Opened 7 years ago
Last modified 2 years ago
#8534 new defect
[CHROME] Cookies can bleed to/from incognito mode
Reported by: | pde | Owned by: | pde |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | HTTPS Everywhere/EFF-HTTPS Everywhere | Version: | |
Severity: | Normal | Keywords: | |
Cc: | mikeperry, bram@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
This would be an urgent bug, except for the fact that HTTPS Everywhere does not run in Chrome's incognito mode unless the user manually enables it in about:extensions.
Bram reported seeing google login state bleeding across the incognito/normal boundary.
We need to repro this, check whether it's specific to Google (Chrome has its own notion of "logged in", so that might be relevant), and fix.
Child Tickets
Change History (2)
comment:1 Changed 7 years ago by
comment:2 Changed 2 years ago by
Severity: | → Normal |
---|
Set all open tickets without a severity to "Normal"
Note: See
TracTickets for help on using
tickets.
Turns out this appears to be an Chrome API bug. We're getting the onCookieChanged event, and the cookie we get in that event has a storeId of 0 regardless of where it comes from (Incognito or not). We then turn right around and set the secure flag on the cookie and issue a cookies.set(cookie). Since the storeId is still the default store, the cookie leaks to normal mode.