Closed Bug 1839918 Opened 1 year ago Closed 1 year ago

Extend BounceTrackingProtection to detect stateful bounces using cookies

Tracking

()

Status:

RESOLVED FIXED

Milestone:

119 Branch

Tracking Flags:

Tracking

Status

firefox119

---

fixed

People

(Reporter: pbz, Assigned: pbz)

References

(Blocks 2 open bugs, Regressed 1 open bug)

Details

Attachments

(10 files)

Bug 1839918 - Refactor "cookie-changed" notifications to use nsICookieNotification. 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Update devtools cookie-changed observer for nsICookieNotification. r=#devtools-reviewers! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Update tests for nsICookieNotification. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Add a test for stateful bounces for cookies and localStorage. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot!,#necko-reviewers! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1839918 - Avoid returning IPC failures where possible in RecvSetCookies to avoid crashes. r=bvandersloot! 1 year ago Paul Zühlcke [:pbz] 48 bytes, text/x-phabricator-request		Details \| Review

Paul Zühlcke [:pbz]

Assignee

Description

•

1 year ago

In order to differentiate between stateful and non stateful bounces we need to hook into the cookies and storage implementations to populate BounceTrackingRecords Storage Access Set.

Storages include:

QuotaManager
Service workers
Cookies
?

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Assignee: nobody → pbz

Status: NEW → ASSIGNED

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Blocks: btp-nightly

Paul Zühlcke [:pbz]

Assignee

Comment 1

•

1 year ago

Attached file Bug 1839918 - Refactor "cookie-changed" notifications to use nsICookieNotification. — Details

Paul Zühlcke [:pbz]

Assignee

Comment 2

•

1 year ago

Attached file Bug 1839918 - Update devtools cookie-changed observer for nsICookieNotification. r=#devtools-reviewers! — Details

Depends on D185300

Paul Zühlcke [:pbz]

Assignee

Comment 3

•

1 year ago

Attached file Bug 1839918 - Update tests for nsICookieNotification. r=bvandersloot! — Details

Depends on D185301

Paul Zühlcke [:pbz]

Assignee

Comment 4

•

1 year ago

Attached file Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot! — Details

This is a workaround for getting a BrowsingContext relationship for SetCookies messages from the content process.
Ideally we would not trust the content process with picking a BrowsingContext. This would require moving SetCookies
to an interface like PWindowGlobal.

Depends on D185302

Paul Zühlcke [:pbz]

Assignee

Comment 5

•

1 year ago

Attached file Bug 1839918 - Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot! — Details

Depends on D185303

Phabricator Automation

Updated

•

1 year ago

Attachment #9347173 - Attachment description: WIP: Bug 1839918 - Pass BrowsingContext ID and third-party flag through PCookieService SetCookies. r=bvandersloot! → WIP: Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot!

Paul Zühlcke [:pbz]

Assignee

Comment 6

•

1 year ago

Attached file Bug 1839918 - Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot! — Details

Using PWindowGlobal for SetCookies calls from content to parent process means we can get
the BrowsingContext the cookies are set for. The current implementation in PCookieService
drops this relationship.
I'm leaving in the old SetCookies call for cases where the inner window is null. This
happens for some of the cookie tests.

Depends on D185303

Phabricator Automation

Updated

•

1 year ago

Attachment #9347171 - Attachment description: WIP: Bug 1839918 - Update devtools cookie-changed observer for nsICookieNotification. r=#devtools-reviewers! → Bug 1839918 - Update devtools cookie-changed observer for nsICookieNotification. r=#devtools-reviewers!

Phabricator Automation

Updated

•

1 year ago

Attachment #9347172 - Attachment description: WIP: Bug 1839918 - Update tests for nsICookieNotification. r=bvandersloot! → Bug 1839918 - Update tests for nsICookieNotification. r=bvandersloot!

Phabricator Automation

Updated

•

1 year ago

Attachment #9347170 - Attachment description: WIP: Bug 1839918 - Refactor "cookie-changed" notifications to use nsICookieNotification. → Bug 1839918 - Refactor "cookie-changed" notifications to use nsICookieNotification.

Phabricator Automation

Updated

•

1 year ago

Attachment #9347173 - Attachment description: WIP: Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot! → Bug 1839918 - Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot!

Phabricator Automation

Updated

•

1 year ago

Attachment #9348638 - Attachment description: WIP: Bug 1839918 - Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot! → Bug 1839918 - Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot!

Phabricator Automation

Updated

•

1 year ago

Attachment #9347174 - Attachment description: WIP: Bug 1839918 - Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot! → Bug 1839918 - Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot!

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Summary: Extend BounceTrackingProtection to detect stateful bounces → Extend BounceTrackingProtection to detect stateful bounces using cookies

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Blocks: 1848406

Paul Zühlcke [:pbz]

Assignee

Comment 7

•

1 year ago

Attached file Bug 1839918 - When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot! — Details

Depends on D185304

Paul Zühlcke [:pbz]

Assignee

Comment 8

•

1 year ago

Attached file Bug 1839918 - Add a test for stateful bounces for cookies and localStorage. r=bvandersloot! — Details

Depends on D186214

Paul Zühlcke [:pbz]

Assignee

Comment 9

•

1 year ago

Attached file Bug 1839918 - Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot!,#necko-reviewers! — Details

Depends on D186045

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Blocks: 1848963

Pulsebot

Comment 10

•

1 year ago

Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5aa3b2f1b5ec Refactor "cookie-changed" notifications to use nsICookieNotification. r=extension-reviewers,cookie-reviewers,sessionstore-reviewers,bvandersloot,edgul,robwu https://hg.mozilla.org/integration/autoland/rev/fa9a6af80526 Update devtools cookie-changed observer for nsICookieNotification. r=devtools-reviewers,ochameau https://hg.mozilla.org/integration/autoland/rev/707021ebfd23 Update tests for nsICookieNotification. r=cookie-reviewers,sessionstore-reviewers,bvandersloot,valentin https://hg.mozilla.org/integration/autoland/rev/3949d9b400d4 Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot,cookie-reviewers,edgul https://hg.mozilla.org/integration/autoland/rev/750e0796c1ad Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot,cookie-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/302d12c12083 Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot,necko-reviewers,cookie-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/087b27593538 Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot,anti-tracking-reviewers https://hg.mozilla.org/integration/autoland/rev/6e3d7fdfda3f When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot,anti-tracking-reviewers https://hg.mozilla.org/integration/autoland/rev/1c438df525c7 Add a test for stateful bounces for cookies and localStorage. r=bvandersloot,anti-tracking-reviewers

Treeherder Bug Filer

Updated

•

1 year ago

Regressions: 1852010

Cristina Horotan [:chorotan]

Comment 11

•

1 year ago

bugherder

Status: ASSIGNED → RESOLVED

Closed: 1 year ago

status-firefox119: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 119 Branch

Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)

Updated

•

1 year ago

Regressions: 1852357

Cosmin Sabou [:CosminS]

Comment 12

•

1 year ago

Backed out for causing a top crash as in Bug 1852357.

Backout link: https://hg.mozilla.org/mozilla-central/rev/f867b611aabbedcc08865c1cd8e3ba4dab7cd99c

Status: RESOLVED → REOPENED

status-firefox119: fixed → ---

Flags: needinfo?(pbz)

Resolution: FIXED → ---

Target Milestone: 119 Branch → ---

Paul Zühlcke [:pbz]

Assignee

Comment 13

•

1 year ago

Attached file Bug 1839918 - Avoid returning IPC failures where possible in RecvSetCookies to avoid crashes. r=bvandersloot! — Details

Depends on D186215

Pulsebot

Comment 14

•

1 year ago

Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/36aa6faea947 Refactor "cookie-changed" notifications to use nsICookieNotification. r=extension-reviewers,cookie-reviewers,sessionstore-reviewers,bvandersloot,edgul,robwu https://hg.mozilla.org/integration/autoland/rev/e595ad2083ee Update devtools cookie-changed observer for nsICookieNotification. r=devtools-reviewers,ochameau https://hg.mozilla.org/integration/autoland/rev/2bd8c91c5d97 Update tests for nsICookieNotification. r=cookie-reviewers,sessionstore-reviewers,bvandersloot,valentin https://hg.mozilla.org/integration/autoland/rev/7a28b63b4fc3 Pass BrowsingContext ID and third-party flag through CookieService. r=bvandersloot,cookie-reviewers,edgul https://hg.mozilla.org/integration/autoland/rev/8d7f44b9b6e2 Create SetCookies variant for document.cookie on PWindowGlobal. r=bvandersloot,cookie-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/c7862a00e6e7 Use PHttpChannel for SetCookies calls from child channels. r=bvandersloot,necko-reviewers,cookie-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/45ea26477050 Add BounceTrackingStorageObserver to observe cookie changes. r=bvandersloot,anti-tracking-reviewers https://hg.mozilla.org/integration/autoland/rev/d96e3e729358 When resetting BounceTrackingProtection state, also reset BounceTrackingState. r=bvandersloot,anti-tracking-reviewers https://hg.mozilla.org/integration/autoland/rev/cc8f579c6e8e Add a test for stateful bounces for cookies and localStorage. r=bvandersloot,anti-tracking-reviewers https://hg.mozilla.org/integration/autoland/rev/4f690ef38847 Avoid returning IPC failures where possible in RecvSetCookies to avoid crashes. r=bvandersloot,necko-reviewers,jesup

Sandor Molnar[:smolnar]

Comment 15

•

1 year ago

bugherder

Status: REOPENED → RESOLVED

Closed: 1 year ago → 1 year ago

status-firefox119: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 119 Branch

Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)

Updated

•

1 year ago

Regressions: 1854028

Paul Zühlcke [:pbz]

Assignee

Updated

•

1 year ago

Flags: needinfo?(pbz)

Paul Zühlcke [:pbz]

Assignee

Updated

•

6 months ago

Blocks: 1888505

You need to log in before you can comment on or make changes to this bug.