Closed Bug 1152899 Opened 10 years ago Closed 9 years ago

Disallow the interception of third-party iframes using service workers when the third-party cookie preference is set

Categories

(Core :: DOM: Service Workers, defect)

Product:
Core
Component:
DOM: Service Workers
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
NGA S2 (12Jun)
Tracking Flags:
Tracking Status
firefox41 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ferjm)

References

Details

(Whiteboard: [s3])

Attachments

(1 file, 4 obsolete files)

v3
(deleted), patch
baku
: review+
smaug
: review+
Details | Diff | Splinter Review
The condition here is when the network.cookie.cookieBehavior pref is set to 1.
Blocks: 1137245
Summary: Disallow the interception of third-part iframes using service workers when the third-party cookie preference is set → Disallow the interception of third-party iframes using service workers when the third-party cookie preference is set
Assignee: nobody → ferjmoreno
Attached patch WIP (obsolete) (deleted) — Splinter Review
Depends on: 1156847
Blocks: nga-toolkit-service-workers
Whiteboard: [s1]
Attached patch v1 (obsolete) (deleted) — Splinter Review
Attachment #8594951 - Attachment is obsolete: true
Attachment #8606448 - Flags: review?(amarchesini)
Attached patch v1 (obsolete) (deleted) — Splinter Review
Now without my local preferences changes
Attachment #8606448 - Attachment is obsolete: true
Attachment #8606448 - Flags: review?(amarchesini)
Attachment #8606449 - Flags: review?(amarchesini)
Component: DOM → DOM: Service Workers
Whiteboard: [s1] → [s2]
Comment on attachment 8606449 [details] [diff] [review] v1 Review of attachment 8606449 [details] [diff] [review]: ----------------------------------------------------------------- You need to ask the review to some docshell peer. smaug or bz maybe? ::: docshell/base/nsDocShell.cpp @@ +14024,5 @@ > + Preferences::GetBool("network.cookie.cookieBehavior", true); > + > + bool isThirdPartyURI = true; > + thirdPartyUtil->IsThirdPartyURI(mCurrentURI, aURI, &isThirdPartyURI); > + if (isThirdPartyURI && disallowThirdPartyUrls) { if (isThirdPartyURI && // Check pref to see if we should prevent frameset spoofing Preferences::GetBool("network.cookie.cookieBehavior", true)) { return NS_OK; }
Attachment #8606449 - Flags: review?(amarchesini)
Attachment #8606449 - Flags: review?(bugs)
Comment on attachment 8606449 [details] [diff] [review] v1 >+ // Check pref to see if we should prevent frameset spoofing >+ bool disallowThirdPartyUrls = >+ Preferences::GetBool("network.cookie.cookieBehavior", true); network.cookie.cookieBehavior is not a bool pref Did you test this all using different network.cookie.cookieBehavior values?
Attachment #8606449 - Flags: review?(bugs) → review-
Attached patch v2 (obsolete) (deleted) — Splinter Review
Attachment #8606449 - Attachment is obsolete: true
Attachment #8613179 - Flags: review?(bugs)
Whiteboard: [s2] → [s3]
Target Milestone: --- → NGA S2 (12Jun)
Attached patch v3 (deleted) — Splinter Review
Try looks better now https://treeherder.mozilla.org/#/jobs?repo=try&revision=6fa9a7df380a
Attachment #8613179 - Attachment is obsolete: true
Attachment #8614164 - Flags: review?(bugs)
Comment on attachment 8614164 [details] [diff] [review] v3 >+#define COOKIE_BEHAVIOR_REJECTFOREIGN 1 perhaps _ between REJECT and FOREIGN >+ nsresult rv; >+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = >+ do_GetService(THIRDPARTYUTIL_CONTRACTID, &rv); >+ NS_ENSURE_SUCCESS(rv, rv); >+ >+ if (mCurrentURI) { >+ // Reject the interception of third-party iframes if the cookie behaviour >+ // is set to reject all third-party cookies. >+ bool isThirdPartyURI = true; >+ thirdPartyUtil->IsThirdPartyURI(mCurrentURI, aURI, &isThirdPartyURI); >+ if (isThirdPartyURI && >+ (Preferences::GetInt("network.cookie.cookieBehavior", >+ COOKIE_BEHAVIOR_REJECTFOREIGN) == >+ COOKIE_BEHAVIOR_REJECTFOREIGN)) { pass 0 as the default, not 1 (COOKIE_BEHAVIOR_REJECTFOREIGN), since all.js defaults to 0 too. And perhaps add a comment why 0 But someone familiar with ServiceWorker implementation must review this too, and check the tests too. I'm really not familiar enough with SW. So perhaps baku.
Attachment #8614164 - Flags: review?(bugs)
Attachment #8614164 - Flags: review?(amarchesini)
Attachment #8614164 - Flags: review+
Status: NEW → ASSIGNED
Comment on attachment 8614164 [details] [diff] [review] v3 Review of attachment 8614164 [details] [diff] [review]: ----------------------------------------------------------------- ::: docshell/base/nsDocShell.cpp @@ +201,5 @@ > #include "nsIBrowserSearchService.h" > #endif > > +#include "mozIThirdPartyUtil.h" > +#define COOKIE_BEHAVIOR_REJECTFOREIGN 1 Write a comment about what this '1' means. Or a link to the documentation, or a link to some code. @@ +14056,5 @@ > + if (mCurrentURI) { > + // Reject the interception of third-party iframes if the cookie behaviour > + // is set to reject all third-party cookies. > + bool isThirdPartyURI = true; > + thirdPartyUtil->IsThirdPartyURI(mCurrentURI, aURI, &isThirdPartyURI); This can fail. ::: dom/workers/test/serviceworkers/test_third_party_iframes.html @@ +23,5 @@ > +let index = 0; > +function next() { > + info("Step " + index); > + if (index >= steps.length) { > + ok(false, "Shouldn't get here!"); SimpleTest.finish(); @@ +40,5 @@ > + ["dom.serviceWorkers.exemptFromPerDomainMax", true], > + ["dom.serviceWorkers.enabled", true], > + ["dom.serviceWorkers.testing.enabled", true], > + ["browser.dom.window.dump.enabled", true] > + ]}, next); Move this in the steps and do: onload = next(); of course, in next do: steps[index++](); @@ +167,5 @@ > + SpecialPowers.pushPrefEnv({"set": [ > + ["network.cookie.cookieBehavior", COOKIE_BEHAVIOR_LIMITFOREIGN] > + ]}, next); > +}, () => { > + testShouldIntercept(SimpleTest.finish); call next here too.
Attachment #8614164 - Flags: review?(amarchesini) → review+
Blocks: ServiceWorkers-B2G
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: