[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #32002 [Applications/Tor Browser]: Double-check Storage Access API for disk leaks and 3rd party cookie blocking adherence
#32002: Double-check Storage Access API for disk leaks and 3rd party cookie
blocking adherence
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak, TorBrowserTeam201910 | Actual Points:
Parent ID: | Points: 0.2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Okay, here comes the Private Browsing Mode part. The API got enabled in
https://bugzilla.mozilla.org/show_bug.cgi?id=1513021 (it's desktop only
for now, the mobile bug is
https://bugzilla.mozilla.org/show_bug.cgi?id=1543720) but the bulk of the
implementation got done in
https://bugzilla.mozilla.org/show_bug.cgi?id=1469714.
The relevant method here is `Document::RequestStorageAccess()`
(https://searchfox.org/mozilla-esr68/source/dom/base/Document.cpp#12711).
It explicitly checks for Private Browsing Mode and rejects access in that
case:
{{{
if (nsContentUtils::IsInPrivateBrowsing(this)) {
// If the document is in PB mode, it doesn't have access to its
persistent
// cookie jar, so reject the promise here.
promise->MaybeRejectWithUndefined();
return promise.forget();
}
}}}
(https://searchfox.org/mozilla-
esr68/source/dom/base/Document.cpp#12790ff.)
So, we are good from that point of view.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32002#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs