Clear-Site-Data: "cache": Use principal with correct originAttributes
Categories
(Toolkit :: Data Sanitization, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox138 | --- | fixed |
People
(Reporter: manuel, Assigned: manuel)
References
Details
(Keywords: priv-triaged)
Attachments
(1 file)
Currently we pass a principal that has unpartitioned originAttributes. This leads to clearing the wrong cache entries. Identify how to pass a principal with the correct originAttributes or modify the originAttributes in the clearOrigin cache function.
|
||
Comment 1•6 months ago
|
||
setting a severity since this is a defect
|
Assignee | |
Comment 2•6 months ago
|
||
- clear-site-cache.html wpts: https://pernos.co/debug/ypokdkBHKNZiArOxR2d0XA/index.html
- test_cache2_clear_with_principal.js: https://pernos.co/debug/jF5BhnwQN0X2k7lcRvMkkg/index.html
|
|
Assignee | |
Comment 3•6 months ago
|
||
Note from talking to Tim yesterday: The originAttributes seem correct. However, we also pass the origin to CacheStorageService::ClearOriginInternal and that is likely not honored correctly.
|
|
Assignee | |
Comment 4•6 months ago
|
||
- clear-site-cache.html with first oa fix and debug prints: https://pernos.co/debug/ctXxUO4DZbfrUa60HCjTXw/index.html
|
|
Assignee | |
Comment 5•6 months ago
|
||
This patch contains basically three fixes and could be split up into
three commits if preferred.
Fix 1: The originAttributes coming from predictor code didn't adjust
OriginAttributes for networking state. Therefore, both unpartitioned and
partitioned cache entries were written. This was fixed on the caller
side. It might make sense to do this on the callee side.
Fix 2: The originAttributes coming from Clear-Site-Data: "cache" code
didn't adjust the OriginAttributes for clearing for networking state.
Fix 3: The partitionKey PopulateTopLevelInfoFromURI didn't include the
port in some cases.
|
||
Updated•5 months ago
|
|
|
||
Updated•5 months ago
|
|
||
Comment 7•5 months ago
|
||
| bugherder | ||
Description
•