Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#6564 closed enhancement (fixed)

Enable DOM Storage and isolate it to url bar domain

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: tbb-linkability tbb-bounty
Cc: michael Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

DOM storage is currently disabled in TBB. We should be isolating it to url bar domain. See mozIThirdPartyUtil and #5742 for useful APIs.

Child Tickets

Attachments (1)

6564-dom-storage.patch (43.5 KB) - added by mcs 7 years ago.
Firefox patch to isolate DOM storage to URL bar domain

Download all attachments as: .zip

Change History (11)

comment:1 Changed 7 years ago by mikeperry

Summary: Isolate DOM Storage to url bar domainEnable DOM Storage and isolate it to url bar domain

comment:2 Changed 7 years ago by mikeperry

Keywords: tbb-bounty added

comment:3 Changed 7 years ago by mikeperry

We need this for https://read.amazon.com. See #7289.

Changed 7 years ago by mcs

Attachment: 6564-dom-storage.patch added

Firefox patch to isolate DOM storage to URL bar domain

comment:4 Changed 7 years ago by mcs

In addition to applying the attached patch to the browser, the following line was removed from build-scripts/config/prefs.js:

user_pref("dom.storage.enabled", false);

In the future, we plan to disable DOM storage for most URL bar (first party) URLs that lack a host component, e.g., data: and javascript: URLs. We will probably allow DOM storage for chrome: and resource: URLs.

comment:5 Changed 7 years ago by mikeperry

This is patch is deployed in TBB-stable. However, see child ticket for the follow-on work wrt NULL host URLs and other firstparty edge cases.

comment:6 Changed 7 years ago by mikeperry

Resolution: fixed
Status: newclosed

comment:7 Changed 5 years ago by michael

Not sure if the unhelpful log output is caused by this code or from code of the related #5742, but I'll document here due to a hunch:

When navigating https://www.ddg.gg/ (or any other site), the browser console (Shift-Ctrl-J) is logging:

getFirstPartyURI failed for http://ocsp.digicert.com/: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico#-moz-resolution=16,16: 0x80070057

...which may indicate a missing conditional expression in either nsGlobalWindow.cpp or ThirdPartyUtils from #5742?

comment:8 Changed 5 years ago by michael

Cc: michael added

comment:9 in reply to:  7 Changed 5 years ago by mcs

Replying to michael:

Not sure if the unhelpful log output is caused by this code or from code of the related #5742, but I'll document here due to a hunch:

When navigating https://www.ddg.gg/ (or any other site), the browser console (Shift-Ctrl-J) is logging:

getFirstPartyURI failed for http://ocsp.digicert.com/: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico#-moz-resolution=16,16: 0x80070057

...which may indicate a missing conditional expression in either nsGlobalWindow.cpp or ThirdPartyUtils from #5742?

This is a known issue and it should be fixed as part of #13670.

comment:10 in reply to:  7 Changed 5 years ago by michael

Replying to myself:

When navigating https://www.ddg.gg/ (or any other site), the browser console (Shift-Ctrl-J) is logging:

getFirstPartyURI failed for http://ocsp.digicert.com/: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico: 0x80070057
getFirstPartyURI failed for https://duckduckgo.com/favicon.ico#-moz-resolution=16,16: 0x80070057

That's misplaced and belongs in #13670, please ignore.

Note: See TracTickets for help on using tickets.