGlobalParent documentStoragePrincipal for storage access. → Bug 1721131 - [devtools] Use WindowGlobalParent documentStoragePrincipal for storage access. r=nchevobbe!
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c632cd1094b8
[devtools] Use WindowGlobalParent documentStoragePrincipal for storage access. r=nchevobbe

This bug is a soft blocker for Fission MVP. We'd like to fix it before our Release channel rollout, but we won't delay the rollout waiting for it.

Whiteboard: dt-fission-m3-mvp → dt-fission-m3-mvp, fission-soft-blocker
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
Flags: qe-verify+

Managed to reproduce the issue on macOS 10.15 using Nightly 2021-07-19.
Retested everything on Firefox 92.0b2 and Nightly 93.0a1 using the same os. The issue is not reproducing anymore.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Whiteboard: dt-fission-m3-mvp, fission-soft-blocker → dt-fission-m3-mvp
You need to log in before you can comment on or make changes to this bug.