StorageAllowedForDocument() shouldn't return ePartitionForeignOrDeny for top-level windows
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox-esr115 | --- | wontfix |
| firefox114 | --- | wontfix |
| firefox116 | --- | wontfix |
People
(Reporter: timhuang, Assigned: asuth, NeedInfo)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
The StorageAllowedForDocument() will return ePartitionForeignOrDeny for top-level documents. This is incorrect because top-level documents should always have storage access.
This behavior doesn't cause any problems because we still use the NodePrincipal as the storage principal for top-level documents even with ePartitionForeignOrDeny. We should return eAllow if the document is top-level.
|
||
Comment 1•2 years ago
|
||
Set release status flags based on info from the regressing bug 1758745
:twisniewski, since you are the author of the regressor, bug 1758745, could you take a look?
For more information, please visit BugBot documentation.
|
||
Updated•2 years ago
|
|
Reporter | |
Comment 2•2 years ago
|
||
I will find someone to work on this. Currently, this isn't a high priority.
|
||
Comment 3•2 years ago
|
||
FWIW, it seems that just adding an if-statement isn't enough, as it's failing at least one test: https://treeherder.mozilla.org/jobs?repo=try&revision=3943d5820f5d1f57b9f2b1ddca5858f9a53dd7f5&selectedTaskRun=MSTQ8MCBQfuLOgneZxclTA.0
So either I used the wrong check for "is a top level document" or something else may be off.
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 4•2 months ago
|
||
While improving the ServiceWorker storage access checks for PBM support in bug 1320796 I ran into this again, I'm going to take this.
(In reply to Thomas Wisniewski [:twisniewski] from comment #3)
FWIW, it seems that just adding an if-statement isn't enough, as it's failing at least one test: https://treeherder.mozilla.org/jobs?repo=try&revision=3943d5820f5d1f57b9f2b1ddca5858f9a53dd7f5&selectedTaskRun=MSTQ8MCBQfuLOgneZxclTA.0
So either I used the wrong check for "is a top level document" or something else may be off.
Hopefully it's the right check, but looking at the patch (inlined below in case try gets reset), I think the problem is that we want to return what the storage access check returned (cookieAllowed), not just eAllow. We expect cookieAllowed to have been calculated to be eAllow in the top-level case because of the third-party-window checks in mozilla::ShouldAllowAccessFor. (I am only able to say this confidently-ish because I am staring at a pernosco trace right now, noting that that this case is a BEHAVIOR_ACCEPT case because browser_antitracking.js forces it regardless of when run in dFPI mode).
StorageAccess StorageAllowedForDocument(const Document* aDoc) {
+ // Top-level documents should always have storage access. Their
+ // NodePrincipal is used as their storage principal, so this is safe.
+ if (aDoc->IsTopLevelContentDocument()) {
+ return StorageAccess::eAllow;
+ }
+
StorageAccess cookieAllowed = CookieAllowedForDocument(aDoc);
if (StaticPrefs::
privacy_partition_always_partition_third_party_non_cookie_storage() &&
cookieAllowed > StorageAccess::eDeny) {
return StorageAccess::ePartitionForeignOrDeny;
}
return cookieAllowed;
}
|
|
Assignee | |
Comment 5•1 month ago
|
||
This is a slight variation on :twisniewski's prototype fix.
|
||
Updated•11 days ago
|
|
||
Comment 7•4 days ago
|
||
| bugherder | ||
|
||
Updated•3 days ago
|
|
||
Comment 9•1 day ago
|
||
Backed out as requested by Aryx for causing perma mochitest failures at test_file_blob_upload.html
|
||
Comment 10•23 hours ago
|
||
Backout merged to central: https://hg.mozilla.org/mozilla-central/rev/543c21c8e352
Description
•