From 0c6d9d17643ca17580a5e5d817f0caf8558ab335 Mon Sep 17 00:00:00 2001 From: Shane Caraveo Date: Fri, 25 Jan 2019 18:43:11 +0000 Subject: [PATCH] Bug 1522810 disable client id header in private window, r=aswan When switching to using a header for the discover pane I forgot to check for privateness of the window. This patch should apply to both m-c and beta. Differential Revision: https://phabricator.services.mozilla.com/D17647 --HG-- extra : moz-landing-system : lando --- .../mozapps/extensions/content/extensions.js | 5 +- .../extensions/test/browser/browser.ini | 1 + .../browser/browser_discovery_clientid.js | 58 +++++++++++++++++++ .../mozapps/extensions/test/browser/head.js | 6 +- 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 toolkit/mozapps/extensions/test/browser/browser_discovery_clientid.js diff --git a/toolkit/mozapps/extensions/content/extensions.js b/toolkit/mozapps/extensions/content/extensions.js index 1529098e2728..d01a6929fd55 100644 --- a/toolkit/mozapps/extensions/content/extensions.js +++ b/toolkit/mozapps/extensions/content/extensions.js @@ -26,6 +26,8 @@ ChromeUtils.defineModuleGetter(this, "Preferences", "resource://gre/modules/Preferences.jsm"); ChromeUtils.defineModuleGetter(this, "ClientID", "resource://gre/modules/ClientID.jsm"); +ChromeUtils.defineModuleGetter(this, "PrivateBrowsingUtils", + "resource://gre/modules/PrivateBrowsingUtils.jsm"); XPCOMUtils.defineLazyPreferenceGetter(this, "WEBEXT_PERMISSION_PROMPTS", "extensions.webextPermissionPrompts", false); @@ -2011,7 +2013,8 @@ var gDiscoverView = { get clientIdDiscoveryEnabled() { // These prefs match Discovery.jsm for enabling clientId cookies. return Services.prefs.getBoolPref("datareporting.healthreport.uploadEnabled", false) && - Services.prefs.getBoolPref("browser.discovery.enabled", false); + Services.prefs.getBoolPref("browser.discovery.enabled", false) && + !PrivateBrowsingUtils.isContentWindowPrivate(window); }, async getClientHeader() { diff --git a/toolkit/mozapps/extensions/test/browser/browser.ini b/toolkit/mozapps/extensions/test/browser/browser.ini index 7f72f2f86f4f..233231769a80 100644 --- a/toolkit/mozapps/extensions/test/browser/browser.ini +++ b/toolkit/mozapps/extensions/test/browser/browser.ini @@ -65,6 +65,7 @@ skip-if = os == "linux" && !debug # Bug 1395539 - fails on multi-core [browser_checkAddonCompatibility.js] [browser_details.js] [browser_discovery.js] +[browser_discovery_clientid.js] [browser_dragdrop.js] [browser_dragdrop_incompat.js] [browser_extension_sideloading_permission.js] diff --git a/toolkit/mozapps/extensions/test/browser/browser_discovery_clientid.js b/toolkit/mozapps/extensions/test/browser/browser_discovery_clientid.js new file mode 100644 index 000000000000..6e3e411782ef --- /dev/null +++ b/toolkit/mozapps/extensions/test/browser/browser_discovery_clientid.js @@ -0,0 +1,58 @@ +"use strict"; + +const {ClientID} = ChromeUtils.import("resource://gre/modules/ClientID.jsm", {}); + +const MAIN_URL = "https://example.com/" + RELATIVE_DIR + "discovery.html"; + +function waitForHeader() { + return new Promise(resolve => { + let observer = (subject, topic, state) => { + let channel = subject.QueryInterface(Ci.nsIHttpChannel); + if (channel.URI.spec != MAIN_URL) { + return; + } + try { + resolve(channel.getRequestHeader("Moz-Client-Id")); + } catch (e) { + if (e.result == Cr.NS_ERROR_NOT_AVAILABLE) { + // The header was not set. + resolve(null); + } + } finally { + Services.obs.removeObserver(observer, "http-on-modify-request"); + } + }; + Services.obs.addObserver(observer, "http-on-modify-request"); + }); +} + +add_task(async function setup() { + SpecialPowers.pushPrefEnv({"set": [ + [PREF_DISCOVERURL, MAIN_URL], + ["datareporting.healthreport.uploadEnabled", true], + ["browser.discovery.enabled", true], + ]}); +}); + +add_task(async function test_no_private_clientid() { + let privateWindow = await BrowserTestUtils.openNewBrowserWindow({private: true}); + let [header, manager] = await Promise.all([ + waitForHeader(), + open_manager("addons://discover/", undefined, undefined, undefined, privateWindow), + ]); + ok(PrivateBrowsingUtils.isContentWindowPrivate(manager), "window is private"); + is(header, null, "header was not set"); + await close_manager(manager); + await BrowserTestUtils.closeWindow(privateWindow); +}); + +add_task(async function test_clientid() { + let clientId = await ClientID.getClientIdHash(); + ok(!!clientId, "clientId is avialable"); + let [header, manager] = await Promise.all([ + waitForHeader(), + open_manager("addons://discover/"), + ]); + is(header, clientId, "header was set"); + await close_manager(manager); +}); diff --git a/toolkit/mozapps/extensions/test/browser/head.js b/toolkit/mozapps/extensions/test/browser/head.js index 0765a013a6cb..b5e636953c16 100644 --- a/toolkit/mozapps/extensions/test/browser/head.js +++ b/toolkit/mozapps/extensions/test/browser/head.js @@ -368,7 +368,7 @@ function wait_for_manager_load(aManagerWindow, aCallback) { return log_callback(p, aCallback); } -function open_manager(aView, aCallback, aLoadCallback, aLongerTimeout) { +function open_manager(aView, aCallback, aLoadCallback, aLongerTimeout, aWin = window) { let p = new Promise((resolve, reject) => { async function setup_manager(aManagerWindow) { @@ -399,8 +399,8 @@ function open_manager(aView, aCallback, aLoadCallback, aLongerTimeout) { setup_manager(aSubject); }, "EM-loaded"); - gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser); - switchToTabHavingURI(MANAGER_URI, true, { + aWin.gBrowser.selectedTab = BrowserTestUtils.addTab(aWin.gBrowser); + aWin.switchToTabHavingURI(MANAGER_URI, true, { triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), }); });