Opened 7 years ago

Closed 7 years ago

#7445 closed project (not a bug)

Verify that 301 redirects are not cached cross-domain

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: tbb-linkability
Cc: chiiph, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Chiiph pointed me at:
http://www.scatmania.org/2012/04/24/visitor-tracking-without-cookies/

That url describes a technique to perform third party tracking using 301 redirect caching. Based on my read of nsHttpChannel, it looks like the redirect cache information comes directly from mCacheEntry, which is retrieved using the same cacheDomain isolation we use to isolate the cache for JS, HTML, and CSS to first party domain.

However, there could be some other reference table that is used that I'm not seeing. It wouldn't be the first time something crazy like that has happened.

Unfortunately, their test is offline, and it also only tests a single first party domain.. We should test this cross-domain and make sure it is in fact isolated.

Child Tickets

Change History (4)

comment:1 Changed 7 years ago by mikeperry

Keywords: tbb-linkability added

comment:2 Changed 7 years ago by gk

Mmmhhh... we are doing already a lot with redirects on the IP Check. I put a test for the 301 redirect caching on my ToDo list.

comment:3 Changed 7 years ago by gk

We don't need an own test, I think. 301 redirect caching is used here as well:

http://elie.im/blog/security/tracking-users-that-block-cookies-with-a-http-redirect/

To test the cross-domain caching see:

https://anonym-surfen.de/IframeRedirectCache.html
https://anonymous-proxy-servers.net/en/IframeRedirectCache.html

Looks good to me.

comment:4 Changed 7 years ago by mikeperry

Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.