Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preventing url base fallback leakage in cross orgin sandbox iframe #1447

Open
4 tasks done
uazo opened this issue Sep 8, 2024 · 2 comments
Open
4 tasks done

Preventing url base fallback leakage in cross orgin sandbox iframe #1447

uazo opened this issue Sep 8, 2024 · 2 comments
Labels
privacy issue fingerprinting detected!

Comments

@uazo
Copy link
Owner

uazo commented Sep 8, 2024

Preliminary checklist

  • I have read the README
  • I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
  • I have searched wont fix issues and this request is not among them
  • This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

Yes

Is there a patch available for this feature somewhere?

yes
https://chromium-review.googlesource.com/c/chromium/src/+/4324738

Describe the solution you would like

the chromium team is interested in compatibility, I am not.

whatwg/html#9025
whatwg/html#8105

In my opinion, if a webdeveloper uses an iframe sandbox, he does not want the information to be granted.

Describe alternatives you have considered

none
@uazo uazo added the privacy issue fingerprinting detected! label Sep 8, 2024
@uazo
Copy link
Owner Author

uazo commented Sep 12, 2024

it must first be checked how the referrer and ancestorOrigins behave

@uazo
Copy link
Owner Author

uazo commented Sep 15, 2024
edited
Loading

test

  • referrer is removed from document and network
  • ancestorOrigins are present

the other anomaly is that the call to rawgit.com is not present in the developer tools although it is made!
https://issues.chromium.org/issues/366547220

@uazo uazo mentioned this issue Sep 17, 2024
Closed
4 tasks
uazo added a commit that referenced this issue Sep 26, 2024
@uazo
Block leakage of urls in sandbox iframes: Preventing url base fallbac…
275a7d6 
…k leakage in cross orgin sandbox iframe (#1447)

DO NOT ACTIVATE: the patch is a wip

Addition of the ""block-url-leakage-sandbox-iframe" flag disabled by default.
The aim is to understand whether it is possible to disable the
leakage of certain information in sandbox iframes
This was referenced Sep 28, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
privacy issue fingerprinting detected!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uazo