зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D18960 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
eaa983a53f
Коммит
477f2b65c3
|
@ -11813,7 +11813,7 @@ DocumentAutoplayPolicy Document::AutoplayPolicy() const {
|
|||
}
|
||||
|
||||
void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
|
||||
if (StaticPrefs::network_cookie_cookieBehavior() !=
|
||||
if (mCookieSettings->GetCookieBehavior() !=
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER) {
|
||||
return;
|
||||
}
|
||||
|
@ -12329,8 +12329,8 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
|
|||
}
|
||||
|
||||
// Only enforce third-party checks when there is a reason to enforce them.
|
||||
if (StaticPrefs::network_cookie_cookieBehavior() !=
|
||||
nsICookieService::BEHAVIOR_ACCEPT) {
|
||||
if (mCookieSettings->GetCookieBehavior() !=
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER) {
|
||||
// Step 3. If the document's frame is the main frame, resolve.
|
||||
if (IsTopLevelContentDocument()) {
|
||||
promise->MaybeResolveWithUndefined();
|
||||
|
@ -12382,7 +12382,7 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
|
|||
return promise.forget();
|
||||
}
|
||||
|
||||
if (StaticPrefs::network_cookie_cookieBehavior() ==
|
||||
if (mCookieSettings->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
|
||||
inner) {
|
||||
// Only do something special for third-party tracking content.
|
||||
|
|
|
@ -1264,10 +1264,6 @@ nsGlobalWindowOuter::~nsGlobalWindowOuter() {
|
|||
if (obs) {
|
||||
obs->RemoveObserver(this, PERM_CHANGE_NOTIFICATION);
|
||||
}
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
if (prefBranch) {
|
||||
prefBranch->RemoveObserver("network.cookie.cookieBehavior", this);
|
||||
}
|
||||
|
||||
nsLayoutStatics::Release();
|
||||
}
|
||||
|
@ -2324,20 +2320,18 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
|
|||
|
||||
mHasStorageAccess = false;
|
||||
nsIURI* uri = aDocument->GetDocumentURI();
|
||||
if (newInnerWindow) {
|
||||
if (StaticPrefs::network_cookie_cookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
|
||||
nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
|
||||
uri) &&
|
||||
nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
|
||||
// Grant storage access by default if the first-party storage access
|
||||
// permission has been granted already.
|
||||
// Don't notify in this case, since we would be notifying the user
|
||||
// needlessly.
|
||||
mHasStorageAccess =
|
||||
AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
|
||||
newInnerWindow, uri, nullptr);
|
||||
}
|
||||
if (newInnerWindow &&
|
||||
aDocument->CookieSettings()->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER &&
|
||||
nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
|
||||
uri) &&
|
||||
nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
|
||||
// Grant storage access by default if the first-party storage access
|
||||
// permission has been granted already.
|
||||
// Don't notify in this case, since we would be notifying the user
|
||||
// needlessly.
|
||||
mHasStorageAccess = AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
|
||||
newInnerWindow, uri, nullptr);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -6975,11 +6969,6 @@ NS_IMETHODIMP
|
|||
nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
|
||||
const char16_t* aData) {
|
||||
if (!nsCRT::strcmp(aTopic, PERM_CHANGE_NOTIFICATION)) {
|
||||
if (!nsCRT::strcmp(aData, u"cleared") && !aSupports) {
|
||||
// All permissions have been cleared.
|
||||
mHasStorageAccess = false;
|
||||
return NS_OK;
|
||||
}
|
||||
nsCOMPtr<nsIPermission> permission = do_QueryInterface(aSupports);
|
||||
if (!permission) {
|
||||
return NS_OK;
|
||||
|
@ -7011,10 +7000,6 @@ nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
|
|||
return NS_OK;
|
||||
}
|
||||
}
|
||||
} else if (!nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
|
||||
// Reset the storage access permission when our cookie policy changes.
|
||||
mHasStorageAccess = false;
|
||||
return NS_OK;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -7811,10 +7796,6 @@ mozilla::dom::TabGroup* nsPIDOMWindowOuter::TabGroup() {
|
|||
obs->AddObserver(window, PERM_CHANGE_NOTIFICATION, true);
|
||||
}));
|
||||
}
|
||||
nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
if (prefBranch) {
|
||||
prefBranch->AddObserver("network.cookie.cookieBehavior", window, true);
|
||||
}
|
||||
return window.forget();
|
||||
}
|
||||
|
||||
|
|
|
@ -2017,8 +2017,10 @@ void RuntimeService::PropagateFirstPartyStorageAccessGranted(
|
|||
nsPIDOMWindowInner* aWindow) {
|
||||
AssertIsOnMainThread();
|
||||
MOZ_ASSERT(aWindow);
|
||||
MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER);
|
||||
MOZ_ASSERT_IF(
|
||||
aWindow->GetExtantDoc(),
|
||||
aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER);
|
||||
|
||||
nsTArray<WorkerPrivate*> workers;
|
||||
GetWorkersForWindow(aWindow, workers);
|
||||
|
@ -2399,8 +2401,10 @@ void ResumeWorkersForWindow(nsPIDOMWindowInner* aWindow) {
|
|||
void PropagateFirstPartyStorageAccessGrantedToWorkers(
|
||||
nsPIDOMWindowInner* aWindow) {
|
||||
AssertIsOnMainThread();
|
||||
MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER);
|
||||
MOZ_ASSERT_IF(
|
||||
aWindow->GetExtantDoc(),
|
||||
aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
|
||||
nsICookieService::BEHAVIOR_REJECT_TRACKER);
|
||||
|
||||
RuntimeService* runtime = RuntimeService::GetService();
|
||||
if (runtime) {
|
||||
|
|
|
@ -2,14 +2,14 @@
|
|||
// communicate with other windows with different cookie settings.
|
||||
|
||||
CookiePolicyHelper.runTest("BroadcastChannel", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
new content.BroadcastChannel("hello");
|
||||
cookieJarAccessAllowed: async w => {
|
||||
new w.BroadcastChannel("hello");
|
||||
ok(true, "BroadcastChannel be used");
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
try {
|
||||
new content.BroadcastChannel("hello");
|
||||
new w.BroadcastChannel("hello");
|
||||
ok(false, "BroadcastChannel cannot be used!");
|
||||
} catch (e) {
|
||||
ok(true, "BroadcastChannel cannot be used!");
|
||||
|
@ -19,22 +19,22 @@ CookiePolicyHelper.runTest("BroadcastChannel", {
|
|||
});
|
||||
|
||||
CookiePolicyHelper.runTest("BroadcastChannel in workers", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
cookieJarAccessAllowed: async w => {
|
||||
function nonBlockingCode() {
|
||||
new BroadcastChannel("hello");
|
||||
postMessage(true);
|
||||
}
|
||||
|
||||
let blob = new content.Blob([nonBlockingCode.toString() + "; nonBlockingCode();"]);
|
||||
let blob = new w.Blob([nonBlockingCode.toString() + "; nonBlockingCode();"]);
|
||||
ok(blob, "Blob has been created");
|
||||
|
||||
let blobURL = content.URL.createObjectURL(blob);
|
||||
let blobURL = w.URL.createObjectURL(blob);
|
||||
ok(blobURL, "Blob URL has been created");
|
||||
|
||||
let worker = new content.Worker(blobURL);
|
||||
let worker = new w.Worker(blobURL);
|
||||
ok(worker, "Worker has been created");
|
||||
|
||||
await new content.Promise((resolve, reject) => {
|
||||
await new w.Promise((resolve, reject) => {
|
||||
worker.onmessage = function(e) {
|
||||
if (e) {
|
||||
resolve();
|
||||
|
@ -45,7 +45,7 @@ CookiePolicyHelper.runTest("BroadcastChannel in workers", {
|
|||
});
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
function blockingCode() {
|
||||
try {
|
||||
new BroadcastChannel("hello");
|
||||
|
@ -55,16 +55,16 @@ CookiePolicyHelper.runTest("BroadcastChannel in workers", {
|
|||
}
|
||||
}
|
||||
|
||||
let blob = new content.Blob([blockingCode.toString() + "; blockingCode();"]);
|
||||
let blob = new w.Blob([blockingCode.toString() + "; blockingCode();"]);
|
||||
ok(blob, "Blob has been created");
|
||||
|
||||
let blobURL = content.URL.createObjectURL(blob);
|
||||
let blobURL = w.URL.createObjectURL(blob);
|
||||
ok(blobURL, "Blob URL has been created");
|
||||
|
||||
let worker = new content.Worker(blobURL);
|
||||
let worker = new w.Worker(blobURL);
|
||||
ok(worker, "Worker has been created");
|
||||
|
||||
await new content.Promise((resolve, reject) => {
|
||||
await new w.Promise((resolve, reject) => {
|
||||
worker.onmessage = function(e) {
|
||||
if (e) {
|
||||
resolve();
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
CookiePolicyHelper.runTest("DOM Cache", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
await content.caches.open("wow").then(
|
||||
cookieJarAccessAllowed: async w => {
|
||||
await w.caches.open("wow").then(
|
||||
_ => { ok(true, "DOM Cache can be used!"); },
|
||||
_ => { ok(false, "DOM Cache can be used!"); });
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
await content.caches.open("wow").then(
|
||||
cookieJarAccessDenied: async w => {
|
||||
await w.caches.open("wow").then(
|
||||
_ => { ok(false, "DOM Cache cannot be used!"); },
|
||||
_ => { ok(true, "DOM Cache cannot be used!"); });
|
||||
},
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
CookiePolicyHelper.runTest("IndexedDB", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
content.indexedDB.open("test", "1");
|
||||
cookieJarAccessAllowed: async w => {
|
||||
w.indexedDB.open("test", "1");
|
||||
ok(true, "IDB should be allowed");
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
try {
|
||||
content.indexedDB.open("test", "1");
|
||||
w.indexedDB.open("test", "1");
|
||||
ok(false, "IDB should be blocked");
|
||||
} catch (e) {
|
||||
ok(true, "IDB should be blocked");
|
||||
|
@ -16,22 +16,22 @@ CookiePolicyHelper.runTest("IndexedDB", {
|
|||
});
|
||||
|
||||
CookiePolicyHelper.runTest("IndexedDB in workers", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
cookieJarAccessAllowed: async w => {
|
||||
function nonBlockCode() {
|
||||
indexedDB.open("test", "1");
|
||||
postMessage(true);
|
||||
}
|
||||
|
||||
let blob = new content.Blob([nonBlockCode.toString() + "; nonBlockCode();"]);
|
||||
let blob = new w.Blob([nonBlockCode.toString() + "; nonBlockCode();"]);
|
||||
ok(blob, "Blob has been created");
|
||||
|
||||
let blobURL = content.URL.createObjectURL(blob);
|
||||
let blobURL = w.URL.createObjectURL(blob);
|
||||
ok(blobURL, "Blob URL has been created");
|
||||
|
||||
let worker = new content.Worker(blobURL);
|
||||
let worker = new w.Worker(blobURL);
|
||||
ok(worker, "Worker has been created");
|
||||
|
||||
await new content.Promise((resolve, reject) => {
|
||||
await new w.Promise((resolve, reject) => {
|
||||
worker.onmessage = function(e) {
|
||||
if (e.data) {
|
||||
resolve();
|
||||
|
@ -46,7 +46,7 @@ CookiePolicyHelper.runTest("IndexedDB in workers", {
|
|||
});
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
function blockCode() {
|
||||
try {
|
||||
indexedDB.open("test", "1");
|
||||
|
@ -56,16 +56,16 @@ CookiePolicyHelper.runTest("IndexedDB in workers", {
|
|||
}
|
||||
}
|
||||
|
||||
let blob = new content.Blob([blockCode.toString() + "; blockCode();"]);
|
||||
let blob = new w.Blob([blockCode.toString() + "; blockCode();"]);
|
||||
ok(blob, "Blob has been created");
|
||||
|
||||
let blobURL = content.URL.createObjectURL(blob);
|
||||
let blobURL = w.URL.createObjectURL(blob);
|
||||
ok(blobURL, "Blob URL has been created");
|
||||
|
||||
let worker = new content.Worker(blobURL);
|
||||
let worker = new w.Worker(blobURL);
|
||||
ok(worker, "Worker has been created");
|
||||
|
||||
await new content.Promise((resolve, reject) => {
|
||||
await new w.Promise((resolve, reject) => {
|
||||
worker.onmessage = function(e) {
|
||||
if (e.data) {
|
||||
resolve();
|
||||
|
|
|
@ -6,8 +6,8 @@ CookiePolicyHelper.runTest("ServiceWorker", {
|
|||
["dom.serviceWorkers.testing.enabled", true],
|
||||
],
|
||||
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
await content.navigator.serviceWorker.register("file_empty.js").then(
|
||||
cookieJarAccessAllowed: async w => {
|
||||
await w.navigator.serviceWorker.register("file_empty.js").then(
|
||||
reg => { ok(true, "ServiceWorker can be used!"); return reg; },
|
||||
_ => { ok(false, "ServiceWorker cannot be used! " + _); }).then(
|
||||
reg => reg.unregister(),
|
||||
|
@ -15,8 +15,8 @@ CookiePolicyHelper.runTest("ServiceWorker", {
|
|||
catch(e => ok(false, "Promise rejected: " + e));
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
await content.navigator.serviceWorker.register("file_empty.js").then(
|
||||
cookieJarAccessDenied: async w => {
|
||||
await w.navigator.serviceWorker.register("file_empty.js").then(
|
||||
_ => { ok(false, "ServiceWorker cannot be used!"); },
|
||||
_ => { ok(true, "ServiceWorker cannot be used!"); }).
|
||||
catch(e => ok(false, "Promise rejected: " + e));
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
CookiePolicyHelper.runTest("SharedWorker", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
new content.SharedWorker("a.js", "foo");
|
||||
cookieJarAccessAllowed: async w => {
|
||||
new w.SharedWorker("a.js", "foo");
|
||||
ok(true, "SharedWorker is allowed");
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
try {
|
||||
new content.SharedWorker("a.js", "foo");
|
||||
new w.SharedWorker("a.js", "foo");
|
||||
ok(false, "SharedWorker cannot be used!");
|
||||
} catch (e) {
|
||||
ok(true, "SharedWorker cannot be used!");
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
CookiePolicyHelper.runTest("SessionStorage", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
cookieJarAccessAllowed: async w => {
|
||||
try {
|
||||
content.sessionStorage.foo = 42;
|
||||
w.sessionStorage.foo = 42;
|
||||
ok(true, "SessionStorage works");
|
||||
} catch (e) {
|
||||
ok(false, "SessionStorage works");
|
||||
}
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
try {
|
||||
content.sessionStorage.foo = 42;
|
||||
w.sessionStorage.foo = 42;
|
||||
ok(false, "SessionStorage doesn't work");
|
||||
} catch (e) {
|
||||
ok(true, "SessionStorage doesn't work");
|
||||
|
@ -20,22 +20,22 @@ CookiePolicyHelper.runTest("SessionStorage", {
|
|||
});
|
||||
|
||||
CookiePolicyHelper.runTest("LocalStorage", {
|
||||
cookieJarAccessAllowed: async _ => {
|
||||
cookieJarAccessAllowed: async w => {
|
||||
try {
|
||||
content.localStorage.foo = 42;
|
||||
w.localStorage.foo = 42;
|
||||
ok(true, "LocalStorage works");
|
||||
} catch (e) {
|
||||
ok(false, "LocalStorage works");
|
||||
}
|
||||
},
|
||||
|
||||
cookieJarAccessDenied: async _ => {
|
||||
cookieJarAccessDenied: async w => {
|
||||
try {
|
||||
content.localStorage.foo = 42;
|
||||
w.localStorage.foo = 42;
|
||||
ok(false, "LocalStorage doesn't work");
|
||||
} catch (e) {
|
||||
ok(true, "LocalStorage doesn't work");
|
||||
is(e.name, "SecurityError", "We want a security error message.");
|
||||
is(e.name, "TypeError", "We want a security error message.");
|
||||
}
|
||||
},
|
||||
});
|
||||
|
|
|
@ -97,6 +97,18 @@ this.CookiePolicyHelper = {
|
|||
let browser = gBrowser.getBrowserForTab(tab);
|
||||
await BrowserTestUtils.browserLoaded(browser);
|
||||
|
||||
// Let's create an iframe.
|
||||
await ContentTask.spawn(browser, { url: TEST_TOP_PAGE },
|
||||
async obj => {
|
||||
return new content.Promise(resolve => {
|
||||
let ifr = content.document.createElement('iframe');
|
||||
ifr.setAttribute("id", "iframe");
|
||||
ifr.src = obj.url;
|
||||
ifr.onload = resolve;
|
||||
content.document.body.appendChild(ifr);
|
||||
});
|
||||
});
|
||||
|
||||
// Let's exec the "good" callback.
|
||||
info("Executing the test after setting the cookie behavior to " + config.fromBehavior + " and permission to " + config.fromPermission);
|
||||
await ContentTask.spawn(browser,
|
||||
|
@ -104,7 +116,10 @@ this.CookiePolicyHelper = {
|
|||
async obj => {
|
||||
let runnableStr = `(() => {return (${obj.callback});})();`;
|
||||
let runnable = eval(runnableStr); // eslint-disable-line no-eval
|
||||
await runnable();
|
||||
await runnable(content);
|
||||
|
||||
let ifr = content.document.getElementById("iframe");
|
||||
await runnable(ifr.contentWindow);
|
||||
});
|
||||
|
||||
// Now, let's change the cookie settings
|
||||
|
@ -120,7 +135,10 @@ this.CookiePolicyHelper = {
|
|||
async obj => {
|
||||
let runnableStr = `(() => {return (${obj.callback});})();`;
|
||||
let runnable = eval(runnableStr); // eslint-disable-line no-eval
|
||||
await runnable.call(content.window);
|
||||
await runnable(content);
|
||||
|
||||
let ifr = content.document.getElementById("iframe");
|
||||
await runnable(ifr.contentWindow);
|
||||
});
|
||||
|
||||
// Let's close the tab.
|
||||
|
@ -140,7 +158,7 @@ this.CookiePolicyHelper = {
|
|||
async obj => {
|
||||
let runnableStr = `(() => {return (${obj.callback});})();`;
|
||||
let runnable = eval(runnableStr); // eslint-disable-line no-eval
|
||||
await runnable.call(content.window);
|
||||
await runnable(content);
|
||||
});
|
||||
|
||||
// Let's close the tab.
|
||||
|
|
Загрузка…
Ссылка в новой задаче