Cache API fails unexpectedly in iframe
Categories
(Core :: Privacy: Anti-Tracking, defect, P2)
Tracking
()
People
(Reporter: aerik, Unassigned)
References
Details
Steps to reproduce:
Create a web page and an iframe in another domain. Serve both over HTTPS.
Inside the iframe, attempt to save data using the Cache API.
Actual results:
The data is not saved and the error "The operation is insecure." is thrown. Also, Firefox logs this warning to the console: "Partitioned cookie or storage access was provided to {my iframe URL} because it is loaded in the third-party context and dynamic state partitioning is enabled." (I read the linked page, but it didn't shed any light on the problem)
Expected results:
Both the iframe and the parent window report 'true' for window.isSecureContext, so I would expect the Cache API to be available and functional (the same code gives the expected result in Chrome and and Edge).
|
||
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•3 years ago
|
||
Thanks for reporting this. This is because the third-party Cache API is currently blocked when total cookie protection is enabled. We will change this behavior in the future with Always Partitioning Storage. If you wanted to test it, you can flip the pref privacy.partition.always_partition_third_party_non_cookie_storage to enable Always Partitioning Storage.
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Comment 4•3 years ago
|
||
Yes, now fixed! Thanks for keeping an eye on this Neha!
Description
•