mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan 

Differential Revision: https://phabricator.services.mozilla.com/D18958

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrea Marchesini 2019-03-07 10:18:07 +00:00
Родитель 5fccb35782
Коммит 48b3f2b792
29 изменённых файлов: 537 добавлений и 490 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
dom/indexedDB/test/mochitest.ini
Просмотреть файл

@ -16,8 +16,6 @@ support-files =
file.js
helpers.js
leaving_page_iframe.html
third_party_iframe1.html
third_party_iframe2.html
unit/test_abort_deleted_index.js
unit/test_abort_deleted_objectStore.js
unit/test_add_put.js
@ -256,6 +254,10 @@ scheme=https
[test_table_locks.html]
[test_table_rollback.html]
[test_third_party.html]
support-files =
third_party_window.html
third_party_iframe1.html
third_party_iframe2.html
skip-if = (os == 'android' && debug) # Bug 1311590
[test_traffic_jam.html]
[test_transaction_abort.html]

35
dom/indexedDB/test/test_third_party.html
Просмотреть файл

@ -46,29 +46,25 @@
"third_party_iframe2.html");
let testIndex = 0;
let testRunning = false;
let openedWindow;
function iframeLoaded() {
let message = { source: "parent", href: iframe2URL };
let iframe = document.getElementById("iframe1");
iframe.contentWindow.postMessage(message.toSource(), "*");
}
function setiframe() {
let iframe = document.getElementById("iframe1");
if (!testRunning) {
testRunning = true;
iframe.addEventListener("load", iframeLoaded);
}
// Cookie preference changes are only applied to top-level tabs/windows
// when they are loaded. We need a window-proxy to continue the test.
function openWindow() {
SpecialPowers.pushPrefEnv({
"set": [
["network.cookie.cookieBehavior", testData[testIndex].cookieBehavior],
],
}, () => {
iframe.src = testData[testIndex].host + iframe1Path;
openedWindow = window.open("third_party_window.html");
openedWindow.onload = _ => {
openedWindow.postMessage({
source: "parent",
href: iframe2URL,
iframeUrl: testData[testIndex].host + iframe1Path,
}, "*");
};
});
// SpecialPowers.setIntPref("network.cookie.cookieBehavior", testData[testIndex].cookieBehavior);
}
function messageListener(event) {
@ -78,9 +74,11 @@
is(message.source, "iframe", "Good source");
is(message.result, testData[testIndex].expectedResult, "Good result");
openedWindow.close();
if (testIndex < testData.length - 1) {
testIndex++;
setiframe();
openWindow();
return;
}
@ -93,14 +91,13 @@
SpecialPowers.addPermission("indexedDB", true, document);
window.addEventListener("message", messageListener);
setiframe();
openWindow();
}
</script>
</head>
<body onload="runTest();">
<iframe id="iframe1"></iframe>
</body>
</html>

33
dom/indexedDB/test/third_party_window.html Normal file
Просмотреть файл

@ -0,0 +1,33 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<html>
<head>
<title>Indexed Database Test</title>
<script type="text/javascript">
let init = false;
onmessage = evt => {
if (!init) {
init = true;
let iframe = document.getElementById("iframe1");
iframe.src = evt.data.iframeUrl;
iframe.addEventListener("load", e => {
iframe.contentWindow.postMessage(evt.data.toSource(), "*");
});
return;
}
opener.postMessage(evt.data, "*");
};
</script>
</head>
<body>
<iframe id="iframe1"></iframe>
</body>
</html>

2
dom/serviceworkers/test/mochitest.ini
Просмотреть файл

@ -308,6 +308,8 @@ skip-if = serviceworker_e10s
[test_skip_waiting.html]
[test_strict_mode_warning.html]
[test_third_party_iframes.html]
support-files =
window_party_iframes.html
[test_unregister.html]
[test_unresolved_fetch_interception.html]
skip-if = verify || serviceworker_e10s

60
dom/serviceworkers/test/test_third_party_iframes.html
Просмотреть файл

@ -11,11 +11,6 @@
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
<iframe></iframe>
</div>
<pre id="test"></pre>
<script class="testbody" type="text/javascript">
SimpleTest.waitForExplicitFinish();
@ -39,6 +34,7 @@ function next() {
onload = next;
let iframe;
let proxyWindow;
let basePath = "/tests/dom/serviceworkers/test/thirdparty/";
let origin = window.location.protocol + "//" + window.location.host;
let thirdPartyOrigin = "https://example.com";
@ -62,22 +58,26 @@ function loadThirdPartyIframe() {
}
function runTest(aExpectedResponses) {
iframe = document.querySelector("iframe");
iframe.src = thirdPartyOrigin + basePath + "register.html";
let responsesIndex = 0;
window.onmessage = function(e) {
let status = e.data.status;
let expected = aExpectedResponses[responsesIndex];
if (status == expected.status) {
ok(true, "Received expected " + expected.status);
if (expected.next) {
expected.next();
// Let's use a proxy window to have the new cookie policy applied.
proxyWindow = window.open("window_party_iframes.html");
proxyWindow.onload = _ => {
iframe = proxyWindow.document.querySelector("iframe");
iframe.src = thirdPartyOrigin + basePath + "register.html";
let responsesIndex = 0;
window.onmessage = function(e) {
let status = e.data.status;
let expected = aExpectedResponses[responsesIndex];
if (status == expected.status) {
ok(true, "Received expected " + expected.status);
if (expected.next) {
expected.next();
}
} else {
ok(false, "Expected " + expected.status + " got " + status);
}
} else {
ok(false, "Expected " + expected.status + " got " + status);
}
responsesIndex++;
};
responsesIndex++;
};
}
}
// Verify that we can register and intercept a 3rd party iframe with
@ -113,6 +113,7 @@ function testShouldIntercept(behavior, lifetime, done) {
status: "unregistrationdone",
next: function() {
window.onmessage = null;
proxyWindow.close();
ok(true, "Test finished successfully");
done();
}
@ -144,6 +145,7 @@ function testShouldNotRegister(behavior, lifetime, done) {
status: "worker-networkresponse",
next: function() {
window.onmessage = null;
proxyWindow.close();
ok(true, "Test finished successfully");
done();
}
@ -164,12 +166,17 @@ function testShouldNotIntercept(behavior, lifetime, done) {
}, {
status: "registrationdone",
next: function() {
iframe.addEventListener("load", testIframeLoaded);
SpecialPowers.pushPrefEnv({"set": [
["network.cookie.cookieBehavior", behavior],
["network.cookie.lifetimePolicy", lifetime],
]}, function() {
iframe.src = origin + basePath + "iframe1.html";
proxyWindow.close();
proxyWindow = window.open("window_party_iframes.html");
proxyWindow.onload = _ => {
iframe = proxyWindow.document.querySelector("iframe");
iframe.addEventListener("load", testIframeLoaded);
iframe.src = origin + basePath + "iframe1.html";
}
});
}
}, {
@ -193,7 +200,13 @@ function testShouldNotIntercept(behavior, lifetime, done) {
["network.cookie.cookieBehavior", BEHAVIOR_ACCEPT],
["network.cookie.lifetimePolicy", LIFETIME_EXPIRE],
]}, function() {
iframe.src = thirdPartyOrigin + basePath + "unregister.html";
proxyWindow.close();
proxyWindow = window.open("window_party_iframes.html");
proxyWindow.onload = _ => {
iframe = proxyWindow.document.querySelector("iframe");
iframe.addEventListener("load", testIframeLoaded);
iframe.src = thirdPartyOrigin + basePath + "unregister.html";
}
});
}
}, {
@ -202,6 +215,7 @@ function testShouldNotIntercept(behavior, lifetime, done) {
status: "unregistrationdone",
next: function() {
window.onmessage = null;
proxyWindow.close();
ok(true, "Test finished successfully");
done();
}

18
dom/serviceworkers/test/window_party_iframes.html Normal file
Просмотреть файл

@ -0,0 +1,18 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
</head>
<body>
<iframe></iframe>
<script>
window.onmessage = e => {
opener.postMessage(e.data, "*");
}
</script>
</body>
</html>

1
dom/tests/mochitest/bugs/mochitest.ini
Просмотреть файл

@ -149,6 +149,7 @@ skip-if = toolkit == 'android'
[test_bug1112040.html]
[test_bug1160342_marquee.html]
[test_bug1171215.html]
support-files = window_bug1171215.html
[test_bug1530292.html]
[test_no_find_showDialog.html]
skip-if = toolkit == 'android' # Bug 1358633 - window.find doesn't work for Android

80
dom/tests/mochitest/bugs/test_bug1171215.html
Просмотреть файл

@ -9,11 +9,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="application/javascript" src="/tests/SimpleTest/AddTask.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
<iframe src="about:blank"></iframe>
<script type="text/javascript">
var f = document.getElementsByTagName("iframe")[0];
SimpleTest.waitForExplicitFinish();
/** Test for Bug 1022869 **/
@ -21,69 +18,32 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
// Initialize our cookie.
document.cookie = "a=b";
// Set a cookie in example.org so we can test that we can't read it in
// third-party cases.
f.contentWindow.location =
"http://example.org/tests/dom/tests/mochitest/bugs/file_prime_cookie.html";
waitForLoad().then(function() {
// Cookies are set up, disallow third-party cookies and start the test.
SpecialPowers.pushPrefEnv({ set: [
["network.cookie.cookieBehavior", 1],
]}, () => { continueTest(); });
}).catch((e) => { ok(false, `Got exception: ${e}`) });
}
SpecialPowers.pushPrefEnv({ set: [["network.cookie.cookieBehavior", 1]] }).then(_ => {
let w = window.open("window_bug1171215.html");
onmessage = e => {
if (e.data.type == "finish") {
w.close();
SimpleTest.finish();
return;
}
function waitForLoad() {
return new Promise((resolve) => {
window.addEventListener("message", function(msg) {
info(`got message ${msg.data}`);
resolve(msg.data);
}, {once: true});
if (e.data.type == "info") {
info(e.data.msg);
return;
}
if (e.data.type == "test") {
ok(e.data.test, e.data.msg);
return;
}
ok(false, "Unknown message");
};
});
}
async function continueTest() {
var sameOrigin = "http://mochi.test:8888";
var thirdParty = "http://example.org";
var page = "tests/dom/tests/mochitest/bugs/file_cookieOutputter.html"
var redirect = "tests/dom/tests/mochitest/bugs/file_redirector.sjs";
function createRedirect(firstOrigin, secondOrigin) {
return `${firstOrigin}/${redirect}?${secondOrigin}/${page}`;
}
info("starting test");
// Same origin to same origin.
f.contentWindow.location = createRedirect(sameOrigin, sameOrigin);
let cookie = await waitForLoad();
is(cookie, "a=b", "got the cookie");
// Cross origin to cross origin.
f.contentWindow.location = createRedirect(thirdParty, thirdParty);
cookie = await waitForLoad();
is(cookie, "", "no third-party cookies");
// Same origin to cross origin.
f.contentWindow.location = createRedirect(sameOrigin, thirdParty);
cookie = await waitForLoad();
is(cookie, "", "no third-party cookies");
// Cross origin to same origin
f.contentWindow.location = createRedirect(thirdParty, sameOrigin);
cookie = await waitForLoad();
is(cookie, "a=b", "got the cookie");
SimpleTest.finish();
}
</script>
</head>
<body onload="startTest()">
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1022869">Mozilla Bug 1022869</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
</pre>
</body>
</html>

86
dom/tests/mochitest/bugs/window_bug1171215.html Normal file
Просмотреть файл

@ -0,0 +1,86 @@
<!DOCTYPE html>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
-->
<head>
<meta charset="utf-8">
<title>Test for Bug 1022869</title>
<iframe src="about:blank"></iframe>
<script type="text/javascript">
function finish() {
opener.postMessage({type: "finish" });
}
function info(msg) {
opener.postMessage({type: "info", msg });
}
function ok(a, msg) {
opener.postMessage({type: "test", test: !!a, msg });
}
function is(a, b, msg) {
ok(a === b, msg);
}
var f = document.getElementsByTagName("iframe")[0];
/** Test for Bug 1022869 **/
function startTest() {
// Set a cookie in example.org so we can test that we can't read it in
// third-party cases.
f.contentWindow.location =
"http://example.org/tests/dom/tests/mochitest/bugs/file_prime_cookie.html";
waitForLoad().then(continueTest).catch((e) => { ok(false, `Got exception: ${e}`) });
}
function waitForLoad() {
return new Promise((resolve) => {
window.addEventListener("message", function(msg) {
info(`got message ${msg.data}`);
resolve(msg.data);
}, {once: true});
});
}
async function continueTest() {
var sameOrigin = "http://mochi.test:8888";
var thirdParty = "http://example.org";
var page = "tests/dom/tests/mochitest/bugs/file_cookieOutputter.html"
var redirect = "tests/dom/tests/mochitest/bugs/file_redirector.sjs";
function createRedirect(firstOrigin, secondOrigin) {
return `${firstOrigin}/${redirect}?${secondOrigin}/${page}`;
}
info("starting test");
// Same origin to same origin.
f.contentWindow.location = createRedirect(sameOrigin, sameOrigin);
let cookie = await waitForLoad();
is(cookie, "a=b", "got the cookie");
// Cross origin to cross origin.
f.contentWindow.location = createRedirect(thirdParty, thirdParty);
cookie = await waitForLoad();
is(cookie, "", "no third-party cookies");
// Same origin to cross origin.
f.contentWindow.location = createRedirect(sameOrigin, thirdParty);
cookie = await waitForLoad();
is(cookie, "", "no third-party cookies");
// Cross origin to same origin
f.contentWindow.location = createRedirect(thirdParty, sameOrigin);
cookie = await waitForLoad();
is(cookie, "a=b", "got the cookie");
finish();
}
</script>
</head>
<body onload="startTest()">
</body>
</html>

1
dom/tests/mochitest/general/mochitest.ini
Просмотреть файл

@ -50,6 +50,7 @@ support-files =
workerStorageAllowed.js
workerStoragePrevented.js
storagePermissionsUtils.js
window_storagePermissions.html
frameSelectEvents.html
!/image/test/mochitest/big.png
!/image/test/mochitest/blue.png

29
dom/tests/mochitest/general/storagePermissionsUtils.js
Просмотреть файл

@ -242,4 +242,33 @@ function task(fn) {
}
}
// The test will run on a separate window in order to apply the new cookie settings.
async function runTestInWindow(test) {
let w = window.open("window_storagePermissions.html");
await new Promise(resolve => {
w.onload = e => {
resolve();
}
});
await new Promise(resolve => {
onmessage = e => {
if (e.data.type == "finish") {
w.close();
resolve();
return;
}
if (e.data.type == "check") {
ok(e.data.test, e.data.msg);
return;
}
ok(false, "Unknown message");
};
w.postMessage(test.toString(), "*");
});
}
var thirdparty = "https://example.com/tests/dom/tests/mochitest/general/";

36
dom/tests/mochitest/general/test_storagePermissionsAccept.html
Просмотреть файл

@ -14,27 +14,29 @@
task(async function() {
await setCookieBehavior(BEHAVIOR_ACCEPT);
// We should be able to access storage
await storageAllowed();
await runTestInWindow(async function() {
// We should be able to access storage
await storageAllowed();
// Same origin iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Same origin iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Thirdparty iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame(thirdparty + "frameStorageAllowed.html");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=yes");
// Thirdparty iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame(thirdparty + "frameStorageAllowed.html");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=yes");
// Workers should be able to access storage
await runWorker("workerStorageAllowed.js");
// Workers should be able to access storage
await runWorker("workerStorageAllowed.js");
});
});
</script>

38
dom/tests/mochitest/general/test_storagePermissionsLimitForeign.html
Просмотреть файл

@ -14,29 +14,31 @@
task(async function() {
await setCookieBehavior(BEHAVIOR_LIMIT_FOREIGN);
// We should be able to access storage
await storageAllowed();
await runTestInWindow(async function() {
// We should be able to access storage
await storageAllowed();
// Same origin iframes should be allowed.
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Same origin iframes should be allowed.
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Null principal iframes should not.
await runIFrame("frameStorageNullprincipal.sjs");
// Null principal iframes should not.
await runIFrame("frameStorageNullprincipal.sjs");
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Thirdparty iframes should be blocked, even when accessed from chrome over Xrays.
await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
// Thirdparty iframes should be blocked, even when accessed from chrome over Xrays.
await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
// Workers should be unable to access storage
await runWorker("workerStorageAllowed.js");
// Workers should be unable to access storage
await runWorker("workerStorageAllowed.js");
});
});
</script>

36
dom/tests/mochitest/general/test_storagePermissionsReject.html
Просмотреть файл

@ -14,27 +14,29 @@
task(async function() {
await setCookieBehavior(BEHAVIOR_REJECT);
// We should be unable to access storage
await storagePrevented();
await runTestInWindow(async function() {
// We should be unable to access storage
await storagePrevented();
// Same origin iframes should be blocked.
await runIFrame("frameStoragePrevented.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
// Same origin iframes should be blocked.
await runIFrame("frameStoragePrevented.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// thirdparty iframes should be blocked.
await runIFrame(thirdparty + "frameStoragePrevented.html");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
// thirdparty iframes should be blocked.
await runIFrame(thirdparty + "frameStoragePrevented.html");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
// Workers should be unable to access storage
await runWorker("workerStoragePrevented.js");
// Workers should be unable to access storage
await runWorker("workerStoragePrevented.js");
});
});
</script>

36
dom/tests/mochitest/general/test_storagePermissionsRejectForeign.html
Просмотреть файл

@ -14,27 +14,29 @@
task(async function() {
await setCookieBehavior(BEHAVIOR_REJECT_FOREIGN);
// We should be able to access storage
await storageAllowed();
await runTestInWindow(async function() {
// We should be able to access storage
await storageAllowed();
// Same origin iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Same origin iframes should be allowed, unless they redirect to a URI with the null principal
await runIFrame("frameStorageAllowed.html");
await runIFrame("frameStorageNullprincipal.sjs");
await runIFrame("frameStorageChrome.html?allowed=yes");
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// Sandboxed iframes should have the null principal, and thus can't access storage
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
await runIFrame("frameStoragePrevented.html#nullprincipal");
await runIFrame("frameStorageNullprincipal.sjs");
document.querySelector('iframe').removeAttribute('sandbox');
// thirdparty iframes should be blocked.
await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
// thirdparty iframes should be blocked.
await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
// Workers should be able to access storage
await runWorker("workerStorageAllowed.js");
// Workers should be able to access storage
await runWorker("workerStorageAllowed.js");
});
});
</script>

38
dom/tests/mochitest/general/window_storagePermissions.html Normal file
Просмотреть файл

@ -0,0 +1,38 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Storage Permission Restrictions</title>
<script type="text/javascript" src="storagePermissionsUtils.js"></script>
</head>
<body>
<iframe></iframe>
<script type="text/javascript">
function ok(a, msg) {
opener.postMessage({type: "check", test: !!a, msg }, "*");
}
function is(a, b, msg) {
ok(a === b , msg);
}
let init = false;
onmessage = e => {
if (!init) {
init = true;
let runnableStr = `(() => {return (${e.data});})();`;
let runnable = eval(runnableStr); // eslint-disable-line no-eval
runnable.call(this).then(_ => {
opener.postMessage({ type: "finish" }, "*");
});
return;
}
parent.postMessage(e.data, "*");
}
</script>
</body>
</html>

4
dom/tests/mochitest/localstorage/frameLocalStorageCookieSettings.html
Просмотреть файл

@ -2,8 +2,6 @@
<head>
<title>localStorage cookies settings test</title>
<script type="text/javascript" src="interOriginFrame.js"></script>
</head>
<body>
<script type="text/javascript">
@ -13,8 +11,6 @@
} catch(ex) {
is(ex.name, "TypeError");
}
finishTest();
</script>
</body>
</html>

2
dom/tests/mochitest/localstorage/mochitest.ini
Просмотреть файл

@ -17,6 +17,7 @@ support-files =
localStorageCommon.js
frameLocalStorageSessionOnly.html
file_tryAccessSessionStorage.html
windowProxy.html
[test_brokenUTF-16.html]
[test_bug600307-DBOps.html]
@ -48,4 +49,3 @@ skip-if = true # bug 1347690
[test_localStorageReplace.html]
skip-if = toolkit == 'android'
[test_storageConstructor.html]
[test_localStorageSessionPrefOverride.html]

35
dom/tests/mochitest/localstorage/test_cookieBlock.html
Просмотреть файл

@ -9,23 +9,28 @@
function startTest()
{
try {
localStorage.setItem("blocked", "blockedvalue");
ok(false, "Exception for localStorage.setItem, ACCESS_DENY");
}
catch (ex) {
ok(true, "Exception for localStorage.setItem, ACCESS_DENY");
}
// Let's use a new window to have the cookie permission applied.
let w = window.open("windowProxy.html");
w.onload = _ => {
try {
w.localStorage.setItem("blocked", "blockedvalue");
ok(false, "Exception for localStorage.setItem, ACCESS_DENY");
}
catch (ex) {
ok(true, "Exception for localStorage.setItem, ACCESS_DENY");
}
try {
localStorage.getItem("blocked");
ok(false, "Exception for localStorage.getItem, ACCESS_DENY");
}
catch (ex) {
ok(true, "Exception for localStorage.getItem, ACCESS_DENY");
}
try {
w.localStorage.getItem("blocked");
ok(false, "Exception for localStorage.getItem, ACCESS_DENY");
}
catch (ex) {
ok(true, "Exception for localStorage.getItem, ACCESS_DENY");
}
SimpleTest.finish();
w.close();
SimpleTest.finish();
}
}
SimpleTest.waitForExplicitFinish();

67
dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
Просмотреть файл

@ -8,7 +8,6 @@
</head>
<body>
<iframe></iframe>
<script type="text/javascript">
@ -20,39 +19,47 @@ SpecialPowers.pushPrefEnv({"set": [
]}, test1);
function test1() {
try {
localStorage.setItem("contentkey", "test-value");
ok(false, "Setting localStorageItem should throw a type error exception");
}
catch(ex) {
is(ex.name, "TypeError");
}
let w = window.open("windowProxy.html");
w.onload = _ => {
try {
w.localStorage.setItem("contentkey", "test-value");
ok(false, "Setting localStorageItem should throw a security exception");
}
catch(ex) {
is(ex.name, "TypeError");
}
// Set cookies behavior to "reject 3rd party"
SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 1]],
"clear": [["network.cookie.lifetimePolicy"]]},
test3);
w.close();
// Set cookies behavior to "reject 3rd party"
SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 1]],
"clear": [["network.cookie.lifetimePolicy"]]},
test2);
}
}
function test3() {
try {
localStorage.setItem("contentkey", "test-value");
ok(true, "Setting localStorageItem should not throw a type error exception");
function test2() {
let w = window.open("windowProxy.html");
w.onload = _ => {
try {
w.localStorage.setItem("contentkey", "test-value");
ok(true, "Setting localStorageItem should not throw a security exception");
}
catch(ex) {
ok(false, "Setting localStorageItem should not throw a security exception");
}
var fileTest = (location.protocol + "//example.com" + location.pathname)
.replace("test_l", "frameL");
var myframe = w.document.createElement("iframe");
w.document.body.appendChild(myframe);
myframe.src = fileTest;
myframe.onload = _ => {
w.close();
SimpleTest.finish();
}
}
catch(ex) {
ok(false, "Setting localStorageItem should not throw a type error exception");
}
var fileTest = (location.protocol + "//example.com" + location.pathname)
.replace("test_l", "frameL");
var myframe = document.querySelector("iframe");
myframe.src = fileTest;
}
// Called by interOriginTest.js
function doNextTest() {
SimpleTest.finish();
}
</script>

56
dom/tests/mochitest/localstorage/test_localStorageSessionPrefOverride.html
Просмотреть файл

@ -1,56 +0,0 @@
<html>
<head>
<title>Local Storage Session Pref Override</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<script>
const ACCEPT_SESSION = 2;
add_task(async function() {
if (SpecialPowers.Services.lsm.nextGenLocalStorageEnabled) {
ok(true, "Test ignored when the next gen local storage is enabled.");
return;
}
await SpecialPowers.pushPrefEnv({"set": [["network.cookie.lifetimePolicy",
ACCEPT_SESSION]]});
// Before setting permission
await new Promise((resolve) => {
var frame = document.createElement('iframe');
frame.src = "frameLocalStorageSessionOnly.html";
var listener = (e) => {
is(e.data, true, "Before adding permission should be session only");
window.removeEventListener('message', listener);
resolve();
};
window.addEventListener('message', listener);
document.body.appendChild(frame);
});
// After setting permission
await new Promise((resolve) => {
SpecialPowers.pushPermissions([{"type": "cookie", "allow": 1, "context": document}],
resolve);
});
await new Promise((resolve) => {
var frame = document.createElement('iframe');
frame.src = "frameLocalStorageSessionOnly.html";
var listener = (e) => {
is(e.data, false, "After adding permission should not be session only");
window.removeEventListener('message', listener);
resolve();
};
window.addEventListener('message', listener);
document.body.appendChild(frame);
});
});
</script>
</head>
<body>
</body>
</html>

3
dom/tests/mochitest/localstorage/windowProxy.html Normal file
Просмотреть файл

@ -0,0 +1,3 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<body></body>
</html>

1
dom/tests/mochitest/sessionstorage/mochitest.ini
Просмотреть файл

@ -8,7 +8,6 @@ support-files =
interOriginSlave.js
interOriginTest.js
[test_cookieSession.html]
[test_sessionStorageBase.html]
[test_sessionStorageBaseSessionOnly.html]
[test_sessionStorageClone.html]

124
dom/tests/mochitest/sessionstorage/test_cookieSession.html
Просмотреть файл

@ -1,124 +0,0 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>cookie per-session only test</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<script type="text/javascript">
/*
Set cookie access to be just per session and store to the sessionStorage.
Content stored must prevail only for session of the browser, so it must
be accessible in another window we try to access that key in the same
storage.
*/
function pushCookie(aValue, aNext) {
SpecialPowers.pushPermissions([{'type': 'cookie', 'allow': aValue, 'context': document}], pushPermissionAndTest);
}
function pushPermissionAndTest() {
var test = tests.shift();
if (test) {
document.getElementById('testframe').onload = test;
/* After every permission change, an iframe has to be reloaded,
otherwise this test causes failures in b2g (oop) mochitest, because
the permission changes don't seem to be always picked up
by the code that excercises it */
document.getElementById('testframe').contentWindow.location.reload();
} else {
ok(false, 'should not be reached');
SimpleTest.finish();
}
}
function startTest() {
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
}
var tests = [
function test1() {
sessionStorage.setItem("persistent1", "persistent value 1");
sessionStorage.setItem("persistent2", "persistent value 2");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
},
function test2() {
sessionStorage.setItem("session only", "session value");
is(sessionStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
sessionStorage.setItem("persistent1", "changed persistent value 1");
sessionStorage.removeItem("persistent2");
is(sessionStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
is(sessionStorage.getItem("persistent1"), "changed persistent value 1", "Persistent value present");
is(sessionStorage.getItem("persistent2"), null, "Persistent value removed");
// This clear has to delete only changes made in session only mode
sessionStorage.clear();
is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
is(sessionStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
is(sessionStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
sessionStorage.setItem("session only 2", "must be deleted on drop of session-only cookies permissions");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
},
function test3() {
is(sessionStorage.getItem("session only"), null, "No value when cookies are in default mode");
is(sessionStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
},
function test4() {
is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
is(sessionStorage.getItem("session only 2"), null, "Value not present when cookies in session-only mode after delete");
is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present again");
is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present again");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
},
function test5() {
sessionStorage.clear();
is(sessionStorage.getItem("session only"), null, "No value when cookies are in default mode");
is(sessionStorage.getItem("persistent1"), null, "Persistent value not present after delete");
is(sessionStorage.getItem("persistent2"), null, "Persistent value not present after delete");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
},
function test6() {
is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
is(sessionStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
is(sessionStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
is(sessionStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
},
function test7() {
SimpleTest.finish();
}
];
SimpleTest.waitForExplicitFinish();
</script>
</head>
<body onload="startTest();">
<iframe id="testframe" srcdoc="<meta charset=utf-8>"></iframe>
</body>
</html>

4
dom/workers/test/mochitest.ini
Просмотреть файл

@ -55,7 +55,6 @@ support-files =
redirect_to_foreign.sjs
rvals_worker.js
sharedWorker_sharedWorker.js
sharedWorker_thirdparty_frame.html
simpleThread_worker.js
suspend_window.html
suspend_worker.js
@ -173,6 +172,9 @@ skip-if = toolkit == 'android'
[test_rvals.html]
[test_sharedWorker.html]
[test_sharedWorker_thirdparty.html]
support-files =
sharedWorker_thirdparty_frame.html
sharedWorker_thirdparty_window.html
[test_simpleThread.html]
[test_suspend.html]
[test_terminate.html]

26
dom/workers/test/sharedWorker_thirdparty_window.html Normal file
Просмотреть файл

@ -0,0 +1,26 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<head>
<title>Test for SharedWorker in 3rd Party Iframes</title>
</head>
<body>
<script>
let url = new URL(window.location);
let frame = document.createElement('iframe');
frame.src =
'http://example.org/tests/dom/workers/test/sharedWorker_thirdparty_frame.html?name=' + url.searchParams.get('name');
document.body.appendChild(frame);
window.addEventListener('message', evt => {
frame.remove();
opener.postMessage(evt.data, "*");
}, {once: true});
</script>
</body>
</html>

13
dom/workers/test/test_sharedWorker_thirdparty.html
Просмотреть файл

@ -11,22 +11,18 @@
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css">
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none"></div>
<pre id="test">
<script class="testbody">
function testThirdPartyFrame(name) {
return new Promise(resolve => {
let frame = document.createElement('iframe');
frame.src =
'http://example.org/tests/dom/workers/test/sharedWorker_thirdparty_frame.html?name=' + name;
document.body.appendChild(frame);
// Let's use a window, loading the same origin, in order to have the new
// cookie-policy applied.
let w = window.open("sharedWorker_thirdparty_window.html?name=" + name);
window.addEventListener('message', function messageListener(evt) {
if (evt.data.name !== name) {
return;
}
frame.remove();
w.close();
window.removeEventListener('message', messageListener);
resolve(evt.data.result);
});
@ -55,6 +51,5 @@
});
</script>
</pre>
</body>
</html>

120
extensions/cookie/test/unit/test_cookies_thirdparty.js
Просмотреть файл

@ -6,57 +6,99 @@
// 2) with channel, but with no docshell parent
function run_test() {
Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
// Create URIs and channels pointing to foo.com and bar.com.
// We will use these to put foo.com into first and third party contexts.
var spec1 = "http://foo.com/foo.html";
var spec2 = "http://bar.com/bar.html";
var uri1 = NetUtil.newURI(spec1);
var uri2 = NetUtil.newURI(spec2);
var channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
var channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
let spec1 = "http://foo.com/foo.html";
let spec2 = "http://bar.com/bar.html";
let uri1 = NetUtil.newURI(spec1);
let uri2 = NetUtil.newURI(spec2);
// test with cookies enabled
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
// test with cookies enabled
{
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
}
// test with third party cookies blocked
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
do_set_cookies(uri1, channel1, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
{
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
do_set_cookies(uri1, channel1, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
}
// Force the channel URI to be used when determining the originating URI of
// the channel.
var httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
var httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel1.forceAllowThirdPartyCookie = true;
httpchannel2.forceAllowThirdPartyCookie = true;
// test with third party cookies blocked
// test with cookies enabled
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
{
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel1.forceAllowThirdPartyCookie = true;
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel2.forceAllowThirdPartyCookie = true;
do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
Services.cookies.removeAll();
}
// test with third party cookies blocked
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
do_set_cookies(uri1, channel1, true, [0, 1, 1, 2]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
{
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel1.forceAllowThirdPartyCookie = true;
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel2.forceAllowThirdPartyCookie = true;
do_set_cookies(uri1, channel1, true, [0, 1, 1, 2]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
}
// test with third party cookies limited
Services.prefs.setIntPref("network.cookie.cookieBehavior", 3);
do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
do_set_single_http_cookie(uri1, channel1, 1);
do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
Services.cookies.removeAll();
{
Services.prefs.setIntPref("network.cookie.cookieBehavior", 3);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel1.forceAllowThirdPartyCookie = true;
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
httpchannel2.forceAllowThirdPartyCookie = true;
do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
do_set_single_http_cookie(uri1, channel1, 1);
do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
Services.cookies.removeAll();
}
}

37
toolkit/components/antitracking/test/browser/browser_storageAccessWithHeuristics.js
Просмотреть файл

@ -267,43 +267,6 @@ add_task(async function testUserInteractionHeuristic() {
});
});
info("Now ensure that the storage access is removed if the cookie policy is changed.");
await SpecialPowers.pushPrefEnv({"set": [
["network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT],
]});
await ContentTask.spawn(browser, {}, async obj => {
await new content.Promise(resolve => {
let ifr = content.document.querySelectorAll("iframe");
ifr = ifr[ifr.length - 1];
let msg = {};
msg.blockingCallback = (async _ => {
await noStorageAccessInitially();
}).toString();
content.addEventListener("message", function msg(event) {
if (event.data.type == "finish") {
content.removeEventListener("message", msg);
resolve();
return;
}
if (event.data.type == "ok") {
ok(event.data.what, event.data.msg);
return;
}
if (event.data.type == "info") {
info(event.data.msg);
return;
}
ok(false, "Unknown message");
});
ifr.contentWindow.postMessage({ callback: msg.blockingCallback }, "*");
});
});
info("Removing the tab");
BrowserTestUtils.removeTab(tab);
});