Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace localStorage with a mock API which doesn't create permanent state #5935

Closed
arodic opened this issue Sep 8, 2019 · 8 comments
Closed

Replace localStorage with a mock API which doesn't create permanent state #5935

arodic opened this issue Sep 8, 2019 · 8 comments
Labels
needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. privacy webcompat/not-shields-related Sites are breaking because of something other than Shields.
Milestone
Closed / Dupe / I...

Comments

@arodic
Copy link

arodic commented Sep 8, 2019

With cookies disabled, visiting websites that use window.localStorage and similar APIs throws an error sometimes completely breaking existing websites.

Consider replacing localStorage etc with a mock API that stores no data and allow rest of the js code to run normally.
@rebron
Copy link
Collaborator

rebron commented Sep 27, 2019

cc: @snyderp aren't we doing this already?

@arodic do you have a couple site examples to test out?

@rebron rebron added the needs-more-info The report requires more detail before we can decide what to do with this issue. label Sep 27, 2019
@pes10k
Copy link
Contributor

pes10k commented Sep 30, 2019

@rebron we don't mock the API currently, we report storage blocked (which is a case web devs should handle, but don't). It would be a neat / fine idea to mock the API instead of blocking though.

@jumde @fmarier @diracdeltas wdyt?

@pes10k pes10k added privacy webcompat/not-shields-related Sites are breaking because of something other than Shields. labels Sep 30, 2019
@fmarier
Copy link
Member

fmarier commented Sep 30, 2019
edited
Loading

Aside from checking whether or not storage is blocked, sites are likely to also check if they can read back what they just put in local storage. Maybe we should stash any such data into an in-memory data structure that gets cleared once the page is navigated away?

That would be similar to Safari's approach of accepting everything and then cleaning up later, except that "later" would be sooner than Safari which typically waits for at least 24 hours before clearing anything.

@pes10k
Copy link
Contributor

pes10k commented Sep 30, 2019

yea, was discussing with @jumde . Maybe the best way forward would be the following?

  1. Replace window.{local,session}Storage with a proxy that evals to something false-y (so that sites that correctly check to see if they have access to storage work correctly)
  2. responds to all object set/get/delete operations as if it was just an empty {} (so that websites that assume they have access can read / write in / out)?

@darrylyeo
Copy link

Any plans on implementing this? I'd love to be able to disable cookies across the board without breaking websites that use Web Storage. In the meantime, maybe Web Storage could be a separate shield toggle from the cookies toggle?

@fmarier
Copy link
Member

fmarier commented Jan 28, 2020

@darrylyeo Can you talk more about your use case? For example, if you were to disable cookies across the board, how would you log into websites?

I personally use uMatrix to block cookies by default and then whitelist sites I want to log into.

@darrylyeo
Copy link

@fmarier I'm using two separate browser profiles - one for general browsing where I turn on every Brave shield and privacy feature available to their most extreme settings, and a second profile with cookies allowed for sites that I need to log into. For the first profile, I have the default cookies shield set to "Cookies blocked", but currently I have to manually set it to "Cross-site cookies blocked" for some sites that break because of the Web Storage issue described.

@tildelowengrimm tildelowengrimm changed the title Block cookies more gracefully without completely breaking websites. Replace localStorage with a mock API which doesn't create permanent state Feb 12, 2020
@tildelowengrimm tildelowengrimm added priority/P3 The next thing for us to work on. It'll ride the trains. privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. labels Feb 12, 2020
@tildelowengrimm tildelowengrimm added needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. and removed needs-more-info The report requires more detail before we can decide what to do with this issue. priority/P3 The next thing for us to work on. It'll ride the trains. labels Feb 19, 2020
@pes10k
Copy link
Contributor

pes10k commented Mar 5, 2020

Closed in favor of #8514, which includes this functionality

@pes10k pes10k closed this as completed Mar 5, 2020
@bbondy bbondy added this to the Closed / Invalid milestone Jun 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-discussion Although the issue is clear, we haven't yet reached a decision about the right solution. privacy/chromium-redqueen Work to remove or improve privacy-harming "features" added in Chromium. privacy webcompat/not-shields-related Sites are breaking because of something other than Shields.
Projects
None yet
Milestone
Closed / Dupe / Invalid
Development

No branches or pull requests
7 participants
@pes10k @fmarier @tildelowengrimm @arodic @bbondy @rebron @darrylyeo