New issue
Advanced search Search tips

Issue 824950 link

Starred by 3 users
Status: Fixed
Owner:
jsb...@chromium.org
Closed: Sep 7
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Persistent storage permission should not be granted for session-only origins

Project Member Reported by jsb...@chromium.org, Mar 22 2018 
* navigator.storage.persist() allows an origin to request being preserved from eviction under storage pressure. We grant based on heuristics. We encourage sites to request this, then check with navigator.storage.persisted() to see if they have this permission before offering the user any sort of guarantee about offline storage availability.

* A user or admin can make a site be "session-only", i.e. all data is cleared when the user leaves the site. (chrome://settings/content/cookies, add sites to "Clear on exit")

If a site has been made "session only" we should probably not allow granting persistent permission and report false for the permission state.

Comment 1 by jsb...@chromium.org, Mar 22 2018 

Additional case needed in DurableStoragePermissionContext::DecidePermission ?

Comment 2 by jsb...@chromium.org, Sep 5

Owner: jsb...@chromium.org
Status: Started (was: Available)
Project Member

Comment 3 by bugdroid1@chromium.org, Sep 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4a02d6634eb5a8da259b056e3761f544ab9ae857

commit 4a02d6634eb5a8da259b056e3761f544ab9ae857
Author: Joshua Bell <jsbell@chromium.org>
Date: Fri Sep 07 16:19:36 2018

Persistent storage permission: don't grant for session-only origins

A user or admin can make a site be "session-only", i.e. all data is
cleared when the user leaves the site. In the UI at
chrome://settings/content/cookies this is done by adding sites to the
"Clear on exit" list. We shouldn't grant the permission for sites with
this property, since we do so with heuristics and we encourage
developers to request the permission before offering the user a of
guarantee about offline storage availability. If we granted the
permission, the site would end up giving a false commitment to the
user.

Bug:  824950 
Change-Id: I6ccd53376fc3aed65dd742b3fc0938c203281e7b
Reviewed-on: https://chromium-review.googlesource.com/1208149
Reviewed-by: Christian Dullweber <dullweber@chromium.org>
Commit-Queue: Joshua Bell <jsbell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589537}
[modify] https://crrev.com/4a02d6634eb5a8da259b056e3761f544ab9ae857/chrome/browser/storage/durable_storage_browsertest.cc
[modify] https://crrev.com/4a02d6634eb5a8da259b056e3761f544ab9ae857/chrome/browser/storage/durable_storage_permission_context.cc

Comment 4 by jsb...@chromium.org, Sep 7

Status: Fixed (was: Started)

Sign in to add a comment