Opened 23 months ago

Last modified 8 months ago

#21657 new task

Test to make sure we isolate or disable all speculative connects

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, ff52-esr, TorBrowserTeam201805
Cc: luke.crouch@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arthuredelstein)

There are a variety of "resource hint" features in Tor Browser that we want to make sure are isolated by first-party or disabled. These include

  link rel=preconnect
  link rel=prefetch
  link rel=prerender

and possibly more.
We should test this for the ESR45 and ESR52 versions of Tor Browser, because isolation will have different mechanisms.

See https://w3c.github.io/resource-hints/

We should also look into "SpeculativeConnect" code in Firefox to make sure there aren't any other cases of non-first-party isolated connections.

Child Tickets

Change History (27)

comment:1 Changed 23 months ago by arthuredelstein

Description: modified (diff)

comment:2 Changed 23 months ago by arthuredelstein

Description: modified (diff)

comment:3 Changed 23 months ago by gk

Keywords: tbb-linkability added
Type: defecttask

comment:4 Changed 23 months ago by mikeperry

Probably the best way to do this is to add those other attribute values to the links in the "Bug #13749.2: Regression tests for first-party isolation of cache" test patch?

comment:5 in reply to:  4 Changed 23 months ago by arthuredelstein

Replying to mikeperry:

Probably the best way to do this is to add those other attribute values to the links in the "Bug #13749.2: Regression tests for first-party isolation of cache" test patch?

I agree. Also they can be added to the uplifted version of those tests, here: https://hg.mozilla.org/mozilla-central/rev/4128e57e39bd

comment:6 Changed 23 months ago by gk

Keywords: TorBrowserTeam201703 added
Parent ID: #15988

Arthur, I am a but hesitant but could you squeeze that onto your ToDo list for the coming week? I make this ticket blocking #15988 for now but need the latter resolved one way or the other by the end of next week.

comment:7 Changed 23 months ago by arthuredelstein

Keywords: TorBrowserTeam201703R added; TorBrowserTeam201703 removed
Status: newneeds_review

Turns out:

So here is a branch for review:
https://github.com/arthuredelstein/tor-browser/commits/21657+1
Note there are two patches.

The first disables our test for the track element, because it is failing (not sure why I haven't seen this before). Fixing this track element test can be a separate task: #21679.

The second patch implements the link rel=prefetch test. This test confirms that prefetch requests and caching are correctly isolated by first party.

I'm working on a version of this patch for Firefox that should be backportable to TBB/ESR52.

comment:8 in reply to:  7 ; Changed 23 months ago by gk

Keywords: TorBrowserTeam201703 ff52-esr added; TorBrowserTeam201703R removed
Status: needs_reviewassigned

Replying to arthuredelstein:

Turns out:

So here is a branch for review:
https://github.com/arthuredelstein/tor-browser/commits/21657+1
Note there are two patches.

The first disables our test for the track element, because it is failing (not sure why I haven't seen this before). Fixing this track element test can be a separate task: #21679.

The second patch implements the link rel=prefetch test. This test confirms that prefetch requests and caching are correctly isolated by first party.

I'm working on a version of this patch for Firefox that should be backportable to TBB/ESR52.

Thanks. I guess there is no need to backport this fix to the 6.5.x branch and our 7.0.x one is basically about to get switched to ESR 52. So, while this patch looks good I guess I wait for the ESR52 one and move this ticket instead on our ff52-esr radar.

comment:9 in reply to:  8 Changed 23 months ago by arthuredelstein

Replying to gk:

Thanks. I guess there is no need to backport this fix to the 6.5.x branch and our 7.0.x one is basically about to get switched to ESR 52. So, while this patch looks good I guess I wait for the ESR52 one and move this ticket instead on our ff52-esr radar.

OK! That also means I can close #21679 because the <track> element test as adapted by Mozilla is already working in our ESR52 branch.

comment:10 Changed 23 months ago by gk

Parent ID: #15988

comment:11 Changed 22 months ago by gk

Keywords: TorBrowserTeam201704 added; TorBrowserTeam201703 removed

Remmove remaining tickets over to April

comment:12 Changed 21 months ago by gk

Keywords: TorBrowserTeam201705 added; TorBrowserTeam201704 removed

Moving our tickets to May 2017.

comment:13 Changed 20 months ago by gk

Keywords: TorBrowserTeam201706 added; TorBrowserTeam201705 removed

comment:14 Changed 19 months ago by gk

Keywords: TorBrowserTeam201707 added; TorBrowserTeam201706 removed

Moving Tickets to July 2017.

comment:15 in reply to:  7 Changed 18 months ago by gk

Replying to arthuredelstein:

Turns out:

And they won't. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1383876.

comment:16 Changed 18 months ago by gk

Keywords: TorBrowserTeam201708 added; TorBrowserTeam201707 removed

Moving our Tickets to August.

comment:17 Changed 17 months ago by gk

Keywords: TorBrowserTeam201709 added; TorBrowserTeam201708 removed

Items for September 2017.

comment:18 Changed 16 months ago by groovecoder

Cc: luke.crouch@… added

comment:19 Changed 16 months ago by gk

Keywords: TorBrowserTeam201710 added; TorBrowserTeam201709 removed

Items for October 2017

comment:20 Changed 15 months ago by gk

Keywords: TorBrowserTeam201711 added; TorBrowserTeam201710 removed

Moving tickets over to November.

comment:21 Changed 14 months ago by gk

Moving tickets to December 2017

comment:22 Changed 14 months ago by gk

Keywords: TorBrowserTeam201712 added; TorBrowserTeam201711 removed

Moving tickets to December 2017, for realz.

comment:23 Changed 12 months ago by gk

Keywords: TorBrowserTeam201801 added; TorBrowserTeam201712 removed

Moving tickets to 2018.

comment:24 Changed 11 months ago by cypherpunks

Keywords: TorBrowserTeam201802 added; TorBrowserTeam201801 removed
Status: assignednew

comment:25 Changed 11 months ago by gk

Keywords: TorBrowserTeam201803 added; TorBrowserTeam201802 removed

Adding to our March plate.

comment:26 Changed 9 months ago by gk

Keywords: TorBrowserTeam201804 added; TorBrowserTeam201803 removed

Moving our tickets to April.

comment:27 Changed 8 months ago by gk

Keywords: TorBrowserTeam201805 added; TorBrowserTeam201804 removed

Moving remaining tickets to May.

Note: See TracTickets for help on using tickets.