Closed Bug 1733073 Opened 1 year ago Closed 1 year ago

Denying requestStorageAccess prompt can lead to empty permission panel

Categories

(Firefox :: Site Permissions, defect, P2)

defect

Tracking

()

RESOLVED FIXED
95 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 --- wontfix
firefox93 --- wontfix
firefox94 --- wontfix
firefox95 --- fixed

People

(Reporter: pbz, Assigned: pbz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(3 files)

Denying a requestStorageAccess permission prompts leads to an invalid site identity / permission panel state. We show a permission indicator, but the permission panel doesn't list any permissions.

I suspect this comes from setting a temporary block when the user denies the prompt. The permission may not have a UI state.

Mozregression points to Bug 1695356.

STR:

  1. Set dom.storage_access.max_concurrent_auto_grants to 0 to get the storage access prompt on first request.
  2. Open https://factual-solar-climb.glitch.me/
  3. Click the first button "Request Storage Access and Open a new Window"
  4. In the permission prompt that opens, select "Block"

Expected:
The permission icon in the identity section should be hidden. It shouldn't be possible to open the permission panel.

Actual:
The identity section shows a permission icon. Clicking on the permission icon opens the permission panel. The permission panel does not list any permissions.

Priority: P3 → P2

Set release status flags based on info from the regressing bug 1695356

Assignee: nobody → pbz
Status: NEW → ASSIGNED

The problem is that the rsA prompt will assign a temporary block permission of type storage-access-<origin> on deny. Looking at the data returned from SitePermissions.getAllPermissionDetailsForBrowser, we don't seem to have UI / copy for this permission type.

Johann, do you think we could switch the prompt over to use the 3rdPartyStorage^ permission instead of storage-access-? Is there an important distinction between these permissions I'm potentially missing?
The permission key is defined here: https://searchfox.org/mozilla-central/rev/477950cf9ca9c9bb5ff6f34e0d0f6ca4718ea798/browser/modules/PermissionUI.jsm#1243

From some preliminary testing this seems to work fine. 3rdPartyStorage has UI in the permissions panel and will allow the user to revoke the temporary block from the prompt deny.

Flags: needinfo?(jhofmann)
  • Updated PermissionUI prompt test to also test permission states for prompts which do not use the permission manager
  • Also do permission panel checks in storageAccessDoorhanger for block state

Depends on D127961

We talked about this and concluded that using this permissionKey is probably fine ™️ as it doesn't access the permission manager anyway.

Flags: needinfo?(jhofmann)
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4fa8a5c32b00
Update StorageAccessPermissionPrompt to use 3rdPartyStorage permission. r=johannh
https://hg.mozilla.org/integration/autoland/rev/10eeff2577d1
Updated requestStorageAccess permission doorhanger tests. r=johannh
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch

The patch landed in nightly and beta is affected.
:pbz, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(pbz)

Very few users even see this prompt, since most storage access requests are auto granted, without showing a prompt. We don't need to uplift this.

Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.