Security/FirstPartyIsolation

From MozillaWiki
Jump to: navigation, search

First Party Isolation - P1 (Target as Fx53 Aurora - 2017/1/23)

ID Summary Assigned to Depends on Whiteboard

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P2 (Target as Fx54 Aurora - 2017/3/6 ESR 52.0)

ID Summary Assigned to Depends on Whiteboard
1315205 [META] QA bugs of First Party Isolation Ethan Tseng [:ethan] 1316019, 1319728, 1319756, 1319761, 1319767, 1319839, 1336458, 1363952, 1379706, 1309800, 1309816, 1313627, 1315907, 1316536, 1317231, 1319773, 1336439, 1336440, 1336441, 1336442, 1336460, 1336461, 1336462, 1336463, 1336464, 1336465, 1336466 [tor][domsecurity-meta]
1357346 [META] QA bugs of First Party Isolation on Fennec Ethan Tseng [:ethan] 1319728, 1319756, 1363952, 1376766, 1376767, 1376769, 1378150, 1378775, 1378815, 1379140, 1379141, 1360142, 1360145 [tor][domsecurity-meta]
1371651 about:cache does not show entries when `privacy.firstparty.isolate` is set to `true` [tor][necko-backlog]
1376971 Isolate Page Info media previews to content first party [tor][tor 22327][OA][userContextId]
1376973 The favicon of tabs dropdown list does not honor originAttributes. Tim Huang[:timhuang] [tor][tor 22452][OA][userContextId][domsecurity-active]

5 Total; 5 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P3~P5

ID Summary Priority Assigned to Depends on Whiteboard
1301623 evalInSandbox for firstPartyDomain P3 [tor][domsecurity-backlog1]
1312655 checkbox in about:preferences#privacy for privacy.firstparty.isolate (Tor 20244.2) P3 [tor]
1319346 WebChannel doesn't work in a container tab P3 [domsecurity-backlog2][OA][userContextId][tor]
1321158 Should window.open() inherit firstPartyDomain? P3 Yoshi Huang [:allstars.chh] [tor][domsecurity-backlog1]
1330467 When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain P3 [tor 21569][domsecurity-backlog2]
1340949 The Sync "Manage Account" link doesn't work properly with First-Party Isolation P3 1323853

6 Total; 6 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - QA Bugs

ID Summary Priority Assigned to Depends on Whiteboard
1316019 [FirstPartyIsolation] Failed to sign in to the pixnet.net P2 Tim Huang[:timhuang] [tor][domsecurity-active]
1319728 Fx with FPI feature wrongly displays that sign-in on youtube has failed even though it did not P2 Yoshi Huang [:allstars.chh] [tor][domsecurity-active]
1319756 Login on Instagram using facebook social network stuck on Fx with FPI P2 Chung-Sheng Fu [:cfu] [tor][domsecurity-backlog1]
1319761 Login on pinterest using facebook social network not working on Fx with FPI P1 Tim Huang[:timhuang] [tor] [domsecurity-backlog1][platform-rel-Facebook]
1319767 Unable to login on imgur using Google+ on Fx with FPI P1 Tim Huang[:timhuang] [tor][domsecurity-backlog1]
1319839 [FirstPartyIsolation] If you sign in to Gmail, you'll be automatically signed in when you visit YouTube P3 [tor][domsecurity-backlog1]
1336458 [FirstPartyIsolation] Unable to login using Facebook on As.com P3 1319773 [tor][domsecurity-backlog2]
1363952 The counter isn't updated after tapping the Like button in "ltn.com.tw" website P3 [tor][domsecurity-meta]
1379706 [FirstPartyIsolation] Can't log into crash-stats.mozilla.com (Socorro) with Google account P3 [domsecurity-backlog1]

9 Total; 9 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - Target as Fx53 Nightly

ID Summary Assigned to Depends on Whiteboard
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom Jonathan Hao [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. Yoshi Huang [:allstars.chh] 1264231, 1291652, 1300182, 1301274, 1301768, 1301778 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) Jonathan Hao [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264577 Tests for first-party isolation of cache (Tor 13749) Tim Huang[:timhuang] 1315579, 1289319, 1304219 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) Jonathan Hao [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes Jonathan Hao [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1289319 Add a test framework for the first party isolation tests. Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes Tim Huang[:timhuang] [OA][domsecurity-active]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) Jonathan Hao [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1312541 Test first-party isolation of cookies Arthur Edelstein [:arthuredelstein] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) Jonathan Hao [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). Tim Huang[:timhuang] 1304219 [tor] [domsecurity-active][OA]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1316283 Isolate SSL session cache by origin attributes Jonathan Hao [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1334690 Isolate AlternateService mappings by Origin Attributes Jonathan Hao [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true Jonathan Hao [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]

21 Total; 0 Open (0%); 21 Resolved (100%); 0 Verified (0%);


First Party Isolation - QA Bugs Fixed

ID Summary Priority Assigned to Depends on Whiteboard Status Resolution
1309800 The firstPartyDomain should be blogger.com, not google.com (Enter "blogger.com" in Url bar) P3 Jonathan Hao [:jhao] [tor][domsecurity-active] RESOLVED INVALID
1309816 Some firstPartyDomains are empty P3 Cynthia Tang [:cynthiatang] 1312954 [tor][domsecurity-active] RESOLVED DUPLICATE
1313627 [FirstPartyIsolation] Failed to sign in to the Baidu P1 Tim Huang[:timhuang] [tor][domsecurity-active] VERIFIED FIXED
1315907 [FirstPartyIsolation] Failed to sign in to the hao123.com P1 [tor][domsecurity-active] RESOLVED DUPLICATE
1316536 [FirstPartyIsolation] The publishing window will not disappear after clicking on "Publish" to publish news to your Facebook Wall P3 Tim Huang[:timhuang] [tor][domsecurity-active][platform-rel-Facebook] RESOLVED DUPLICATE
1317231 [FirstPartyIsolation] Failed to sign in to the 360.com -- [tor][domsecurity-active] RESOLVED INVALID
1319773 Issues signing in on Soundcloud using Firefox with FPI P1 Tim Huang[:timhuang] 1339213, 1339336 [tor][domsecurity-active] VERIFIED FIXED
1336439 [FirstPartyIsolation] MSN articles can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336440 [FirstPartyIsolation] Ebay-kleinanzeigen.de items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336441 [FirstPartyIsolation] Sabq.org items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336442 [FirstPartyIsolation] Onedio.com items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336460 [FirstPartyIsolation] Unable to login using Facebook on Twitch.tv P3 1319773 [domsecurity-backlog2][tor] RESOLVED WORKSFORME
1336461 [FirstPartyIsolation] Unable to login using Facebook on Adf.ly P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336462 [FirstPartyIsolation] Unable to login using Facebook on Wikia.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336463 [FirstPartyIsolation] Unable to login using Facebook on Espn.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336464 [FirstPartyIsolation] Unable to login using Facebook on Dailymotion.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336465 [FirstPartyIsolation] Unable to login using Facebook on Sabah.com.tr P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336466 [FirstPartyIsolation] Facebook pop-up does not close after entering credentials on Cdiscount.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME

18 Total; 0 Open (0%); 16 Resolved (88.89%); 2 Verified (11.11%);


First Party Isolation - FIXED

ID Summary Priority Assigned to Depends on Whiteboard
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom P1 Jonathan Hao [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. P1 Yoshi Huang [:allstars.chh] 1264231, 1291652, 1300182, 1301274, 1301768, 1301778 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) P1 Jonathan Hao [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264567 Tests for first party isolation of localStorage (Tor 13749.1) P2 Jonathan Hao [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) P1 Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264572 Test the Isolate the Image Cache per url bar domain (Tor 13749.2) P2 Dave Huseby [:huseby] 1289319, 1304432 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264573 Regression tests for blob URL isolation (Tor 15502) P2 Jonathan Hao [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
1264577 Tests for first-party isolation of cache (Tor 13749) P1 Tim Huang[:timhuang] 1315579, 1289319, 1304219 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264593 test Isolation on SharedWorker by first party domain (Tor 15564) P2 Tim Huang[:timhuang] 1302566, 1305223, 1268726, 1289319, 1335678 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) P1 Jonathan Hao [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) P1 Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes P1 Jonathan Hao [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1274020 Add a test to show that the DOM Cache is separated by origin attributes P2 Jonathan Hao [:jhao] 1195930 [OA-testing][usercontextId][domsecurity-active][tor-testing]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes P1 Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1282655 Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute P2 Jonathan Hao [:jhao] [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
1289319 Add a test framework for the first party isolation tests. P1 Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed -- Jonathan Hao [:jhao] 1115712
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes P1 Tim Huang[:timhuang] [OA][domsecurity-active]
1300182 Intermittent browser/components/originattributes/test/browser/browser_firstPartyIsolation.js | "KO" == "OK" - P3 Yoshi Huang [:allstars.chh] [domsecurity-intermittent][tor]
1300671 Set firstPartyDomain for about: pages P2 Yoshi Huang [:allstars.chh] 1260931 [tor][domsecurity-active]
1301406 The cookies of the top-level page are not keyed with firstPartyDomain when first party isolation is turned on in e10s mode. P3 Yoshi Huang [:allstars.chh] [tor][domsecurity-backlog1]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) P1 Jonathan Hao [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1301617 test for firstParty and userContextId documents with nsIPermissionManager P3 Jonathan Hao [:jhao] [OA-testing][domsecurity-backlog1][tor-testing]
1301649 nits for firstPartyDomain in bug 1260931 P2 Yoshi Huang [:allstars.chh] 1260931 [tor], [domsecurity-backlog2]
1303062 Turn on first party isolation tests P3 Jonathan Hao [:jhao] [tor-testing][domsecurity-active]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) P1 Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1311237 Intermittent browser/components/originattributes/test/browser/browser_favicon_firstParty.js | The favicon image should be loaded through network. - Got http-on-examine-cached-response, expected http-on-examine-response, Test timed out, Found a tab P2 Tim Huang[:timhuang] [OA][domsecurity-intermittent][tor]
1312541 Test first-party isolation of cookies P1 Arthur Edelstein [:arthuredelstein] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) P1 Jonathan Hao [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). P1 Tim Huang[:timhuang] 1304219 [tor] [domsecurity-active][OA]
1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP redirect -- Yoshi Huang [:allstars.chh] [tor][domsecurity-active]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - P1 Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1315927 ignore firstPartyDomain and userContextId in PermissionStatus P2 Yoshi Huang [:allstars.chh] [tor][domsecurity-active]
1316283 Isolate SSL session cache by origin attributes P1 Jonathan Hao [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes P1 Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1323644 Isolate the HSTS and HPKP cache by first party domain. P2 Jonathan Hao [:jhao] 1342178, 1290529, 1336867 [tor][tor 17965][necko-would-take]
1334468 Crash in mozilla::OriginAttributes::CreateSuffix when entering ',s."' in url bar with privacy.firstparty.isolate=true -- Jonathan Hao [:jhao] 1337629
1334690 Isolate AlternateService mappings by Origin Attributes P1 Jonathan Hao [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true P1 Jonathan Hao [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]
1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService -- Jonathan Hao [:jhao] 1345612
1337629 Add more restrictions to the host parser -- Valentin Gosu [:valentin] 1355487 [necko-active]
1344170 set firstPartyDomain for blob: URI P2 Yoshi Huang [:allstars.chh] [tor][domsecurity-active]

42 Total; 0 Open (0%); 42 Resolved (100%); 0 Verified (0%);


ID Summary Priority Assigned to Depends on Whiteboard

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);