Closed Bug 1746193 Opened 4 years ago Closed 4 years ago

local files using localStorage no longer have same origin by directory for new files

Categories

(Core :: Storage: localStorage & sessionStorage, defect)

Product:
Core
Component:
Storage: localStorage & sessionStorage
Version:
Firefox 92
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1730419

People

(Reporter: HiEv43, Unassigned)

Details

Attachments

(1 file)

Local_Storage_Manager.zip
149.93 KB, application/x-zip-compressed
Details

Steps to reproduce:

Versions of Firefox v91.0.2 and earlier would treat local HTML files in the same directory as having the same origin, at least for purposes of accessing localStorage.

For versions of Firefox v92.0 and later, that will be true for local files opened with older versions of Firefox, however, new files opened from the same directory will now (apparently) get their own separate origin, thus no longer have access to that same localStorage data.

Actual results:

First, use Firefox v91.0.2:
https://ftp.mozilla.org/pub/firefox/releases/91.0.2/

Put the attached "Local_Storage_Manager.html" file into a directory. Open it up in Firefox, do "Create Test Key", and you'll see that the test key is created.

Now, copy the "Local_Storage_Manager.html" file into the same directory with a different name (like "LSM1.html"), and then open it in Firefox. It will also be able to see that test key.

After that, install Firefox v92.0:
https://ftp.mozilla.org/pub/firefox/releases/92.0/

Now if you open both "Local_Storage_Manager.html" and its copy ("LSM1.html") in Firefox v92.0 (or higher; tested up to v95.0), they will both still be able to see that test key. However, create another copy of the HTML file (like "LSM2.html") in that same directory and open it in Firefox v92.0, and it WILL NOT be able to see the test key.

Expected results:

I'm assuming that the duplicate files in the same directory should still have access to the data in localStorage for that directory origin, but for some reason they don't have that access anymore for Firefox versions 92.0 and later (at least up to v95.0).

I don't see anything in "Firefox 92 for developers":
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/92

or in "MFSA 2021-38 - Security Vulnerabilities fixed in Firefox 92":
https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/

which indicates that the behavior of localStorage should have changed like that, so I'm assuming that this is an unintended bug.

(Note: I haven't checked to see if this same issue also affects session storage, cookies, and/or indexed DB in a similar way.)

The Bugbug bot thinks this bug should belong to the 'Core::Storage: localStorage & sessionStorage' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Storage: localStorage & sessionStorage
Product: Firefox → Core

To clarify the above, the file should be put into a local directory on your computer, not on a website. The HTML files should be accessed via a file:/// path for localStorage to act as described above.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: