Security/FirstPartyIsolation

From MozillaWiki
Jump to: navigation, search

First Party Isolation - P1 (Target as Fx53 Aurora - 2017/1/23)

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P2 (Target as Fx54 Aurora - 2017/3/6 ESR 52.0)

Full Query
ID Summary Assigned to Depends on Whiteboard
1676104 Make WebRequest and GeckoWebExecutor First-Party aware [tor 40171] [geckoview:2023?]

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P3~P5

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
1315205 [META] QA bugs of First Party Isolation P3 1316019, 1319728, 1319761, 1319839, 1336458, 1363952, 1379706, 1459620, 1629062, 1637760, 1662096, 1309800, 1309816, 1313627, 1315907, 1316536, 1317231, 1319756, 1319767, 1319773, 1336439, 1336440, 1336441, 1336442, 1336460, 1336461, 1336462, 1336463, 1336464, 1336465, 1336466, 1384657, 1459518, 1460428, 1475124, 1592260, 1647829, 1656719 [tor][domsecurity-meta]
1319346 WebChannel not isolated by originAttributes P3 [domsecurity-backlog2][OA][userContextId][tor]
1321158 Investigate if window.open() inheriting firstPartyDomain resolves breakage P5 [tor][domsecurity-backlog1]
1337868 Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets P3 [OA-testing][tor-testing][domsecurity-backlog1]
1357346 [META] QA bugs of First Party Isolation on Fennec P3 1319728, 1363952, 1376766, 1376767, 1378150, 1378775, 1378815, 1379140, 1379141, 1319756, 1360142, 1360145, 1376769 [tor][domsecurity-meta]
1371651 about:cache does not show entries when `privacy.firstparty.isolate` is set to `true` P3 [tor 22451][necko-backlog][dfpi-ok]
1398414 Key :visited per origin (first-party-isolation / partitioning for :visited). P3 [tor]
1475811 Entering URLs in address bar violates FPI P5 Pier Angelo Vendrame [tor 26353][dfpi-ok]
1495204 [pdf.js] Lots of errors "system principal mismatch" with privacy.firstparty.isolate=true P5 [tor][pdfjs-network]
1556212 Per-Domain Cookie Permissions are broken with FPI enabled P3 [domsecurity-backlog1]
1583891 When FPI is enabled, about:debugging does not list Service Workers that have a firstPartyDomain attribute P3 [dfpi-ok]
1628783 Make FPI affect keying of docgroup P5 [domsecurity-backlog1]
1630869 Consider changing the key of FPI to site (i.e., include the URL scheme) P3 [domsecurity-backlog1]

13 Total; 13 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - QA Bugs

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
1316019 [FirstPartyIsolation] Failed to sign in to the pixnet.net P3 [tor][domsecurity-active]
1319728 Fx with FPI feature wrongly displays that sign-in on youtube has failed even though it did not P3 [tor][domsecurity-active]
1319761 Login on pinterest using facebook social network not working on Fx with FPI P3 [tor] [domsecurity-backlog1][platform-rel-Facebook]
1319839 [FirstPartyIsolation] If you sign in to Gmail, you'll be automatically signed in when you visit YouTube P3 [tor][domsecurity-backlog1][dfpi-ok]
1336458 [FirstPartyIsolation] Unable to login using Facebook on As.com P3 1319773 [tor][domsecurity-backlog2][dfpi-ok]
1363952 The counter isn't updated after tapping the Like button in "ltn.com.tw" website P3 [tor][domsecurity-meta]
1379706 [FirstPartyIsolation] Can't log into crash-stats.mozilla.com (Socorro) with Google account P3 [domsecurity-backlog1][dfpi-ok]
1459620 First party isolation breaks sign in on airnewzealand.com P3 [domsecurity-backlog1]
1629062 [Dynamic FPI] The user and password for Facebook did not transfer to messenger.com P3
1662096 privacy.firstparty.isolate prevents YTMNDs from playing P3

10 Total; 10 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - Target as Fx53 Nightly

Full Query
ID Summary Assigned to Depends on Whiteboard
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom Jonathan Hao (inactive) [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] 1264231, 1291652, 1300182, 1301274, 1301768, 1301778, 1470156 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) Jonathan Hao (inactive) [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264577 Tests for first-party isolation of cache (Tor 13749) Tim Huang[:timhuang] 1289319, 1304219, 1315579 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes Jonathan Hao (inactive) [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1289319 Add a test framework for the first party isolation tests. Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes Tim Huang[:timhuang] [OA][domsecurity-active]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) Jonathan Hao (inactive) [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1312541 Test first-party isolation of cookies Arthur Edelstein [:arthur] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) Jonathan Hao (inactive) [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). Tim Huang[:timhuang] 1304219, 1441445 [tor] [domsecurity-active][OA]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1316283 Isolate SSL session cache by origin attributes Jonathan Hao (inactive) [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1334690 Isolate AlternateService mappings by Origin Attributes Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true Jonathan Hao (inactive) [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]
1473247 Making the firstPartyDomain honors IP addresses Tim Huang[:timhuang] [domsecurity-active]

22 Total; 22 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - QA Bugs Fixed

Full Query
ID Summary Priority Assigned to Depends on Whiteboard Status Resolution
1309800 The firstPartyDomain should be blogger.com, not google.com (Enter "blogger.com" in Url bar) P3 Jonathan Hao (inactive) [:jhao] [tor][domsecurity-active][dfpi-ok] RESOLVED INVALID
1309816 Some firstPartyDomains are empty P3 Cynthia Tang [:cynthiatang] 1312954 [tor][domsecurity-active][dfpi-ok] RESOLVED DUPLICATE
1313627 [FirstPartyIsolation] Failed to sign in to the Baidu P1 Tim Huang[:timhuang] [tor][domsecurity-active] VERIFIED FIXED
1315907 [FirstPartyIsolation] Failed to sign in to the hao123.com P1 [tor][domsecurity-active] RESOLVED DUPLICATE
1316536 [FirstPartyIsolation] The publishing window will not disappear after clicking on "Publish" to publish news to your Facebook Wall P3 Tim Huang[:timhuang] [tor][domsecurity-active][platform-rel-Facebook][dfpi-ok] RESOLVED DUPLICATE
1317231 [FirstPartyIsolation] Failed to sign in to the 360.com -- [tor][domsecurity-active] RESOLVED INVALID
1319756 Login on Instagram using facebook social network stuck on Fx with FPI P3 [tor][domsecurity-backlog1][dfpi-ok] RESOLVED WORKSFORME
1319767 Unable to login on imgur using Google+ on Fx with FPI P3 [tor][domsecurity-backlog1][dfpi-ok] RESOLVED INVALID
1319773 Issues signing in on Soundcloud using Firefox with FPI P1 Tim Huang[:timhuang] 1339213, 1339336 [tor][domsecurity-active][dfpi-ok] VERIFIED FIXED
1336439 [FirstPartyIsolation] MSN articles can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2][dfpi-ok] RESOLVED WORKSFORME
1336440 [FirstPartyIsolation] Ebay-kleinanzeigen.de items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2][dfpi-ok] RESOLVED WORKSFORME
1336441 [FirstPartyIsolation] Sabq.org items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2][dfpi-ok] RESOLVED WORKSFORME
1336442 [FirstPartyIsolation] Onedio.com items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2][dfpi-ok] RESOLVED WORKSFORME
1336460 [FirstPartyIsolation] Unable to login using Facebook on Twitch.tv P3 1319773 [domsecurity-backlog2][tor] RESOLVED WORKSFORME
1336461 [FirstPartyIsolation] Unable to login using Facebook on Adf.ly P3 1319773 [tor][domsecurity-backlog2][dfpi-ok] RESOLVED WORKSFORME
1336462 [FirstPartyIsolation] Unable to login using Facebook on Wikia.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336463 [FirstPartyIsolation] Unable to login using Facebook on Espn.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336464 [FirstPartyIsolation] Unable to login using Facebook on Dailymotion.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336465 [FirstPartyIsolation] Unable to login using Facebook on Sabah.com.tr P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336466 [FirstPartyIsolation] Facebook pop-up does not close after entering credentials on Cdiscount.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1384657 Pocket doesn't work with privacy.firstparty.isolate set to true P3 :Gijs (he/him) [tor][dfpi-ok] RESOLVED FIXED
1459518 Login into youtube.com with first party isolation shows an error message even though a second login attempt succeeds -- [dfpi-ok] RESOLVED DUPLICATE
1460428 First-party isolation breaks the orange factor graph on Bugzilla P3 [domsecurity-backlog1] RESOLVED WORKSFORME
1475124 identity.launchWebAuthFlow doesn’t work when privacy.firstparty.isolate is enabled P3 [domsecurity-backlog2] RESOLVED WONTFIX
1592260 privacy.firstparty.isolate=true breaks store.ubi.com -- RESOLVED WORKSFORME
1647829 HTTPS Only Mode Error page repeats forever when privacy.firstparty.isolate is enabled P3 Julian Gaibler [domsecurity-backlog1][tor-p1] RESOLVED FIXED
1656719 https-only mode gets stuck at warning screen with first-party isolation in Firefox 79+ P3 [domsecurity-backlog1] RESOLVED DUPLICATE

27 Total; 0 Open (0%); 25 Resolved (92.59%); 2 Verified (7.41%);


First Party Isolation - FIXED

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
444222 window.name can be used as an XSS attack vector P2 Tim Huang[:timhuang] 454850, 1665502 [tor][tor-standalone][tor 16620][domsecurity-backlog1] , [wptsync upstream]
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom P1 Jonathan Hao (inactive) [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. P1 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] 1264231, 1291652, 1300182, 1301274, 1301768, 1301778, 1470156 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) P1 Jonathan Hao (inactive) [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264567 Tests for first party isolation of localStorage (Tor 13749.1) P2 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) P1 Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264572 Test the Isolate the Image Cache per url bar domain (Tor 13749.2) P2 Dave Huseby [:huseby] 1289319, 1304432 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264573 Regression tests for blob URL isolation (Tor 15502) P2 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
1264577 Tests for first-party isolation of cache (Tor 13749) P1 Tim Huang[:timhuang] 1289319, 1304219, 1315579 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264593 test Isolation on SharedWorker by first party domain (Tor 15564) P2 Tim Huang[:timhuang] 1302566, 1305223, 1268726, 1289319, 1335678 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) P1 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) P1 Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes P1 Jonathan Hao (inactive) [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1274020 Add a test to show that the DOM Cache is separated by origin attributes P2 Jonathan Hao (inactive) [:jhao] 1195930 [OA-testing][usercontextId][domsecurity-active][tor-testing]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes P1 Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1282655 Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute P2 Jonathan Hao (inactive) [:jhao] [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
1289319 Add a test framework for the first party isolation tests. P1 Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed -- Jonathan Hao (inactive) [:jhao] 1115712
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes P1 Tim Huang[:timhuang] [OA][domsecurity-active]
1300182 Intermittent browser/components/originattributes/test/browser/browser_firstPartyIsolation.js | "KO" == "OK" - P3 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [domsecurity-intermittent][tor]
1300671 Set firstPartyDomain for about: pages P2 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] 1260931 [tor][domsecurity-active]
1301406 The cookies of the top-level page are not keyed with firstPartyDomain when first party isolation is turned on in e10s mode. P3 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-backlog1]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) P1 Jonathan Hao (inactive) [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1301617 test for firstParty and userContextId documents with nsIPermissionManager P3 Jonathan Hao (inactive) [:jhao] [OA-testing][domsecurity-backlog1][tor-testing]
1301649 nits for firstPartyDomain in bug 1260931 P2 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] 1260931 [tor], [domsecurity-backlog2]
1303062 Turn on first party isolation tests P3 Jonathan Hao (inactive) [:jhao] [tor-testing][domsecurity-active]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) P1 Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1311237 Intermittent browser/components/originattributes/test/browser/browser_favicon_firstParty.js | The favicon image should be loaded through network. - Got http-on-examine-cached-response, expected http-on-examine-response, Test timed out, Found a tab P2 Tim Huang[:timhuang] [OA][domsecurity-intermittent][tor]
1312541 Test first-party isolation of cookies P1 Arthur Edelstein [:arthur] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) P1 Jonathan Hao (inactive) [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). P1 Tim Huang[:timhuang] 1304219, 1441445 [tor] [domsecurity-active][OA]
1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP redirect -- Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - P1 Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1315927 ignore firstPartyDomain and userContextId in PermissionStatus P2 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1316283 Isolate SSL session cache by origin attributes P1 Jonathan Hao (inactive) [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes P1 Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1323644 Isolate the HSTS and HPKP cache by first party domain. P2 Jonathan Hao (inactive) [:jhao] 1290529, 1336867, 1342178 [tor][tor 17965][necko-would-take][OA]
1330467 When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain P2 Gary Chen [:xeonchen] [tor 21569][domsecurity-backlog2]
1334468 Crash in mozilla::OriginAttributes::CreateSuffix when entering ',s."' in url bar with privacy.firstparty.isolate=true -- Jonathan Hao (inactive) [:jhao] 1337629
1334485 Tracking using intermediate CA caching P3 [psm-backlog][tor]
1334690 Isolate AlternateService mappings by Origin Attributes P1 Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true P1 Jonathan Hao (inactive) [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]
1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService -- Jonathan Hao (inactive) [:jhao] 1345612
1337629 Add more restrictions to the host parser -- Valentin Gosu [:valentin] (he/him) 1355487 [necko-active]
1340949 The Sync "Manage Account" link doesn't work properly with First-Party Isolation P3 1323853
1344170 set firstPartyDomain for blob: URI P2 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1376971 Isolate Page Info media previews to content first party P3 Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] 1403365, 1405195, 1407498 [tor][tor 22327][OA][userContextId][domsecurity-backlog1]
1376973 The favicon of tabs dropdown list does not honor originAttributes. P2 Tim Huang[:timhuang] [tor][tor 22452][OA][userContextId][domsecurity-active]
1381197 browser.cookies fails to get/remove cookies by domain/url when privacy.firstparty.isolate = true P3 Chung-Sheng Fu [:cfu] [OA]
1384657 Pocket doesn't work with privacy.firstparty.isolate set to true P3 :Gijs (he/him) [tor][dfpi-ok]
1473247 Making the firstPartyDomain honors IP addresses P1 Tim Huang[:timhuang] [domsecurity-active]
1492607 Prevent postMessage communication across first-party when restrict_opener_access = true P3 Tim Huang[:timhuang] [domsecurity-backlog1]
1494327 Allow Popups For This Site is not keyed by OriginAttributes P3 1330467, 1422056 [tor]
1506693 PDFJS range-based requests violate FPI -- richard (Tor Project) [tor 26540]
1508355 Add a test to make sure "Save Page As" respect First-Party Isolation P5 Tim Huang[:timhuang] [tor 22343]
1542309 firstPartyDomain not set on top-level domain URLs P2 Alex Catarineu (Tor Browser dev) [tor 24622][domsecurity-active]

56 Total; 56 Open (100%); 0 Resolved (0%); 0 Verified (0%);


No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);