Bug 1475708 - Block setting cookies using document.cookie when restricting 3rd party storage; r=baku

2018-07-13 15:37:00 +03:00 · 2018-07-13 15:37:00 +03:00 · 29e57a2096
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@ -1162,6 +1162,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv)
    return;
  }

+  if (nsContentUtils::StorageDisabledByAntiTracking(GetInnerWindow(), nullptr,
+                                                    nullptr)) {
+    return;
+  }
+
  // If the document is a cookie-averse Document... do nothing.
  if (IsCookieAverse()) {
    return;
--- a/toolkit/components/antitracking/test/browser/browser_blockingCookies.js
+++ b/toolkit/components/antitracking/test/browser/browser_blockingCookies.js
@ -4,6 +4,8 @@ AntiTracking.runTest("Set/Get Cookies",
  // Blocking callback
  async _ => {
    is(document.cookie, "", "No cookies for me");
+    document.cookie = "name=value";
+    is(document.cookie, "", "No cookies for me");

    await fetch("server.sjs").then(r => r.text()).then(text => {
      is(text, "cookie-not-present", "We should not have cookies");
@ -23,6 +25,11 @@ AntiTracking.runTest("Set/Get Cookies",
    await fetch("server.sjs").then(r => r.text()).then(text => {
      is(text, "cookie-not-present", "We should not have cookies");
    });
+
+    document.cookie = "name=value";
+    ok(document.cookie.includes("name=value"), "Some cookies for me");
+    ok(document.cookie.includes("foopy=1"), "Some cookies for me");
+
    await fetch("server.sjs").then(r => r.text()).then(text => {
      is(text, "cookie-present", "We should have cookies");
    });