1941590 - System and extension JS calls get RFP'ed

Status: NEW

(Core :: Privacy: Anti-Tracking, defect, P3)

Description

[Fatih Kilic [:fkilic]]

In bug 1941091, we realized that if you are running code as an JS Window actor, you also get RFP protections applied despite the call being from system principal. The reason for that is, our principal checks check for document principal and not caller. This behaviour helps with possibly leaking data from actors and extensions to webpage, but it also prevents things like our user characteristics data collection.

Comment 1

[Fatih Kilic [:fkilic]]

To summarize all of the RFP getting into the way of chrome code:

We apply some fingerprinting protections by spoofing and randomizing properties of the browser. This generally (see framerate for example) doesn't affect chrome code. The reason why it doesn't affect chrome code is, we check the principal of a document, and if it is system, then we don't apply any of these protections.

However, when we want to get data from a page that's not a chrome page, then we run into some issues. The way we interact (for the purposes of user-char ping) with pages was using JSWindowActors. They can run chrome code, but the document itself is still non-chrome. It is the JS principal that is system principal with JSWindowActors.

As you can recall, we decide whether we want to resist fingerprinting (RFP) or not by checking the document's principal, and not JS principal. This behaviour caused us to RFP JSWindowActors despite them running with system principal.

We tried to fix it by additionally checking the JS principal, but somehow, maybe due to some race condition or maybe due to asynchronicity, we ended up breaking many protections. It caused many regressions and we decided to back it out.