Closed
Bug 1480899
Opened 6 years ago
Closed 6 years ago
Tracking resources should not have access granted when when window.open called with noopener option
Categories
(Firefox :: Protections UI, defect, P3)
Firefox
Protections UI
Tracking
()
RESOLVED
FIXED
Firefox 63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: englehardt, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
englehardt
:
review+
|
Details | Diff | Splinter Review |
In Bug 1474651 we added a heuristic to grant storage access to tracking resources on example.com when the tracking domain is called by window.open from example.com.
Expected functionality:
Storage access should only be granted when the window.open call creates an opener relationship between the new window and the original context.
Actual functionality:
Storage access is granted with any window.open call. Even those which have the `noopener` option set.
Steps to reproduce:
Unfortunately this requires a local server until Bug 1476967 is fixed. Download this page [0] and host via a local server (e.g. `python -m SimpleHTTPServer 80`).
Set these prefs (note that trackertest.org is on the TP list):
network.dns.localDomains = trackertest.org, test.trackertest.org
privacy.restrict3rdpartystorage.enabled = True
Visit: https://senglehardt.com/test/cookie_restrictions/bugs/noopener_and_strict_hosts.html.
Initial loads to trackertest.org on this page shouldn't include cookies. Click "(noopener) tracker page sets JS cookie". Cookies access on senglehardt.com should not be granted when this happens, but it is.
[0] https://senglehardt.com/test/cookie_restrictions/set_js_cookie.html
Updated•6 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P3
Assignee | ||
Comment 1•6 years ago
|
||
forceNoOpener needs to be checked here:
https://searchfox.org/mozilla-central/rev/f0c15db995198a1013e1c5f5b5bea54ef83f1049/dom/base/nsGlobalWindowOuter.cpp#7008
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #8998597 -
Flags: review?(senglehardt)
Assignee | ||
Updated•6 years ago
|
Assignee: amarchesini → ehsan
Assignee | ||
Comment 3•6 years ago
|
||
Fixed some lint failures on try...
Attachment #8999188 -
Flags: review?(senglehardt)
Assignee | ||
Updated•6 years ago
|
Attachment #8998597 -
Attachment is obsolete: true
Attachment #8998597 -
Flags: review?(senglehardt)
Reporter | ||
Comment 4•6 years ago
|
||
Comment on attachment 8999188 [details] [diff] [review]
Do not activate the window.open() heuristic for allowing storage access if opener access hasn't been granted
Nit: to make the phase argument more clear, can you annotate the three phases of the nonTracking test cases. e.g. "// Here we want to test that a 3rd party context is not blocked if pref is off." --> "// Phase 1: Here we want to test that a 3rd party context is not blocked if pref is off." and so on for 2 and 3.
Flags: needinfo?(ehsan)
Attachment #8999188 -
Flags: review?(senglehardt) → review+
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/77038440246a
Do not activate the window.open() heuristic for allowing storage access if opener access hasn't been granted; r=englehardt
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/971b4826653d
follow-up - address the review comments properly, DONTBUILD
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/77038440246a
https://hg.mozilla.org/mozilla-central/rev/971b4826653d
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(ehsan)
You need to log in
before you can comment on or make changes to this bug.
Description
•