Bug 1502240 - Ensure that Content Blocking allow list is applied to all cookie policies r=baku

Unfortunately we can't test BEHAVIOR_REJECT using the AntiTracking framework, because the AntiTracking callbacks are incompatible with it. (The tracking callbacks expect to be able to unblock themselves, but under BEHAVIOR_REJECT, that can't happen.) Differential Revision: https://phabricator.services.mozilla.com/D10664 --HG-- extra : moz-landing-system : lando
2018-11-02 12:55:01 +00:00 · 2018-11-02 12:55:01 +00:00 · 795d456a70
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@ -4283,8 +4283,11 @@ nsCookieService::CheckPrefs(nsICookiePermission    *aPermissionService,
      return STATUS_REJECTED;
  }
-  // check default prefs
+  // check default prefs.
-  if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT) {
+  // Check aFirstPartyStorageAccessGranted when checking aCookieBehavior
  // so that we take things such as the content blocking allow list into account.
  if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT &&
      !aFirstPartyStorageAccessGranted) {
    COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "cookies are disabled");
    *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL;
    return STATUS_REJECTED;
@ -4292,8 +4295,6 @@ nsCookieService::CheckPrefs(nsICookiePermission    *aPermissionService,
  // check if cookie is foreign
  if (aIsForeign) {
    // Check aFirstPartyStorageAccessGranted when rejecting all third-party cookies,
    // so that we take things such as the content blocking allow list into account.
    if (aCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN &&
        !aFirstPartyStorageAccessGranted) {
      COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "context is third party");
@ -4301,12 +4302,11 @@ nsCookieService::CheckPrefs(nsICookiePermission    *aPermissionService,
      return STATUS_REJECTED;
    }
-    if (aCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) {
+    if (aCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN &&
-      if (aNumOfCookies == 0) {
+        !aFirstPartyStorageAccessGranted && aNumOfCookies == 0) {
-        COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "context is third party");
+      COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, aCookieHeader, "context is third party");
-        *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN;
+      *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN;
-        return STATUS_REJECTED;
+      return STATUS_REJECTED;
      }
    }
    MOZ_ASSERT(aCookieBehavior == nsICookieService::BEHAVIOR_ACCEPT ||
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@ -646,6 +646,10 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsPIDOMWindowInner* aWin
    return true;
  }
  if (CheckContentBlockingAllowList(aWindow)) {
    return true;
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT) {
    LOG(("The cookie behavior pref mandates rejecting all cookies!"));
    *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL;
@ -658,13 +662,6 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsPIDOMWindowInner* aWin
    return true;
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN) {
    if (CheckContentBlockingAllowList(aWindow)) {
      LOG(("Allowing access even though our behavior is reject foreign"));
      return true;
    }
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
      behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) {
    // XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by
@ -678,10 +675,6 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsPIDOMWindowInner* aWin
  MOZ_ASSERT(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER);
  if (CheckContentBlockingAllowList(aWindow)) {
    return true;
  }
  if (!nsContentUtils::IsTrackingResourceWindow(aWindow)) {
    LOG(("Our window isn't a tracking window"));
    return true;
@ -827,6 +820,10 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsIHttpChannel* aChannel
    return true;
  }
  if (CheckContentBlockingAllowList(aChannel)) {
    return true;
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT) {
    LOG(("The cookie behavior pref mandates rejecting all cookies!"));
    *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL;
@ -852,13 +849,6 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsIHttpChannel* aChannel
    return true;
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN) {
    if (CheckContentBlockingAllowList(aChannel)) {
      LOG(("Allowing access even though our behavior is reject foreign"));
      return true;
    }
  }
  if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
      behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) {
    // XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by
@ -872,10 +862,6 @@ AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsIHttpChannel* aChannel
  MOZ_ASSERT(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER);
  if (CheckContentBlockingAllowList(aChannel)) {
    return true;
  }
  // Not a tracker.
  if (!aChannel->GetIsTrackingResource()) {
    LOG(("Our channel isn't a tracking channel"));
--- a/toolkit/components/antitracking/test/browser/head.js
+++ b/toolkit/components/antitracking/test/browser/head.js
@ -15,6 +15,7 @@ const TEST_3RD_PARTY_PAGE_WITH_SVG = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPar
 const TEST_4TH_PARTY_PAGE = TEST_4TH_PARTY_DOMAIN + TEST_PATH + "3rdParty.html";
 const BEHAVIOR_ACCEPT         = Ci.nsICookieService.BEHAVIOR_ACCEPT;
 const BEHAVIOR_LIMIT_FOREIGN  = Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
 const BEHAVIOR_REJECT_FOREIGN = Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
 const BEHAVIOR_REJECT_TRACKER = Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
@ -142,6 +143,21 @@ this.AntiTracking = {
        });
        this._createCleanupTask(cleanupFunction);
        this._createTask({
          name,
          cookieBehavior: BEHAVIOR_LIMIT_FOREIGN,
          blockingByContentBlockingRTUI: true,
          allowList: true,
          callback: callbackNonTracking,
          extraPrefs: [],
          expectedBlockingNotifications: false,
          runInPrivateWindow,
          iframeSandbox,
          accessRemoval: null, // only passed with non-blocking callback
          callbackAfterRemoval: null,
        });
        this._createCleanupTask(cleanupFunction);
        this._createTask({
          name,
          cookieBehavior: BEHAVIOR_REJECT_FOREIGN,
@ -255,7 +271,8 @@ this.AntiTracking = {
      let listener = {
        onSecurityChange(webProgress, request, oldState, state,
                         contentBlockingLogJSON) {
-          if (state & Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER) {
+          if ((state & Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER) ||
              (state & Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_FOREIGN)) {
            ++cookieBlocked;
          }
          let contentBlockingLog = {};