[Invalid] 11.4.10rc3 Cross-tab identity leak protection trips way too late
Posted: Tue Sep 06, 2022 3:13 pm
NoScript 11.4.10rc3
Firefox 104.0.2
new profile
STR:
1) NoScript Options > Advanced, enable Cross-tab identity leak protection everywhere
2) in Per-site Permissions, set to TRUSTED:
- flathub.org
- github.com
- githubassets.com
3) visit https://flathub.org/home
4) click e.g. the listing for Google Chrome
5) middle-click the "See details" link under "Publisher" to open it in new tab
Expected results:Cross-tab identity leak protection should trip at (5) EDIT Correction: since there are no Github cookies at (5), the cross-tab identity leak protection should not trip at all.
Actual results: Clicking several same-origin links on the Github tab will eventually make the cross-tab identity leak protection trip on one of these same-origin link loads. It seems random when this happens.
Firefox 104.0.2
new profile
STR:
1) NoScript Options > Advanced, enable Cross-tab identity leak protection everywhere
2) in Per-site Permissions, set to TRUSTED:
- flathub.org
- github.com
- githubassets.com
3) visit https://flathub.org/home
4) click e.g. the listing for Google Chrome
5) middle-click the "See details" link under "Publisher" to open it in new tab
Expected results:
Actual results: Clicking several same-origin links on the Github tab will eventually make the cross-tab identity leak protection trip on one of these same-origin link loads. It seems random when this happens.