Changeset 246647 in webkit


Ignore:
Timestamp:
Jun 20, 2019 1:03:58 PM (5 years ago)
Author:
wilander@apple.com
Message:

Storage Access API: Cap the number of times an iframe document can request access
https://bugs.webkit.org/show_bug.cgi?id=199074
<rdar://problem/51857195>

Reviewed by Brent Fulgham.

Tested manually.

This change just adds a counter to the number of times the user explicitly
denies storage access and returns early if the counter has reached the limit
of 2.

We hoped that iframes that request storage access would count the number
of times the user has been asked and not repeat the request over and over.
However, we're seeing pretty aggressive use of the API and users are
complaining. Therefore, we need a cap on how many times an iframed
document can ask if it is explicitly denied access by the user.

This is a first measure. If we see continued aggressive use of the API,
we'll have to consider more drastic measures.

  • dom/DocumentStorageAccess.cpp:

(WebCore::DocumentStorageAccess::requestStorageAccess):

  • dom/DocumentStorageAccess.h:
Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r246644 r246647  
     12019-06-20  John Wilander  <wilander@apple.com>
     2
     3        Storage Access API: Cap the number of times an iframe document can request access
     4        https://bugs.webkit.org/show_bug.cgi?id=199074
     5        <rdar://problem/51857195>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Tested manually.
     10
     11        This change just adds a counter to the number of times the user explicitly
     12        denies storage access and returns early if the counter has reached the limit
     13        of 2.
     14
     15        We hoped that iframes that request storage access would count the number
     16        of times the user has been asked and not repeat the request over and over.
     17        However, we're seeing pretty aggressive use of the API and users are
     18        complaining. Therefore, we need a cap on how many times an iframed
     19        document can ask if it is explicitly denied access by the user.
     20
     21        This is a first measure. If we see continued aggressive use of the API,
     22        we'll have to consider more drastic measures.
     23
     24        * dom/DocumentStorageAccess.cpp:
     25        (WebCore::DocumentStorageAccess::requestStorageAccess):
     26        * dom/DocumentStorageAccess.h:
     27
    1282019-06-20  Youenn Fablet  <youenn@apple.com>
    229

  • trunk/Source/WebCore/dom/DocumentStorageAccess.cpp

    r245025 r246647  
    129129    }
    130130   
    131     if (!m_document.frame() || m_document.securityOrigin().isUnique()) {
     131    if (!m_document.frame() || m_document.securityOrigin().isUnique() || !isAllowedToRequestFrameSpecificStorageAccess()) {
    132132        promise->reject();
    133133        return;
     
    193193            document->setHasFrameSpecificStorageAccess(true);
    194194            promise->resolve();
    195         } else
     195        } else {
     196            if (promptWasShown == StorageAccessPromptWasShown::Yes)
     197                document->setWasExplicitlyDeniedFrameSpecificStorageAccess();
    196198            promise->reject();
     199        }
    197200
    198201        if (shouldPreserveUserGesture) {

  • trunk/Source/WebCore/dom/DocumentStorageAccess.h

    r245025 r246647  
    4747};
    4848
     49const unsigned maxNumberOfTimesExplicitlyDeniedFrameSpecificStorageAccess = 2;
     50
    4951class DocumentStorageAccess final : public Supplement<Document>, public CanMakeWeakPtr<DocumentStorageAccess> {
    5052    WTF_MAKE_FAST_ALLOCATED;
     
    6567    bool hasFrameSpecificStorageAccess() const;
    6668    void setHasFrameSpecificStorageAccess(bool);
     69    void setWasExplicitlyDeniedFrameSpecificStorageAccess() { ++m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess; };
     70    bool isAllowedToRequestFrameSpecificStorageAccess() { return m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess < maxNumberOfTimesExplicitlyDeniedFrameSpecificStorageAccess; };
    6771    void enableTemporaryTimeUserGesture();
    6872    void consumeTemporaryTimeUserGesture();
     
    7175   
    7276    Document& m_document;
     77
     78    uint8_t m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess = 0;
    7379};
    7480
Note: See TracChangeset for help on using the changeset viewer.