Opened 15 months ago

Closed 3 months ago

Last modified 2 months ago

#27601 closed defect (fixed)

browser notifications are not working anymore with Tor Browser 8

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-8.0-issues, tbb-regression, tbb-8.0.1-can, tbb-9.0-must-alpha, TorBrowserTeam201909R
Cc: arthuredelstein, gok+tortrac@…, acat Actual Points: 0.5
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

With Tor Browser 8 it seems we broke some browser notification mechanism for macOS as users on our blog report (e.g. https://blog.torproject.org/comment/276960#comment-276960).

Child Tickets

Change History (23)

comment:1 Changed 15 months ago by gk

Keywords: tbb-8.0.1-can added

Marking for 8.0.1 can.

comment:2 Changed 15 months ago by mcs

Kathy and I did some triage of this ticket because we thought it might be a macOS-only bug, but that is probably not true. It seems to be related to first party isolation of permissions. Using the following page for testing, notifications started to work after I changed privacy.firstparty.isolate to false:
https://developer.mozilla.org/en-US/docs/Web/API/notification

On that page, grant permission for notifications when prompted and then click the "Notify me!" button.

Arthur, any ideas?

comment:3 Changed 14 months ago by gk

Cc: arthuredelstein added

We got a user on #tor today reporting something similar on Linux which has probably the same underlying issue:

1) start Tor Browser
2) go to a website that offers web push notifications, e.g. ProtonMail https://protonirockerxow.onion, and log in
3) after successfully logging in, the Tor Browser asks "Will you allow protonirockerxow.onion to send notifications", click "Allow Notifications".

Expected result: every time I receive an email, I should get a notification (via libnotify or something like this) that looks just like any other KDE desktop notification.

Instead of this expected result, I get no notification at all.

Arthur, can you pick that up? I think it could be relevant to upstreaming the permissions patch you are working on.

comment:4 Changed 14 months ago by gk

Keywords: TorBrowserTeam201810 added

comment:5 Changed 14 months ago by gok

I confirm that, after changing privacy.firstparty.isolate to false, notifications work again on Linux/KDE.

comment:6 Changed 14 months ago by gok

Cc: gok+tortrac@… added

comment:7 Changed 14 months ago by tom

This probably seems related to the permissions patch because I don't have any problem with it on Nightly with FPI enabled.

comment:8 Changed 14 months ago by gok

I just tested notifications with TBB 8.5a4 and First Party Isolation enabled, and notifications did not work.
I don't know how different TBB alpha and TBB nightly currently are though, so I don't know if this bit of information helps.

comment:9 in reply to:  2 Changed 14 months ago by nsIContentPermissionRequest

Summary: growl a-like browser notifications are not working anymore on macOS with Tor Browser 8browser notifications are not working anymore with Tor Browser 8

Replying to mcs:
On Windows 10:

0:26:44.707 [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIContentPermissionRequest.principal]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: jar:file:///C:/Tor%20Browser/Browser/browser/omni.ja!/components/nsBrowserGlue.js :: prompt :: line 3000"  data: no] (unknown)
	prompt jar:file:///C:/Tor%20Browser/Browser/browser/omni.ja!/components/nsBrowserGlue.js:3000:1
0:26:44.707 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIContentPermissionRequest.cancel] nsBrowserGlue.js:3024

comment:10 Changed 13 months ago by gk

Keywords: TorBrowserTeam201811 added; TorBrowserTeam201810 removed

Moving our tickets to November.

comment:11 Changed 13 months ago by gk

Priority: MediumHigh

comment:12 Changed 12 months ago by gk

Keywords: TorBrowserTeam201812 added; TorBrowserTeam201811 removed

Moving our tickets to December.

comment:13 Changed 11 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201812 removed

Moving tickets to Jan 2019.

comment:14 Changed 7 months ago by gk

Keywords: ff68-esr-will-have added

https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 got fixed recently. Thus, we'll get this latest with the switch to Firefox 68 ESR.

comment:15 Changed 7 months ago by gk

Keywords: ff68-esr-will-have removed

Got backed out.

comment:16 Changed 4 months ago by gk

Keywords: TorBrowserTeam201908 tbb-9.0-must-alpha added; TorBrowserTeam201901 removed

Using this for backporting the patch in 1330467.

comment:17 Changed 3 months ago by gk

Cc: acat added

We keep this on our radar for two reasons, even though we backported the fixes for 1330467:

1) There are follow-up bug fixes that we should backport in case we keep the patch series
2) It's not clear yet that the permission isolation works with disabling Enhanced Tracking Protection, which we want.

comment:18 Changed 3 months ago by gk

Keywords: TorBrowserTeam201909 added; TorBrowserTeam201908 removed

Moving must-alpha tickets to September.

comment:19 Changed 3 months ago by pili

Points: 0.5

comment:20 in reply to:  17 Changed 3 months ago by gk

Replying to gk:

We keep this on our radar for two reasons, even though we backported the fixes for 1330467:

1) There are follow-up bug fixes that we should backport in case we keep the patch series
2) It's not clear yet that the permission isolation works with disabling Enhanced Tracking Protection, which we want.

I think we are good with respect to 2) as we actually don't disable it but just the UI while setting it to block third party cookies as we are doing right now in the stable series. Which leaves 1).

comment:21 Changed 3 months ago by acat

Keywords: TorBrowserTeam201909R added; TorBrowserTeam201909 removed
Status: newneeds_review

Unless I'm missing some, these are the fixes we would have to backport:

The first two are simple fixes, but the third one is not so easy to backport. As it was mentioned on IRC, the patch writer thinks this is risky to backport (https://bugzilla.mozilla.org/show_bug.cgi?id=1560623#c9). I took a quick look, and the patch as is relies on this other patch https://bugzilla.mozilla.org/show_bug.cgi?id=1510569 to update aContentBlockingAllowListPrincipal: https://searchfox.org/mozilla-central/rev/7531325c8660cfa61bf71725f83501028178cbb9/dom/interfaces/base/nsIBrowser.idl#160. I assume it should not be difficult to adapt it to use the old JSM code that is still present in esr68, but probably not a straightforward backport either.

So, given that we are hiding/disabling content blocking for now (and in principle are not affected by that regression) should we postpone backporting this patch until we explore/decide enabling content blocking? If yes, perhaps we could update #30939 so that we remember to backport this.

The first two are backported here: https://github.com/acatarineu/tor-browser/commits/27601.

comment:22 in reply to:  21 Changed 3 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Replying to acat:

[snip]

So, given that we are hiding/disabling content blocking for now (and in principle are not affected by that regression) should we postpone backporting this patch until we explore/decide enabling content blocking? If yes, perhaps we could update #30939 so that we remember to backport this.

That looks like a good idea. I'll add a note to that bug. I am interested in seeing https://bugzilla.mozilla.org/show_bug.cgi?id=1554805 in 9.0, too. The proposed patches are not really big and are probably straightforward to apply. I'd wait a bit, though, until they have actually landed. I've created #31811 to keep track of that.

The first two are backported here: https://github.com/acatarineu/tor-browser/commits/27601.

Those look good and I cherry-picked them onto tor-browser-68.1.0esr-9.0-2 (commit c6eb1efb7d3ca6a9b5e19f6ec352ee1b129efbd3 and f970a6e8a14d8f80f15be22fa1ed6b091b4d596b).

Last edited 3 months ago by gk (previous) (diff)

comment:23 Changed 2 months ago by acat

Actual Points: 0.5
Note: See TracTickets for help on using tickets.