mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 05:41:12 +00:00
06a4432ed1
In the Storage Access API's latest draft, a few items were added to the user-agent state. Relevant here, the source snapshot params gained two fields that are initialized from the sourceDocument during snapshotting source params while navigating: "has storage access" and "environment id". https://privacycg.github.io/storage-access/#ua-state These are used to identify self-initiated navigations that come from documents that have obtained storage access. Combined with a same-origin check, this determines if the destination document of the navigation should start with storage access. This is stricter than the current behavior, where if the permission is available, all documents start with storage access. Instead, now a document will only have storage access if it requests it explicitly or if a same-origin document that has storage access navigates itself to that document. This is seen as a security win. Security discussion of this change was here: https://github.com/privacycg/storage-access/issues/113 Artur at Google wrote up a great summary here: https://docs.google.com/document/d/1AsrETl-7XvnZNbG81Zy9BcZfKbqACQYBSrjM3VsIpjY/edit# Differential Revision: https://phabricator.services.mozilla.com/D184821 |
||
|---|---|---|
| .. | ||
| app | ||
| chromium | ||
| contentproc | ||
| docs | ||
| glue | ||
| gtest | ||
| ipdl | ||
| mscom | ||
| testshell | ||
| moz.build | ||
| pull-chromium.py | ||