1894823 - navigator.storage.estimate() returns incorrect usage with granted persistence

Status: UNCONFIRMED

(Core :: Storage: StorageManager, defect, P3)

Description

[Denis Lisov]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0

Steps to reproduce:

In an existing profile actively used for browsing:

• open https://example.org
• clear site data
• in devtools, call await navigator.storage.estimate() and verify that the usage field is 0 (or at least reasonably close to that
• call document.body.addEventListener('click', () => navigator.storage.persist()), click the page and allow data persistence
• call await navigator.storage.estimate() again

Actual results:

The usage field has a large value (multiple gigabytes) that is pretty close to the total size of the storage/default directory in the Firefox profile

Expected results:

The usage field should stay reasonable and reflect usage by the website or some related group of them. It definitely should not disclose information about the storage used by the other websites used in the same Firefox profile.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 2

[Denis Lisov]

According to phabricator comments for bug 1593646, this seems to be intentional ("If the origin is persisted, we need to return global storage usage and global storage limit."). However, I want to note that:

• this isn't documented anywhere,
• this makes the usage estimate pretty much useless for anything except estimating the remaining available space if your website needs persistence,
• this discloses information about the amount of data other websites have stored in your browser.

Comment 3

[Jan Varga [:janv]]

I'm currently busy with other tasks, and this requires further investigation.