mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1551821 - Get rid of pref network.cookie.same-site.enabled, r=ckerschb 

Differential Revision: https://phabricator.services.mozilla.com/D31217

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrea Marchesini 2019-05-15 13:33:45 +00:00
Родитель 3d005bdb41
Коммит 289365e128
10 изменённых файлов: 16 добавлений и 207 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

60
dom/security/test/general/test_same_site_cookies_about.html
Просмотреть файл

@ -23,9 +23,6 @@
* 3) We evaluate that the same-site cookie is available in the same-origin case.
*/
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.same-site.enabled");
});
SimpleTest.waitForExplicitFinish();
const SAME_ORIGIN = "http://mochi.test:8888/"
@ -39,100 +36,44 @@ var tests = [
{
description: "nested same origin iframe about:srcdoc navigation [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeNav",
sameSiteEnabled: true,
result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
},
{
description: "nested cross origin iframe about:srcdoc navigation [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeNav",
sameSiteEnabled: true,
result: "", // no same-site cookie should be available
},
{
description: "nested same origin iframe about:blank navigation [mochi.test -> mochi.test -> about:blank -> mochi.test]",
frameSRC: SAME_ORIGIN + PATH + "?loadblankframeNav",
sameSiteEnabled: true,
result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
},
{
description: "nested cross origin iframe about:blank navigation [mochi.test -> example.com -> about:blank -> mochi.test]",
frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeNav",
sameSiteEnabled: true,
result: "", // no same-site cookie should be available
},
{
description: "nested same origin iframe about:srcdoc navigation [mochi.test -> mochi.test -> about:srcdoc -> mochi.test] (same-site off)",
frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeNav",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested cross origin iframe about:srcdoc navigation [mochi.test -> example.com -> about:srcdoc -> mochi.test] (same-site off)",
frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeNav",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested same origin iframe about:blank navigation [mochi.test -> mochi.test -> about:blank -> mochi.test] (same-site off)",
frameSRC: SAME_ORIGIN + PATH + "?loadblankframeNav",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested cross origin iframe about:blank navigation [mochi.test -> example.com -> about:blank -> mochi.test] (same-site off)",
frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeNav",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
// INCLUSION TESTS
{
description: "nested same origin iframe about:srcdoc inclusion [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeInc",
sameSiteEnabled: true,
result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
},
{
description: "nested cross origin iframe about:srcdoc inclusion [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeInc",
sameSiteEnabled: true,
result: "", // no same-site cookie should be available
},
{
description: "nested same origin iframe about:blank inclusion [mochi.test -> mochi.test -> about:blank -> mochi.test]",
frameSRC: SAME_ORIGIN + PATH + "?loadblankframeInc",
sameSiteEnabled: true,
result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
},
{
description: "nested cross origin iframe about:blank inclusion [mochi.test -> example.com -> about:blank -> mochi.test]",
frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeInc",
sameSiteEnabled: true,
result: "", // no same-site cookie should be available
},
{
description: "nested same origin iframe about:srcdoc inclusion [mochi.test -> mochi.test -> about:srcdoc -> mochi.test] (same-site off)",
frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeInc",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested cross origin iframe about:srcdoc inclusion [mochi.test -> example.com -> about:srcdoc -> mochi.test] (same-site off)",
frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeInc",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested same origin iframe about:blank inclusion [mochi.test -> mochi.test -> about:blank -> mochi.test] (same-site off)",
frameSRC: SAME_ORIGIN + PATH + "?loadblankframeInc",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
{
description: "nested cross origin iframe about:blank inclusion [mochi.test -> example.com -> about:blank -> mochi.test] (same-site off)",
frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeInc",
sameSiteEnabled: false,
result: "myKey=mySameSiteAboutCookie",
},
];
window.addEventListener("message", receiveMessage);
@ -156,7 +97,6 @@ function setupQueryResultAndRunTest() {
}
function setCookieAndInitTest() {
SpecialPowers.setBoolPref("network.cookie.same-site.enabled", tests[curTest].sameSiteEnabled);
var cookieImage = document.getElementById("cookieImage");
cookieImage.onload = function() {
ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");

24
dom/security/test/general/test_same_site_cookies_cross_origin_context.html
Просмотреть файл

@ -24,9 +24,6 @@
* (b) the regular cookie is available.
*/
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.same-site.enabled");
});
SimpleTest.waitForExplicitFinish();
const CROSS_ORIGIN = "http://example.com/";
@ -36,33 +33,17 @@ let curTest = 0;
var tests = [
{
description: "regular cookie in cross origin context (same-site: on)",
description: "regular cookie in cross origin context",
imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=regularCookie",
},
{
description: "same-site cookie in cross origin context (same-site: on)",
description: "same-site cookie in cross origin context",
imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "", // no cookie should be set
},
{
description: "regular cookie in cross origin context (same-site: off)",
imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=regularCookie",
},
{
description: "same-site cookie in cross origin context (same-site: off)",
imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=strictSameSiteCookie",
},
];
@ -87,7 +68,6 @@ function setupQueryResultAndRunTest() {
}
function setCookieAndInitTest() {
SpecialPowers.setBoolPref("network.cookie.same-site.enabled", tests[curTest].sameSiteEnabled);
var cookieImage = document.getElementById("cookieImage");
cookieImage.onload = function() {
ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");

20
dom/security/test/general/test_same_site_cookies_from_script.html
Просмотреть файл

@ -23,9 +23,6 @@
* (a) same site cookie has been discarded in a cross origin context.
*/
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.same-site.enabled");
});
SimpleTest.waitForExplicitFinish();
const SAME_ORIGIN = "http://mochi.test:8888/";
@ -39,30 +36,14 @@ var tests = [
description: "same-site cookie inline script within same-site context",
setCookieSrc: SAME_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
getCookieSrc: SAME_ORIGIN + PATH + "?getCookieFrame",
sameSiteEnabled: true,
result: "myKey=sameSiteCookieInlineScript",
},
{
description: "same-site cookie inline script within cross-site context",
setCookieSrc: CROSS_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
getCookieSrc: CROSS_ORIGIN + PATH + "?getCookieFrame",
sameSiteEnabled: true,
result: "", // same-site cookie should be discarded in cross site context
},
{
description: "same-site cookie inline script within same-site context",
setCookieSrc: SAME_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
getCookieSrc: SAME_ORIGIN + PATH + "?getCookieFrame",
sameSiteEnabled: false,
result: "myKey=sameSiteCookieInlineScript",
},
{
description: "same-site cookie inline script within cross-site context",
setCookieSrc: CROSS_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
getCookieSrc: CROSS_ORIGIN + PATH + "?getCookieFrame",
sameSiteEnabled: false,
result: "myKey=sameSiteCookieInlineScript",
},
];
window.addEventListener("message", receiveMessage);
@ -86,7 +67,6 @@ function setupQueryResultAndRunTest() {
}
function setCookieAndInitTest() {
SpecialPowers.setBoolPref("network.cookie.same-site.enabled", tests[curTest].sameSiteEnabled);
var cookieFrame = document.getElementById("setCookieFrame");
setCookieFrame.onload = function() {
ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");

36
dom/security/test/general/test_same_site_cookies_subrequest.html
Просмотреть файл

@ -27,9 +27,6 @@
* XHR request with the expecuted result (the cookie value).
*/
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.same-site.enabled");
});
SimpleTest.waitForExplicitFinish();
const SAME_ORIGIN = "http://mochi.test:8888/";
@ -43,58 +40,26 @@ var tests = [
description: "same origin site using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=strictSameSiteCookie",
},
{
description: "cross origin site using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=noCookie",
},
{
description: "same origin site using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=laxSameSiteCookie",
},
{
description: "cross origin site using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=noCookie",
},
{
description: "same origin site using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=strictSameSiteCookie",
},
{
description: "cross origin site using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=strictSameSiteCookie",
},
{
description: "same origin site using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=laxSameSiteCookie",
},
{
description: "cross origin site using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=laxSameSiteCookie",
},
];
function checkResult(aCookieVal) {
@ -129,7 +94,6 @@ function setupQueryResultAndRunTest() {
}
function setCookieAndInitTest() {
SpecialPowers.setBoolPref("network.cookie.same-site.enabled", tests[curTest].sameSiteEnabled);
var cookieImage = document.getElementById("cookieImage");
cookieImage.onload = function() {
ok(true, "set cookie for test (" + tests[curTest].description + ")");

36
dom/security/test/general/test_same_site_cookies_toplevel_nav.html
Просмотреть файл

@ -28,9 +28,6 @@
* XHR request with the expecuted result (the cookie value).
*/
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.same-site.enabled");
});
SimpleTest.waitForExplicitFinish();
const SAME_ORIGIN = "http://mochi.test:8888/";
@ -44,56 +41,24 @@ var tests = [
description: "same origin navigation using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=strictSameSiteCookie",
},
{
description: "cross origin navigation using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=noCookie",
},
{
description: "same origin navigation using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=laxSameSiteCookie",
},
{
description: "cross origin navigation using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: true,
result: "myKey=laxSameSiteCookie",
},
{
description: "same origin navigation using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=strictSameSiteCookie",
},
{
description: "cross origin navigation using cookie policy 'samesite=strict'",
imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=strictSameSiteCookie",
},
{
description: "same origin navigation using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=laxSameSiteCookie",
},
{
description: "cross origin navigation using cookie policy 'samesite=lax'",
imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
sameSiteEnabled: false,
result: "myKey=laxSameSiteCookie",
},
];
@ -130,7 +95,6 @@ function setupQueryResultAndRunTest() {
}
function setCookieAndInitTest() {
SpecialPowers.setBoolPref("network.cookie.same-site.enabled", tests[curTest].sameSiteEnabled);
var cookieImage = document.getElementById("cookieImage");
cookieImage.onload = function() {
ok(true, "set cookie for test (" + tests[curTest].description + ")");

1
modules/libpref/init/all.js
Просмотреть файл

@ -2350,7 +2350,6 @@ pref("network.proxy.failover_timeout", 1800); // 30 minutes
pref("network.online", true); //online/offline
pref("network.cookie.thirdparty.sessionOnly", false);
pref("network.cookie.thirdparty.nonsecureSessionOnly", false);
pref("network.cookie.same-site.enabled", true); // Honor the SameSite cookie attribute
// The interval in seconds to move the cookies in the child process.
// Set to 0 to disable moving the cookies.

2
netwerk/cookie/CookieServiceChild.cpp
Просмотреть файл

@ -346,7 +346,7 @@ void CookieServiceChild::GetCookieStringFromCookieHashTable(
int32_t sameSiteAttr = 0;
cookie->GetSameSite(&sameSiteAttr);
if (aIsSameSiteForeign && nsCookieService::IsSameSiteEnabled()) {
if (aIsSameSiteForeign) {
// it if's a cross origin request and the cookie is same site only
// (strict) don't send it
if (sameSiteAttr == nsICookie2::SAMESITE_STRICT) {

15
netwerk/cookie/nsCookieService.cpp
Просмотреть файл

@ -80,7 +80,6 @@ using namespace mozilla::net;
******************************************************************************/
static StaticRefPtr<nsCookieService> gCookieService;
bool nsCookieService::sSameSiteEnabled = false;
// XXX_hack. See bug 178993.
// This is a hack to hide HttpOnly cookies from older browsers
@ -2976,16 +2975,6 @@ bool nsCookieService::DomainMatches(nsCookie* aCookie,
(aCookie->IsDomain() && StringEndsWith(aHost, aCookie->Host()));
}
bool nsCookieService::IsSameSiteEnabled() {
static bool prefInitialized = false;
if (!prefInitialized) {
Preferences::AddBoolVarCache(&sSameSiteEnabled,
"network.cookie.same-site.enabled", false);
prefInitialized = true;
}
return sSameSiteEnabled;
}
bool nsCookieService::PathMatches(nsCookie* aCookie, const nsACString& aPath) {
// calculate cookie path length, excluding trailing '/'
uint32_t cookiePathLen = aCookie->Path().Length();
@ -3111,7 +3100,7 @@ void nsCookieService::GetCookiesForURI(
int32_t sameSiteAttr = 0;
cookie->GetSameSite(&sameSiteAttr);
if (aIsSameSiteForeign && IsSameSiteEnabled()) {
if (aIsSameSiteForeign) {
// it if's a cross origin request and the cookie is same site only
// (strict) don't send it
if (sameSiteAttr == nsICookie2::SAMESITE_STRICT) {
@ -3374,7 +3363,7 @@ bool nsCookieService::CanSetCookie(nsIURI* aHostURI, const nsCookieKey& aKey,
// If the new cookie is same-site but in a cross site context,
// browser must ignore the cookie.
if ((aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET) &&
aThirdPartyUtil && IsSameSiteEnabled()) {
aThirdPartyUtil) {
// Do not treat loads triggered by web extensions as foreign
bool addonAllowsLoad = false;
if (aChannel) {

1
netwerk/cookie/nsCookieService.h
Просмотреть файл

@ -250,7 +250,6 @@ class nsCookieService final : public nsICookieService,
const nsACString& aHost,
nsCString& aBaseDomain);
static bool DomainMatches(nsCookie* aCookie, const nsACString& aHost);
static bool IsSameSiteEnabled();
static bool PathMatches(nsCookie* aCookie, const nsACString& aPath);
static bool CanSetCookie(nsIURI* aHostURI, const nsCookieKey& aKey,
nsCookieAttributes& aCookieAttributes,

28
toolkit/components/reader/test/browser_bug1453818_samesite_cookie.js
Просмотреть файл

@ -25,24 +25,18 @@ async function checkCookiePresent(browser) {
});
}
async function checkCookie(sameSiteEnabled, browser) {
if (sameSiteEnabled) {
info("Check that the SameSite cookie was not sent.");
await ContentTask.spawn(browser, null, async function() {
let cookieSpan = content.document.getElementById("cookieSpan");
ok(cookieSpan, "cookieSpan element should be in document");
is(cookieSpan.textContent, "", "The SameSite cookie was blocked correctly.");
});
} else {
info("Check that the SameSite cookie was sent.");
await checkCookiePresent(browser);
}
async function checkCookie(browser) {
info("Check that the SameSite cookie was not sent.");
await ContentTask.spawn(browser, null, async function() {
let cookieSpan = content.document.getElementById("cookieSpan");
ok(cookieSpan, "cookieSpan element should be in document");
is(cookieSpan.textContent, "", "The SameSite cookie was blocked correctly.");
});
}
async function runTest(sameSiteEnabled) {
async function runTest() {
await SpecialPowers.pushPrefEnv({
set: [["network.cookie.same-site.enabled", sameSiteEnabled],
["reader.parse-on-load.enabled", true]],
set: [["reader.parse-on-load.enabled", true]],
});
info("Set a SameSite=strict cookie.");
@ -69,7 +63,7 @@ async function runTest(sameSiteEnabled) {
await pageLoaded;
await clickLink(browser);
await checkCookie(sameSiteEnabled, browser);
await checkCookie(browser);
await BrowserTestUtils.removeTab(tab);
}
@ -84,7 +78,7 @@ async function runTest(sameSiteEnabled) {
await pageShown;
await clickLink(browser);
await checkCookie(sameSiteEnabled, browser);
await checkCookie(browser);
});
}