[tor-bugs] #32002 [Applications/Tor Browser]: Double-check Storage Access API for disk leaks and 3rd party cookie blocking adherence
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 8 14:52:19 UTC 2019
#32002: Double-check Storage Access API for disk leaks and 3rd party cookie
blocking adherence
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak, TorBrowserTeam201910 | Actual Points:
Parent ID: | Points: 0.2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Okay, here comes the Private Browsing Mode part. The API got enabled in
https://bugzilla.mozilla.org/show_bug.cgi?id=1513021 (it's desktop only
for now, the mobile bug is
https://bugzilla.mozilla.org/show_bug.cgi?id=1543720) but the bulk of the
implementation got done in
https://bugzilla.mozilla.org/show_bug.cgi?id=1469714.
The relevant method here is `Document::RequestStorageAccess()`
(https://searchfox.org/mozilla-esr68/source/dom/base/Document.cpp#12711).
It explicitly checks for Private Browsing Mode and rejects access in that
case:
{{{
if (nsContentUtils::IsInPrivateBrowsing(this)) {
// If the document is in PB mode, it doesn't have access to its
persistent
// cookie jar, so reject the promise here.
promise->MaybeRejectWithUndefined();
return promise.forget();
}
}}}
(https://searchfox.org/mozilla-
esr68/source/dom/base/Document.cpp#12790ff.)
So, we are good from that point of view.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32002#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list