Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear ephemeral storage partitions after a small time period #14943

Closed
pes10k opened this issue Mar 25, 2021 · 0 comments · Fixed by brave/brave-core#8351
Closed

Clear ephemeral storage partitions after a small time period #14943

pes10k opened this issue Mar 25, 2021 · 0 comments · Fixed by brave/brave-core#8351
Assignees
@bridiver
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop privacy/feature User-facing privacy- & security-focused feature work. privacy QA/No release-notes/exclude
Projects
Android General
Milestone
1.25.x - Release

Comments

@pes10k
Copy link
Contributor

pes10k commented Mar 25, 2021

Currently all 3p partitioned storage under a 1p is cleared the moment there are no more tabs with the 1p as the top level document. This mostly works great, but doesn't handle some oauth style flows.

For example:

  1. example.org includes a 3p frame that handles SSO
  2. interacting with the 3p frame redirects the top level frame to an origin controlled by the SSO provider
  3. the top level frame then redirects back to example.org
  4. the SSO provider (embedded under example.org) expects that its state will still be there when the top level frame loads example.org

Right now the above flow breaks, since the embedded SSO provider state is cleared the moment the top level document is navigated.

We should handle such cases by modifying when we clear the 3p storage areas. Instead of clearing them the moment there are no more top level documents for the site doing the embedding, we should instead clear them after a brief pause (e.g., 30 seconds after there are no more top level documents for the site).

This will handle most cases of the above flow. We can expand the time out further if needed (for example, if someone needs to type in credentials for the SSO provider, 30 sec may not be enough), but this issue suggests 30 seconds for an initial approach.

There are QA tests for this behavior (assuming a 30 second timer) here: https://dev-pages.brave.software/storage/keep-alive.html
@pes10k pes10k added privacy privacy/feature User-facing privacy- & security-focused feature work. OS/Android Fixes related to Android browser functionality OS/Desktop labels Mar 25, 2021
@pes10k pes10k added this to Backlog in Android General via automation Mar 25, 2021
@bridiver bridiver mentioned this issue Mar 26, 2021
Merged
24 tasks
@pes10k pes10k mentioned this issue Mar 30, 2021
Open
Android General automation moved this from Backlog to Done/Closed Apr 6, 2021
@bridiver bridiver added this to the 1.25.x - Nightly milestone Apr 7, 2021
@pes10k pes10k mentioned this issue Apr 22, 2021
Merged
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop privacy/feature User-facing privacy- & security-focused feature work. privacy QA/No release-notes/exclude
2 participants
@bridiver @pes10k