Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18960

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrea Marchesini 2019-02-27 19:58:07 +00:00
Родитель eaa983a53f
Коммит 477f2b65c3
10 изменённых файлов: 94 добавлений и 91 удалений

Просмотреть файл

@ -11813,7 +11813,7 @@ DocumentAutoplayPolicy Document::AutoplayPolicy() const {
}
void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
if (StaticPrefs::network_cookie_cookieBehavior() !=
if (mCookieSettings->GetCookieBehavior() !=
nsICookieService::BEHAVIOR_REJECT_TRACKER) {
return;
}
@ -12329,8 +12329,8 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
}
// Only enforce third-party checks when there is a reason to enforce them.
if (StaticPrefs::network_cookie_cookieBehavior() !=
nsICookieService::BEHAVIOR_ACCEPT) {
if (mCookieSettings->GetCookieBehavior() !=
nsICookieService::BEHAVIOR_REJECT_TRACKER) {
// Step 3. If the document's frame is the main frame, resolve.
if (IsTopLevelContentDocument()) {
promise->MaybeResolveWithUndefined();
@ -12382,7 +12382,7 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
return promise.forget();
}
if (StaticPrefs::network_cookie_cookieBehavior() ==
if (mCookieSettings->GetCookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
inner) {
// Only do something special for third-party tracking content.

Просмотреть файл

@ -1264,10 +1264,6 @@ nsGlobalWindowOuter::~nsGlobalWindowOuter() {
if (obs) {
obs->RemoveObserver(this, PERM_CHANGE_NOTIFICATION);
}
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
if (prefBranch) {
prefBranch->RemoveObserver("network.cookie.cookieBehavior", this);
}
nsLayoutStatics::Release();
}
@ -2324,20 +2320,18 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
mHasStorageAccess = false;
nsIURI* uri = aDocument->GetDocumentURI();
if (newInnerWindow) {
if (StaticPrefs::network_cookie_cookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
uri) &&
nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
// Grant storage access by default if the first-party storage access
// permission has been granted already.
// Don't notify in this case, since we would be notifying the user
// needlessly.
mHasStorageAccess =
AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
newInnerWindow, uri, nullptr);
}
if (newInnerWindow &&
aDocument->CookieSettings()->GetCookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
uri) &&
nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
// Grant storage access by default if the first-party storage access
// permission has been granted already.
// Don't notify in this case, since we would be notifying the user
// needlessly.
mHasStorageAccess = AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
newInnerWindow, uri, nullptr);
}
return NS_OK;
@ -6975,11 +6969,6 @@ NS_IMETHODIMP
nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
const char16_t* aData) {
if (!nsCRT::strcmp(aTopic, PERM_CHANGE_NOTIFICATION)) {
if (!nsCRT::strcmp(aData, u"cleared") && !aSupports) {
// All permissions have been cleared.
mHasStorageAccess = false;
return NS_OK;
}
nsCOMPtr<nsIPermission> permission = do_QueryInterface(aSupports);
if (!permission) {
return NS_OK;
@ -7011,10 +7000,6 @@ nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
return NS_OK;
}
}
} else if (!nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
// Reset the storage access permission when our cookie policy changes.
mHasStorageAccess = false;
return NS_OK;
}
return NS_OK;
}
@ -7811,10 +7796,6 @@ mozilla::dom::TabGroup* nsPIDOMWindowOuter::TabGroup() {
obs->AddObserver(window, PERM_CHANGE_NOTIFICATION, true);
}));
}
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
if (prefBranch) {
prefBranch->AddObserver("network.cookie.cookieBehavior", window, true);
}
return window.forget();
}

Просмотреть файл

@ -2017,8 +2017,10 @@ void RuntimeService::PropagateFirstPartyStorageAccessGranted(
nsPIDOMWindowInner* aWindow) {
AssertIsOnMainThread();
MOZ_ASSERT(aWindow);
MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER);
MOZ_ASSERT_IF(
aWindow->GetExtantDoc(),
aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER);
nsTArray<WorkerPrivate*> workers;
GetWorkersForWindow(aWindow, workers);
@ -2399,8 +2401,10 @@ void ResumeWorkersForWindow(nsPIDOMWindowInner* aWindow) {
void PropagateFirstPartyStorageAccessGrantedToWorkers(
nsPIDOMWindowInner* aWindow) {
AssertIsOnMainThread();
MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER);
MOZ_ASSERT_IF(
aWindow->GetExtantDoc(),
aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
nsICookieService::BEHAVIOR_REJECT_TRACKER);
RuntimeService* runtime = RuntimeService::GetService();
if (runtime) {

Просмотреть файл

@ -2,14 +2,14 @@
// communicate with other windows with different cookie settings.
CookiePolicyHelper.runTest("BroadcastChannel", {
cookieJarAccessAllowed: async _ => {
new content.BroadcastChannel("hello");
cookieJarAccessAllowed: async w => {
new w.BroadcastChannel("hello");
ok(true, "BroadcastChannel be used");
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
try {
new content.BroadcastChannel("hello");
new w.BroadcastChannel("hello");
ok(false, "BroadcastChannel cannot be used!");
} catch (e) {
ok(true, "BroadcastChannel cannot be used!");
@ -19,22 +19,22 @@ CookiePolicyHelper.runTest("BroadcastChannel", {
});
CookiePolicyHelper.runTest("BroadcastChannel in workers", {
cookieJarAccessAllowed: async _ => {
cookieJarAccessAllowed: async w => {
function nonBlockingCode() {
new BroadcastChannel("hello");
postMessage(true);
}
let blob = new content.Blob([nonBlockingCode.toString() + "; nonBlockingCode();"]);
let blob = new w.Blob([nonBlockingCode.toString() + "; nonBlockingCode();"]);
ok(blob, "Blob has been created");
let blobURL = content.URL.createObjectURL(blob);
let blobURL = w.URL.createObjectURL(blob);
ok(blobURL, "Blob URL has been created");
let worker = new content.Worker(blobURL);
let worker = new w.Worker(blobURL);
ok(worker, "Worker has been created");
await new content.Promise((resolve, reject) => {
await new w.Promise((resolve, reject) => {
worker.onmessage = function(e) {
if (e) {
resolve();
@ -45,7 +45,7 @@ CookiePolicyHelper.runTest("BroadcastChannel in workers", {
});
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
function blockingCode() {
try {
new BroadcastChannel("hello");
@ -55,16 +55,16 @@ CookiePolicyHelper.runTest("BroadcastChannel in workers", {
}
}
let blob = new content.Blob([blockingCode.toString() + "; blockingCode();"]);
let blob = new w.Blob([blockingCode.toString() + "; blockingCode();"]);
ok(blob, "Blob has been created");
let blobURL = content.URL.createObjectURL(blob);
let blobURL = w.URL.createObjectURL(blob);
ok(blobURL, "Blob URL has been created");
let worker = new content.Worker(blobURL);
let worker = new w.Worker(blobURL);
ok(worker, "Worker has been created");
await new content.Promise((resolve, reject) => {
await new w.Promise((resolve, reject) => {
worker.onmessage = function(e) {
if (e) {
resolve();

Просмотреть файл

@ -1,12 +1,12 @@
CookiePolicyHelper.runTest("DOM Cache", {
cookieJarAccessAllowed: async _ => {
await content.caches.open("wow").then(
cookieJarAccessAllowed: async w => {
await w.caches.open("wow").then(
_ => { ok(true, "DOM Cache can be used!"); },
_ => { ok(false, "DOM Cache can be used!"); });
},
cookieJarAccessDenied: async _ => {
await content.caches.open("wow").then(
cookieJarAccessDenied: async w => {
await w.caches.open("wow").then(
_ => { ok(false, "DOM Cache cannot be used!"); },
_ => { ok(true, "DOM Cache cannot be used!"); });
},

Просмотреть файл

@ -1,12 +1,12 @@
CookiePolicyHelper.runTest("IndexedDB", {
cookieJarAccessAllowed: async _ => {
content.indexedDB.open("test", "1");
cookieJarAccessAllowed: async w => {
w.indexedDB.open("test", "1");
ok(true, "IDB should be allowed");
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
try {
content.indexedDB.open("test", "1");
w.indexedDB.open("test", "1");
ok(false, "IDB should be blocked");
} catch (e) {
ok(true, "IDB should be blocked");
@ -16,22 +16,22 @@ CookiePolicyHelper.runTest("IndexedDB", {
});
CookiePolicyHelper.runTest("IndexedDB in workers", {
cookieJarAccessAllowed: async _ => {
cookieJarAccessAllowed: async w => {
function nonBlockCode() {
indexedDB.open("test", "1");
postMessage(true);
}
let blob = new content.Blob([nonBlockCode.toString() + "; nonBlockCode();"]);
let blob = new w.Blob([nonBlockCode.toString() + "; nonBlockCode();"]);
ok(blob, "Blob has been created");
let blobURL = content.URL.createObjectURL(blob);
let blobURL = w.URL.createObjectURL(blob);
ok(blobURL, "Blob URL has been created");
let worker = new content.Worker(blobURL);
let worker = new w.Worker(blobURL);
ok(worker, "Worker has been created");
await new content.Promise((resolve, reject) => {
await new w.Promise((resolve, reject) => {
worker.onmessage = function(e) {
if (e.data) {
resolve();
@ -46,7 +46,7 @@ CookiePolicyHelper.runTest("IndexedDB in workers", {
});
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
function blockCode() {
try {
indexedDB.open("test", "1");
@ -56,16 +56,16 @@ CookiePolicyHelper.runTest("IndexedDB in workers", {
}
}
let blob = new content.Blob([blockCode.toString() + "; blockCode();"]);
let blob = new w.Blob([blockCode.toString() + "; blockCode();"]);
ok(blob, "Blob has been created");
let blobURL = content.URL.createObjectURL(blob);
let blobURL = w.URL.createObjectURL(blob);
ok(blobURL, "Blob URL has been created");
let worker = new content.Worker(blobURL);
let worker = new w.Worker(blobURL);
ok(worker, "Worker has been created");
await new content.Promise((resolve, reject) => {
await new w.Promise((resolve, reject) => {
worker.onmessage = function(e) {
if (e.data) {
resolve();

Просмотреть файл

@ -6,8 +6,8 @@ CookiePolicyHelper.runTest("ServiceWorker", {
["dom.serviceWorkers.testing.enabled", true],
],
cookieJarAccessAllowed: async _ => {
await content.navigator.serviceWorker.register("file_empty.js").then(
cookieJarAccessAllowed: async w => {
await w.navigator.serviceWorker.register("file_empty.js").then(
reg => { ok(true, "ServiceWorker can be used!"); return reg; },
_ => { ok(false, "ServiceWorker cannot be used! " + _); }).then(
reg => reg.unregister(),
@ -15,8 +15,8 @@ CookiePolicyHelper.runTest("ServiceWorker", {
catch(e => ok(false, "Promise rejected: " + e));
},
cookieJarAccessDenied: async _ => {
await content.navigator.serviceWorker.register("file_empty.js").then(
cookieJarAccessDenied: async w => {
await w.navigator.serviceWorker.register("file_empty.js").then(
_ => { ok(false, "ServiceWorker cannot be used!"); },
_ => { ok(true, "ServiceWorker cannot be used!"); }).
catch(e => ok(false, "Promise rejected: " + e));

Просмотреть файл

@ -1,12 +1,12 @@
CookiePolicyHelper.runTest("SharedWorker", {
cookieJarAccessAllowed: async _ => {
new content.SharedWorker("a.js", "foo");
cookieJarAccessAllowed: async w => {
new w.SharedWorker("a.js", "foo");
ok(true, "SharedWorker is allowed");
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
try {
new content.SharedWorker("a.js", "foo");
new w.SharedWorker("a.js", "foo");
ok(false, "SharedWorker cannot be used!");
} catch (e) {
ok(true, "SharedWorker cannot be used!");

Просмотреть файл

@ -1,16 +1,16 @@
CookiePolicyHelper.runTest("SessionStorage", {
cookieJarAccessAllowed: async _ => {
cookieJarAccessAllowed: async w => {
try {
content.sessionStorage.foo = 42;
w.sessionStorage.foo = 42;
ok(true, "SessionStorage works");
} catch (e) {
ok(false, "SessionStorage works");
}
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
try {
content.sessionStorage.foo = 42;
w.sessionStorage.foo = 42;
ok(false, "SessionStorage doesn't work");
} catch (e) {
ok(true, "SessionStorage doesn't work");
@ -20,22 +20,22 @@ CookiePolicyHelper.runTest("SessionStorage", {
});
CookiePolicyHelper.runTest("LocalStorage", {
cookieJarAccessAllowed: async _ => {
cookieJarAccessAllowed: async w => {
try {
content.localStorage.foo = 42;
w.localStorage.foo = 42;
ok(true, "LocalStorage works");
} catch (e) {
ok(false, "LocalStorage works");
}
},
cookieJarAccessDenied: async _ => {
cookieJarAccessDenied: async w => {
try {
content.localStorage.foo = 42;
w.localStorage.foo = 42;
ok(false, "LocalStorage doesn't work");
} catch (e) {
ok(true, "LocalStorage doesn't work");
is(e.name, "SecurityError", "We want a security error message.");
is(e.name, "TypeError", "We want a security error message.");
}
},
});

Просмотреть файл

@ -97,6 +97,18 @@ this.CookiePolicyHelper = {
let browser = gBrowser.getBrowserForTab(tab);
await BrowserTestUtils.browserLoaded(browser);
// Let's create an iframe.
await ContentTask.spawn(browser, { url: TEST_TOP_PAGE },
async obj => {
return new content.Promise(resolve => {
let ifr = content.document.createElement('iframe');
ifr.setAttribute("id", "iframe");
ifr.src = obj.url;
ifr.onload = resolve;
content.document.body.appendChild(ifr);
});
});
// Let's exec the "good" callback.
info("Executing the test after setting the cookie behavior to " + config.fromBehavior + " and permission to " + config.fromPermission);
await ContentTask.spawn(browser,
@ -104,7 +116,10 @@ this.CookiePolicyHelper = {
async obj => {
let runnableStr = `(() => {return (${obj.callback});})();`;
let runnable = eval(runnableStr); // eslint-disable-line no-eval
await runnable();
await runnable(content);
let ifr = content.document.getElementById("iframe");
await runnable(ifr.contentWindow);
});
// Now, let's change the cookie settings
@ -120,7 +135,10 @@ this.CookiePolicyHelper = {
async obj => {
let runnableStr = `(() => {return (${obj.callback});})();`;
let runnable = eval(runnableStr); // eslint-disable-line no-eval
await runnable.call(content.window);
await runnable(content);
let ifr = content.document.getElementById("iframe");
await runnable(ifr.contentWindow);
});
// Let's close the tab.
@ -140,7 +158,7 @@ this.CookiePolicyHelper = {
async obj => {
let runnableStr = `(() => {return (${obj.callback});})();`;
let runnable = eval(runnableStr); // eslint-disable-line no-eval
await runnable.call(content.window);
await runnable(content);
});
// Let's close the tab.