Closed
Bug 1145744
Opened 10 years ago
Closed 9 years ago
Disallow Cache API in 3rd party windows when 3rd party cookies are disabled
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla43
| Tracking | Status | |
|---|---|---|
| firefox43 | --- | fixed |
People
(Reporter: bkelly, Assigned: nika)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-needed, site-compat)
Attachments
(1 file, 2 obsolete files)
|
(deleted),
patch
|
Details | Diff | Splinter Review |
The Cache API should not be accessible in Window or workers for 3rd party iframes when the user has disable 3rd party cookies.
ServiceWorkers will be handled separately by prevented fetch interception for 3rd party iframes in these cases.
|
Reporter | |
Comment 1•10 years ago
|
||
From Ehsan, the pref in question is network.cookie.cookieBehavior and the third party rejection value is 1.
|
|
Reporter | |
Updated•9 years ago
|
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
|
|
Reporter | |
Comment 2•9 years ago
|
||
I discussed with Ehsan and we will do this a bit later.
|
||
Comment 3•9 years ago
|
||
You've probably seen this already, Michael, but https://dxr.mozilla.org/mozilla-central/source/dom/indexedDB/IDBFactory.cpp#354 is related (but we need to also look at the pref).
Assignee: nobody → michael
|
Assignee | |
Comment 5•9 years ago
|
||
This patch uses the StorageAllowedForWindow logic being implemented in bug 1184789.
Test coverage on this functionality hasn't been checked yet, but new tests for the behavior will likely have to be written.
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=204836d73b40
|
|
Assignee | |
Comment 6•9 years ago
|
||
Updated version of patch. Part 2 of new storage logic. Full tree here: https://github.com/mystor/mozilla-central/tree/storage_pref
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d48360c5cc3e
Attachment #8635325 -
Attachment is obsolete: true
Attachment #8641988 -
Flags: review?(ehsan)
|
|
Assignee | |
Comment 7•9 years ago
|
||
s/Part 2/Part 5 - oops
|
||
Comment 8•9 years ago
|
||
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic
Over to Ben.
Attachment #8641988 -
Flags: review?(ehsan) → review?(bkelly)
|
|
Reporter | |
Comment 9•9 years ago
|
||
Comment on attachment 8641988 [details] [diff] [review]
Update CacheStorage to use common StorageAllowedForWindow logic
Review of attachment 8641988 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good. Thanks! r=me
I was considering switching the content principal check in CacheStorage IsTrusted to a MOZ_ASSERT, but I think its safer to leave it as a runtime check for now.
Attachment #8641988 -
Flags: review?(bkelly) → review+
|
|
Assignee | |
Comment 10•9 years ago
|
||
Updated due to changes in StorageAllowedFor*
Attachment #8641988 -
Attachment is obsolete: true
|
||
Comment 11•9 years ago
|
||
|
|
||
Comment 12•9 years ago
|
||
|
|
||
Comment 13•9 years ago
|
||
|
||
Comment 14•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox43:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
|
||
Comment 15•9 years ago
|
||
Posted the site compatibility doc: https://www.fxsitecompat.com/en-US/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/
Keywords: dev-doc-needed,
site-compat
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•