Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expand Fireproofing to include Local Storage and IndexedDB #408

Merged
merged 8 commits into from
Feb 2, 2022
Merged

Expand Fireproofing to include Local Storage and IndexedDB #408

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4439983
Add local storage and IndexedDB to Fireproof data types.
samsymons Jan 28, 2022
be8a7a6
Add a comment about the IndexedDB exclusion.
samsymons Jan 28, 2022
11f79a0
Add a test for WKWebsiteDataStore extensions.
samsymons Jan 31, 2022
93ff4c3
Update tests.
samsymons Jan 31, 2022
f749eca
Another function rename.
samsymons Jan 31, 2022
79733b3
Tweak a comment to better explain the Fire button process.
samsymons Jan 31, 2022
905b5b9
Tweak a variable name, for similar reasons as the last commit.
samsymons Jan 31, 2022
ac41de9
Tweak the way the data record domain is checked.
samsymons Jan 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion DuckDuckGo/BrowserTab/Services/WebsiteDataStore.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ internal class WebCacheManager {

@MainActor
private func removeAllDataExceptCookies() async {
let allExceptCookies = WKWebsiteDataStore.allWebsiteDataTypesExceptCookies
let allExceptCookies = WKWebsiteDataStore.removableDataTypes

// Remove all data except cookies for all domains, and then filter cookies to preserve those allowed by Fireproofing.
await websiteDataStore.removeData(ofTypes: allExceptCookies, modifiedSince: Date.distantPast)
Expand Down
13 changes: 10 additions & 3 deletions DuckDuckGo/Common/Extensions/WKWebsiteDataStoreExtension.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ import WebKit

extension WKWebsiteDataStore {

/// Removes all website data types except cookies, including those not publicly declared by WebKit. Cookies are not removed as they are handled separately
/// by the Fire button logic.
/// Removes all website data types except cookies, local storage, and IndexedDB. This set includes those types not publicly declared by WebKit.
/// Cookies are not removed as they are handled separately by the Fire button logic.
///
/// - note: The full list of data types can be found in the [WKWebsiteDataStore](https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecord.mm) documentation.
static var allWebsiteDataTypesExceptCookies: Set<String> {
static var removableDataTypes: Set<String> {
var types = Self.allWebsiteDataTypes()

types.insert("_WKWebsiteDataTypeMediaKeys")
Expand All @@ -37,6 +37,13 @@ extension WKWebsiteDataStore {
types.insert("_WKWebsiteDataTypeAlternativeServices")

types.remove(WKWebsiteDataTypeCookies)
types.remove(WKWebsiteDataTypeLocalStorage)

// Only Fireproof IndexedDB on macOS 12.2+. Earlier versions have a privacy flaw that can expose browsing history.
// More info: https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15
if #available(macOS 12.2, *) {
types.remove(WKWebsiteDataTypeIndexedDBDatabases)
}

return types
}
Expand Down