Bug 219157 - Test that cookies are set only when domain has permission. r=mcmanus

MozReview-Commit-ID: 4TGEpvbJxUd

netwerk/test/mochitests/file_cookie_access.html

@@ -0,0 +1,24 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="UTF-8">
+</head>
+<body>
+
+<pre id="test">
+<script type="application/javascript">
+  var old_cookie = document.cookie;
+  document.cookie = location.search.substring(1);
+  var new_cookie = document.cookie;
+  // Post back the previous cookie, and the newly set cookie.
+  window.opener.postMessage(old_cookie+"-"+new_cookie, "http://mochi.test:8888");
+</script>
+</pre>
+
+</body>
+</html>

netwerk/test/mochitests/mochitest.ini

@@ -14,6 +14,7 @@ support-files =
   empty.html
   redirect.sjs
   !/dom/apps/tests/file_app.sjs
+  file_cookie_access.html
 
 [test_arraybufferinputstream.html]
 [test_partially_cached_content.html]
@@ -30,3 +31,4 @@ skip-if = buildapp != 'mulet'
 skip-if = buildapp == 'b2g' #no ssl support
 [test_idn_redirect.html]
 [test_redirect_ref.html]
+[test_cookie_access.html]

netwerk/test/mochitests/test_cookie_access.html

@@ -0,0 +1,96 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=219157
+-->
+<head>
+  <meta charset="UTF-8">
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<pre id="test">
+<script type="application/javascript">
+
+SimpleTest.waitForExplicitFinish();
+var URI = "http://sub1.test1.example.com/tests/netwerk/test/mochitests/file_cookie_access.html";
+
+const chromeScript = SpecialPowers.loadChromeScript(_ => {
+  Components.utils.import("resource://gre/modules/Services.jsm");
+  var URI = "http://sub1.test1.example.com/tests/netwerk/test/mochitests/file_cookie_access.html";
+  var cp = Components.classes["@mozilla.org/cookie/permission;1"]
+                     .getService(Components.interfaces.nsICookiePermission);
+  var uriObj = Services.io.newURI(URI, null, null);
+
+  addMessageListener("setAccess", function(allow) { cp.setAccess(uriObj, allow ? cp.ACCESS_ALLOW : cp.ACCESS_DENY); });
+});
+
+var set_cookie = [undefined,     // step 0: there is no step 0
+                  "",            // step 1: set the cookie to ""
+                  "?c00k1e_2",   // step 2: will never be set. Even steps don' have access.
+                  "?c00k1e_3" ,  // step 3: set the cookie to this
+                  "?c00k1e_4" ,  // step 4: will never be set. Even steps don' have access.
+                  "?c00k1e_5" ,  // step 5: set the cookie to this
+                  "?c00k1e_6" ,  // step 6: will never be set. Even steps don' have access.
+                  "",            // step 7: set the cookie to "" - as a cleanup.
+                  ""];           // step 8: will never be set. Even steps don' have access.
+var step = 1;
+function start() {
+  chromeScript.sendSyncMessage("setAccess", step % 2 == 1);
+  var url = URI+set_cookie[step];
+  subwindow = window.open(url);
+}
+
+window.addEventListener("message", receiveMessage, false);
+
+start();
+
+function receiveMessage(event) {
+    switch (step) {
+      // Before: cookie="_WHAT_EVER_". After: cookie="". CAN SET COOKIE
+      case 1: is(event.data.substring(event.data.indexOf('-')),
+                 /* any coookie + */"-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="c00k1e_2". CAN'T SET COOKIE
+      case 2: is(event.data, "-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="c00k1e_3". CAN SET COOKIE
+      case 3: is(event.data, "-c00k1e_3", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_3". After: cookie="c00k1e_3". CAN'T SET COOKIE
+      case 4: is(event.data, "c00k1e_3-c00k1e_3", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_3". After: cookie="c00k1e_5". CAN SET COOKIE
+      case 5: is(event.data, "c00k1e_3-c00k1e_5", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_5". After: cookie="c00k1e_5". CAN'T SET COOKIE
+      case 6: is(event.data, "c00k1e_5-c00k1e_5", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_5". After: cookie="". CAN SET COOKIE
+      case 7: is(event.data, "c00k1e_5-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="". CAN'T SET COOKIE
+      case 8: is(event.data, "-", "Step "+step+" - Got expected cookie"); break;
+
+      default: ok(false, "should not reach this step");
+    }
+    subwindow.close();
+    step++;
+    if (step == 9) {
+      SimpleTest.finish();
+      return;
+    }
+    start();
+}
+
+</script>
+</pre>
+
+</body>
+</html>