Opened 4 years ago

Closed 4 years ago

#15703 closed defect (duplicate)

Isolate mediasource: URI to first party domain

Reported by: mikeperry Owned by: arthuredelstein
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: ff38-esr, tbb-linkability
Cc: gk, arthuredelstein, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In #15502, we isolated blob: URIs to the first party domain. We should ensure that the new mediasource: uris are similarly isolated.

When we do this, we should also ensure that these URIs are still properly isolated in odd contexts like WebWorkers, SharedWorkers, and ServiceWorkers, and add unit tests for this.

Child Tickets

Change History (13)

comment:1 Changed 4 years ago by gk

Cc: gk added

comment:2 Changed 4 years ago by arthuredelstein

In #15502, to save time, we disabled URL.createObjectURL(...) in Web Workers. For FF38, we should try to rewrite this patch to properly isolate blob URLs to first party domain in Web Workers rather than disabling them.

comment:3 Changed 4 years ago by arthuredelstein

Cc: arthuredelstein added

comment:4 Changed 4 years ago by mcs

Cc: mcs added

comment:5 in reply to:  2 Changed 4 years ago by gk

Replying to arthuredelstein:

In #15502, to save time, we disabled URL.createObjectURL(...) in Web Workers. For FF38, we should try to rewrite this patch to properly isolate blob URLs to first party domain in Web Workers rather than disabling them.

I've created #16429 to remind us about this issue still being unresolved.

comment:6 Changed 4 years ago by gk

Keywords: tbb-5.0a-highrisk added
Priority: normalmajor
Type: defectenhancement

Given that this will be heavily used on Youtube and available at least on Windows and OS X we might want to get this properly fixed for ESR 38.

If we don't have the capacity we should disable it on Windows and OS X as well.

Last edited 4 years ago by gk (previous) (diff)

comment:7 Changed 4 years ago by gk

Type: enhancementdefect

comment:8 in reply to:  6 Changed 4 years ago by arthuredelstein

Replying to gk:

Given that this will be heavily used on Youtube and available at least on Windows and OS X we might want to get this properly fixed for ESR 38.

If we don't have the capacity we should disable it on Windows and OS X as well.

I've done some work on this in the form of writing unit tests, but depending on other patches, it may not be possible to finish by Thursday. From my inspection of the code, it appears like the non-worker mediasource isolation already works because of our blob URI isolation patch. I still need to complete the unit tests to confirm my impression and also check the isolation in workers.

comment:9 Changed 4 years ago by mikeperry

Based on Arthur's estimation, I think we should leave mediasource support on in 5.0a3, so we can at least exercise the code in a release. We can check the tests later (which I assume are actually covered by #16416?).

comment:10 Changed 4 years ago by gk

Owner: changed from tbb-team to arthuredelstein
Status: newassigned

comment:11 Changed 4 years ago by arthuredelstein

A patch for this ticket is included in the branch posted at ticket:16429#comment:2

comment:12 Changed 4 years ago by mikeperry

Keywords: tbb-5.0a4 added

Tag some 5.0a4 goals.

comment:13 Changed 4 years ago by mikeperry

Keywords: tbb-5.0a-highrisk tbb-5.0a4 removed
Resolution: duplicate
Status: assignedclosed

Closing this as a duplicate of #16429.

Note: See TracTickets for help on using tickets.