Denying requestStorageAccess prompt can lead to empty permission panel
Categories
(Firefox :: Site Permissions, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox-esr91 | --- | wontfix |
firefox93 | --- | wontfix |
firefox94 | --- | wontfix |
firefox95 | --- | fixed |
People
(Reporter: pbz, Assigned: pbz)
References
(Regression)
Details
(Keywords: regression)
Attachments
(3 files)
Denying a requestStorageAccess permission prompts leads to an invalid site identity / permission panel state. We show a permission indicator, but the permission panel doesn't list any permissions.
I suspect this comes from setting a temporary block when the user denies the prompt. The permission may not have a UI state.
Mozregression points to Bug 1695356.
STR:
- Set
dom.storage_access.max_concurrent_auto_grants
to0
to get the storage access prompt on first request. - Open https://factual-solar-climb.glitch.me/
- Click the first button "Request Storage Access and Open a new Window"
- In the permission prompt that opens, select "Block"
Expected:
The permission icon in the identity section should be hidden. It shouldn't be possible to open the permission panel.
Actual:
The identity section shows a permission icon. Clicking on the permission icon opens the permission panel. The permission panel does not list any permissions.
Updated•3 years ago
|
Updated•3 years ago
|
Comment 1•3 years ago
|
||
Set release status flags based on info from the regressing bug 1695356
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
The problem is that the rsA prompt will assign a temporary block permission of type storage-access-<origin>
on deny. Looking at the data returned from SitePermissions.getAllPermissionDetailsForBrowser
, we don't seem to have UI / copy for this permission type.
Johann, do you think we could switch the prompt over to use the 3rdPartyStorage^
permission instead of storage-access-
? Is there an important distinction between these permissions I'm potentially missing?
The permission key is defined here: https://searchfox.org/mozilla-central/rev/477950cf9ca9c9bb5ff6f34e0d0f6ca4718ea798/browser/modules/PermissionUI.jsm#1243
From some preliminary testing this seems to work fine. 3rdPartyStorage
has UI in the permissions panel and will allow the user to revoke the temporary block from the prompt deny.
Assignee | ||
Comment 3•3 years ago
|
||
Assignee | ||
Comment 4•3 years ago
|
||
- Updated PermissionUI prompt test to also test permission states for prompts which do not use the permission manager
- Also do permission panel checks in storageAccessDoorhanger for block state
Depends on D127961
Updated•3 years ago
|
Comment 5•3 years ago
|
||
We talked about this and concluded that using this permissionKey is probably fine ™️ as it doesn't access the permission manager anyway.
Comment 7•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4fa8a5c32b00
https://hg.mozilla.org/mozilla-central/rev/10eeff2577d1
Comment 8•3 years ago
|
||
The patch landed in nightly and beta is affected.
:pbz, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 9•3 years ago
|
||
Very few users even see this prompt, since most storage access requests are auto granted, without showing a prompt. We don't need to uplift this.
Updated•3 years ago
|
Description
•