[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5
#15580: Update design doc for TBB 4.5
-------------------------+-------------------------------------------------
Reporter: | Owner: mikeperry
mikeperry | Status: new
Type: task | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-4.5-alpha, TorBrowserTeam201505
Browser | Parent ID:
Resolution: |
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
{{{
When first party isolation
is used with explicit identifier storage that already has a constrained
third
party scope (such as cookies, DOM storage, and cache)
}}}
Hm... why do you think DOM storage and cache have a constrained third
party scope? SafeCache is basically the result of trying to apply the idea
of a third party scope afterwards. And DOM storage, well, there is a small
"may" in the spec (http://dev.w3.org/html5/webstorage/#user-tracking):
{{{
User agents may restrict access to the localStorage objects to scripts
originating at the domain of the top-level document of the browsing
context, for instance denying access to the API for pages from other
domains running in iframes.
}}}
And Mozilla did not manage to implement that "may" yet due to various
concerns/issues:
https://bugzilla.mozilla.org/show_bug.cgi?id=536509
Thus, if we want to add examples unconditionally as you did (which is a
good idea) just having cookies there seems better.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15580#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs