Open
Bug 1998698
Opened 2 months ago
Updated 2 months ago
RFP: orientation spoofs and iframes
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
NEW
People
(Reporter: thorin, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
test.png
In Bug 1607032 and Bug 1918202 we limited device orientation spoofs to primary results (based on our screen dimension spoofs) - there is no additional entropy as it's still based on our spoofed values - it was to make our spoof "spec compliant" and benign (non-paradoxical). Note that android uses a different angle value to desktops
This is similar to Bug 1885101 where we had to patch iframes to return the spoofed screen etc dimensions: i.e Match screen and window properties with top window.
Something similar is happening here - we're not adjusting the iframe's expected value based on our spoofs
- On desktop it always seems to report
{"mozOrientation":"portrait-primary","orientation.angle":90,"orientation.type":"portrait-primary"}regardless of the iframe's dimensions
STR:
- control
- disable RFP and have device on desktop in landscape mode
- run PoC
- everything should match e.g.
{"mozOrientation":"landscape-primary","orientation.angle":0,"orientation.type":"landscape-primary"}
- enable RFP
- make the window landscape (so RFP spoofs as landscape, which you already are)
- run PoC
- document (top window) is fine (landscape), but the three different sizes iframes all report portrait
|
Reporter | |
Updated•2 months ago
|
|
|
Reporter | |
Comment 1•2 months ago
|
||
|
||
Updated•2 months ago
|
Blocks: uplift_tor_fingerprinting
|
||
Comment 2•2 months ago
|
||
The severity field is not set for this bug.
:boris, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(boris.chiou)
|
||
Updated•2 months ago
|
Severity: -- → S3
Flags: needinfo?(boris.chiou)
You need to log in
before you can comment on or make changes to this bug.
Description
•