Add an ability to disable and enable security checks per user context for testing
Categories
(Core :: Security: PSM, task, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox140 | --- | fixed |
People
(Reporter: Sasha, Assigned: Sasha)
References
Details
(Whiteboard: [webdriver:m16])
Attachments
(1 file)
For WebDriver Classic and BiDi we use now SetDisableAllSecurityChecksAndLetAttackersInterceptMyData to disable security checks during the session, if it's requested by a client.
Now we have a new requirement to be able to control this also on user context level: disable these checks for a specific user context.
Our suggestion would be to add an optional userContext argument to SetDisableAllSecurityChecksAndLetAttackersInterceptMyData method to build a list of user contexts and validate against it before checking the global flag mDisableAllSecurityCheck.
Update after the spec has changed:
We also need to be able to enable security checks per user context (even if they are disabled globally). Also we have to be able to reset the state per user context and fallback to the global state. For example, the security checks are disabled globaly and enabled for a certain user context. After session ends, we have to make sure that state for this user context is reset and now they are disabled as it's globally.
|
Assignee | |
Updated•10 months ago
|
|
|
Assignee | |
Comment 1•9 months ago
|
||
|
||
Updated•9 months ago
|
|
|
Assignee | |
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
||
Comment 3•8 months ago
|
||
| bugherder | ||
|
||
Updated•8 months ago
|
Description
•