1839918 - Extend BounceTrackingProtection to detect stateful bounces using cookies

Status: RESOLVED FIXED

(Core :: Privacy: Anti-Tracking, enhancement, P2)

Description

[Emma Zühlcke [:emz]]

In order to differentiate between stateful and non stateful bounces we need to hook into the cookies and storage implementations to populate BounceTrackingRecords Storage Access Set.

Storages include:

• QuotaManager
• Service workers
• Cookies
• ?

Comment 1

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Refactor "cookie-changed" notifications to use nsICookieNotification.

Comment 2

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Update devtools cookie-changed observer for nsICookieNotification. r=#devtools-reviewers!

Depends on D185300

Comment 3

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Update tests for nsICookieNotification. r=bvandersloot!

Depends on D185301

Comment 4

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot!

This is a workaround for getting a BrowsingContext relationship for SetCookies messages from the content process.
Ideally we would not trust the content process with picking a BrowsingContext. This would require moving SetCookies
to an interface like PWindowGlobal.

Depends on D185302

Comment 5

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot!

Depends on D185303

Comment 6

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot!

Using PWindowGlobal for SetCookies calls from content to parent process means we can get
the BrowsingContext the cookies are set for. The current implementation in PCookieService
drops this relationship.
I'm leaving in the old SetCookies call for cases where the inner window is null. This
happens for some of the cookie tests.

Depends on D185303

Comment 7

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot!

Depends on D185304

Comment 8

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Add a test for stateful bounces for cookies and localStorage. r=bvandersloot!

Depends on D186214

Comment 9

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot!,#necko-reviewers!

Depends on D186045

Comment 10

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5aa3b2f1b5ec
Refactor "cookie-changed" notifications to use nsICookieNotification. r=extension-reviewers,cookie-reviewers,sessionstore-reviewers,bvandersloot,edgul,robwu
https://hg.mozilla.org/integration/autoland/rev/fa9a6af80526
Update devtools cookie-changed observer for nsICookieNotification. r=devtools-reviewers,ochameau
https://hg.mozilla.org/integration/autoland/rev/707021ebfd23
Update tests for nsICookieNotification. r=cookie-reviewers,sessionstore-reviewers,bvandersloot,valentin
https://hg.mozilla.org/integration/autoland/rev/3949d9b400d4
Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot,cookie-reviewers,edgul
https://hg.mozilla.org/integration/autoland/rev/750e0796c1ad
Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot,cookie-reviewers,valentin
https://hg.mozilla.org/integration/autoland/rev/302d12c12083
Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot,necko-reviewers,cookie-reviewers,valentin
https://hg.mozilla.org/integration/autoland/rev/087b27593538
Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/6e3d7fdfda3f
When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/1c438df525c7
Add a test for stateful bounces for cookies and localStorage. r=bvandersloot,anti-tracking-reviewers

Comment 11

[Cristina Horotan [:chorotan]]

https://hg.mozilla.org/mozilla-central/rev/5aa3b2f1b5ec
https://hg.mozilla.org/mozilla-central/rev/fa9a6af80526
https://hg.mozilla.org/mozilla-central/rev/707021ebfd23
https://hg.mozilla.org/mozilla-central/rev/3949d9b400d4
https://hg.mozilla.org/mozilla-central/rev/750e0796c1ad
https://hg.mozilla.org/mozilla-central/rev/302d12c12083
https://hg.mozilla.org/mozilla-central/rev/087b27593538
https://hg.mozilla.org/mozilla-central/rev/6e3d7fdfda3f
https://hg.mozilla.org/mozilla-central/rev/1c438df525c7

Comment 12

[Cosmin Sabou [:CosminS]]

Backed out for causing a top crash as in Bug 1852357.

Backout link: https://hg.mozilla.org/mozilla-central/rev/f867b611aabbedcc08865c1cd8e3ba4dab7cd99c

Comment 13

[Emma Zühlcke [:emz]]

Attachment: Bug 1839918 - Avoid returning IPC failures where possible in RecvSetCookies to avoid crashes. r=bvandersloot!

Depends on D186215

Comment 14

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/36aa6faea947
Refactor "cookie-changed" notifications to use nsICookieNotification. r=extension-reviewers,cookie-reviewers,sessionstore-reviewers,bvandersloot,edgul,robwu
https://hg.mozilla.org/integration/autoland/rev/e595ad2083ee
Update devtools cookie-changed observer for nsICookieNotification. r=devtools-reviewers,ochameau
https://hg.mozilla.org/integration/autoland/rev/2bd8c91c5d97
Update tests for nsICookieNotification. r=cookie-reviewers,sessionstore-reviewers,bvandersloot,valentin
https://hg.mozilla.org/integration/autoland/rev/7a28b63b4fc3
Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot,cookie-reviewers,edgul
https://hg.mozilla.org/integration/autoland/rev/8d7f44b9b6e2
Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot,cookie-reviewers,valentin
https://hg.mozilla.org/integration/autoland/rev/c7862a00e6e7
Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot,necko-reviewers,cookie-reviewers,valentin
https://hg.mozilla.org/integration/autoland/rev/45ea26477050
Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/d96e3e729358
When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/cc8f579c6e8e
Add a test for stateful bounces for cookies and localStorage. r=bvandersloot,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/4f690ef38847
Avoid returning IPC failures where possible in RecvSetCookies to avoid crashes. r=bvandersloot,necko-reviewers,jesup

Comment 15

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/36aa6faea947
https://hg.mozilla.org/mozilla-central/rev/e595ad2083ee
https://hg.mozilla.org/mozilla-central/rev/2bd8c91c5d97
https://hg.mozilla.org/mozilla-central/rev/7a28b63b4fc3
https://hg.mozilla.org/mozilla-central/rev/8d7f44b9b6e2
https://hg.mozilla.org/mozilla-central/rev/c7862a00e6e7
https://hg.mozilla.org/mozilla-central/rev/45ea26477050
https://hg.mozilla.org/mozilla-central/rev/d96e3e729358
https://hg.mozilla.org/mozilla-central/rev/cc8f579c6e8e
https://hg.mozilla.org/mozilla-central/rev/4f690ef38847