Closed Bug 1541423 Opened 6 years ago Closed 6 years ago

Fennec is remembering site permissions in private mode

Categories

(Firefox for Android Graveyard :: General, defect, P1)

ARM
Android
defect

Tracking

(firefox66 wontfix, firefox67 wontfix, firefox68 verified)

VERIFIED FIXED
Firefox 68
Tracking Status
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- verified

People

(Reporter: amejia, Assigned: andrei.a.lazar)

References

Details

(Whiteboard: [bcs:p1])

Attachments

(1 file)

I noticed that in Fennec we are remembering site permissions in private mode, I don't know if this is the right behaviour? I tested on other browsers and this is not happening.

No it's not the right behavior, this is a pretty bad privacy leak bug, since saving a permission can indicate that the user has browsed the site we have saved the permission for.

Johann, on desktop we check for the private browsing state of the page in the front-end code before accessing the permission manager, is that right?

Flags: needinfo?(jhofmann)

Can we get this fixed in Fennec please? (not sure how to get this prioritized...)

Flags: needinfo?(dbolter)

Stefan is the engineering manager for Firefox for Android.

Flags: needinfo?(sarentz)
Flags: needinfo?(dbolter)
Flags: needinfo?(andrei.a.lazar)
Assignee: nobody → andrei.a.lazar
Flags: needinfo?(andrei.a.lazar)

Now checking for private mode in order to ignore any permissions that had been set in previous sessions.

Whiteboard: [bcs:?]

A bit trickier to handle compared to original approach due to the different ways data stored on desktop vs mobile.

But Andreas suggests this is the sane approach and will inquire about it.

Flags: needinfo?(sarentz) → needinfo?(abovens)

(In reply to Devin Reams (dreams) from comment #6)

A bit trickier to handle compared to original approach due to the different ways data stored on desktop vs mobile.

But Andreas suggests this is the sane approach and will inquire about it.

I don't understand that comment, what original approach? I don't think the data is stored any differently here, either. Would you mind to elaborate? :)

Flags: needinfo?(dreams)

I thought on desktop it's easier to differentiate them through the scope and I find it a bit confusing that on mobile the session scope it's more like "app session" rather than "tab session" or "normal/private" session, and I'm saying this because this is going to lead to unwanted behaviors, something like setting a permission in private mode (with session scope) is going to be remembered when you go back on normal mode. I don't think I can find a better approach without investing a significant amount of time. The current implementation (which got rejected) is that your choice ("allow/don't allow") is going to be forgotten as soon as you leave that specific website. How should I proceed further?

(In reply to Andrei Lazar from comment #8)

I thought on desktop it's easier to differentiate them through the scope and I find it a bit confusing that on mobile the session scope it's more like "app session" rather than "tab session" or "normal/private" session, and I'm saying this because this is going to lead to unwanted behaviors, something like setting a permission in private mode (with session scope) is going to be remembered when you go back on normal mode. I don't think I can find a better approach without investing a significant amount of time. The current implementation (which got rejected) is that your choice ("allow/don't allow") is going to be forgotten as soon as you leave that specific website. How should I proceed further?

Johann, what do you recommend? Fennec does not appear to create a separate session for Private Browsing Mode, so SitePermissions.SCOPE_SESSION includes the lifetime of both PBM and normal mode tabs. Permissions allowed in a PBM "session" would still be remembered during the corresponding normal mode tabs of the same session.

Flags: needinfo?(jhofmann)
Whiteboard: [bcs:?] → [bcs:p1]

(In reply to Chris Peterson [:cpeterson] from comment #9)

(In reply to Andrei Lazar from comment #8)

I thought on desktop it's easier to differentiate them through the scope and I find it a bit confusing that on mobile the session scope it's more like "app session" rather than "tab session" or "normal/private" session, and I'm saying this because this is going to lead to unwanted behaviors, something like setting a permission in private mode (with session scope) is going to be remembered when you go back on normal mode. I don't think I can find a better approach without investing a significant amount of time. The current implementation (which got rejected) is that your choice ("allow/don't allow") is going to be forgotten as soon as you leave that specific website. How should I proceed further?

Johann, what do you recommend? Fennec does not appear to create a separate session for Private Browsing Mode, so SitePermissions.SCOPE_SESSION includes the lifetime of both PBM and normal mode tabs. Permissions allowed in a PBM "session" would still be remembered during the corresponding normal mode tabs of the same session.

That is how it works on desktop, too. It is just a limitation of how the permission manager works and I think we're generally okay with that. There are two different issues here:

  • A browsing session is ended on app restart, not on private window closing (for most things, really)
  • Permissions ignore origin attributes and are thus shared between private windows and normal windows

The former is hard to solve without significant investment, the latter is being worked on somewhat actively.

So, it's fine to scope for session, it's the best we can do for now.

I hope that helps :)

Flags: needinfo?(jhofmann)

Discussed with Andrei and Andreas and Chris today and will continue as described. Thanks for your quick responses, Johann.

Flags: needinfo?(dreams)
Flags: needinfo?(abovens)

Ok, great, thanks for handling this!

Hello, I investigated this issue on the latest version of Release 66.0.4 and Nightly 68.0a1 (2019-05-05) and I can reproduce the problem. It seems that The pop-up notification has a select box to don't quest anymore the permission for the site where you go and if I have selected that box, I don't have the pop-up anywhere(normal/private) even if I close and reopen the app.
Devices:

  • Nokia 6 (Android 7.1.1);
  • Nexus 5 (Android 6.0.1);
Keywords: checkin-needed

Details: We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again. (255, 'applying /tmp/tmpI6b0e8\npatching file mobile/android/components/ContentPermissionPrompt.js\nHunk #2 succeeded at 83 with fuzz 2 (offset -7 lines).\nHunk #3 FAILED at 111\n1 out of 4 hunks FAILED -- saving rejects to file mobile/android/components/ContentPermissionPrompt.js.rej\nabort: patch failed to apply', '')

Flags: needinfo?(andrei.a.lazar)
Keywords: checkin-needed

Made a rebase.

Flags: needinfo?(andrei.a.lazar)
Keywords: checkin-needed

Pushed by aiakab@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6b61e5d68fc6
Fennec is remembering site permissions in private mode r=johannh

Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68

Verified as fixed on Nightly 68.0a1 (2019-05-16) using Nexus 5 (Android 6.0.1) and Sony Xperia Z2 (Android 6.0.1).

Status: RESOLVED → VERIFIED
OS: Unspecified → Android
Hardware: Unspecified → ARM
Regressions: 1552535
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: