Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Canvas farbling doesn't happen in disconnected iframes #12303

Closed
pilgrim-brave opened this issue Oct 23, 2020 · 4 comments · Fixed by brave/brave-core#6941
Closed

Canvas farbling doesn't happen in disconnected iframes #12303

pilgrim-brave opened this issue Oct 23, 2020 · 4 comments · Fixed by brave/brave-core#6941
Assignees
@pilgrim-brave
Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass-Linux QA Pass-Win64 QA/Yes release-notes/include
Milestone
1.18.x - Release

Comments

@pilgrim-brave
Copy link

No description provided.

@pilgrim-brave pilgrim-brave self-assigned this Oct 23, 2020
@pilgrim-brave pilgrim-brave mentioned this issue Oct 23, 2020
Merged
33 tasks
@pes10k pes10k added feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields privacy-pod Feature work for the Privacy & Web Compatibility pod labels Oct 27, 2020
@pilgrim-brave pilgrim-brave added this to the 1.18.x - Nightly milestone Nov 4, 2020
@GeetaSarvadnya
Copy link

@pilgrim-brave Can you please link the test plan?

@LaurenWags
Copy link
Member

cc @pes10k on #12303 (comment)

@pilgrim-brave
Copy link
Author

Test plan:

  1. Visit https://canvasblocker.kkapsner.de/test/test.html
  2. In Brave Shields panel, change Fingerprinting to "Allow all fingerprinting"

Each test shows two hash values. For the purposes of this plan, only look at the second hash value of each test (after the "/")

If any test shows an error like "Error while computing: Blocked a frame with origin "https://canvasblocker.kkapsner.de" from accessing a cross-origin frame." then refresh the page until the error message disappears.

  1. Hash for "iFrame Test. Thanks to DocumentRoot.", "iFrame Test 2 - with URL", "iFrame Test 3 - violating SOP", "iFrame Test 4 - different access 1", "iFrame Test 5 - different access 2", and "iFrame Test 6 - different access 3" should all be the same value. Note this hash value.
  2. In Brave Shields panel, change Fingerprinting to "Blocked (standard)"

Again, if any test shows an error like "Error while computing: Blocked a frame with origin "https://canvasblocker.kkapsner.de" from accessing a cross-origin frame." then refresh the page until the error message disappears.

  1. Hash for the six tests listed in step 3 should all be the same value, but it should be a different value than the hash seen in step 3.

@GeetaSarvadnya
Copy link

GeetaSarvadnya commented Dec 8, 2020
edited by btlechowski
Loading

Verification is passed on


Brave | 1.18.69 Chromium: 87.0.4280.88 (Official Build) (64-bit)
-- | --
Revision | 89e2380a3e36c3464b5dd1302349b1382549290d-refs/branch-heads/4280@{#1761}
OS | Windows 10 OS Version 2004 (Build 19041.630)
Shiled Fingerprinting to "Allow all fingerprinting"

iFrame Test. Thanks to DocumentRoot
image

iFrame Test 2 - with URL
image

iFrame Test 3 - violating SOP
image

iFrame Test 4 - different access 1
image

iFrame Test 5 - different access 2
image

iFrame Test 6 - different access 3
image

Fingerprinting to "Blocked (standard)"

iFrame Test. Thanks to DocumentRoot
image

iFrame Test 2 - with URL
image

iFrame Test 3 - violating SOP
image

iFrame Test 4 - different access 1
image

iFrame Test 5 - different access 2
image

iFrame Test 6 - different access 3
image

Shiled Fingerprinting to "Allow all fingerprinting"

image

Fingerprinting to "Blocked (standard)"

image

@LaurenWags LaurenWags mentioned this issue Dec 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pilgrim-brave pilgrim-brave

Labels
feature/shields/fingerprint The fingerprinting (aka: "device recognition") protection provided in Shields OS/Desktop privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass-Linux QA Pass-Win64 QA/Yes release-notes/include
Projects
None yet
Milestone
1.18.x - Release
Development

Successfully merging a pull request may close this issue.

Fix farbling in disconnected iframes brave/brave-core
6 participants
@pes10k @diracdeltas @LaurenWags @btlechowski @GeetaSarvadnya @pilgrim-brave