Backed out 2 changesets (bug 1521051) for xpcshell fails on extensions/cookie/test/unit/test_cookies_thirdparty.js. CLOSED TREE

Backed out changeset 90bb620dd870 (bug 1521051)
Backed out changeset 483fa314e45e (bug 1521051)
This commit is contained in:
Razvan Maries 2019-01-23 22:09:32 +02:00
Родитель 90d6431728
Коммит 7ccb4bf803
12 изменённых файлов: 190 добавлений и 45 удалений

Просмотреть файл

@ -131,13 +131,8 @@ var gPermissionManager = {
this.buildPermissionsList();
} else if (data == "changed") {
let p = this._permissions.get(permission.principal.origin);
// Maybe this item has been excluded before because it had an invalid capability.
if (p) {
p.capability = permission.capability;
this._handleCapabilityChange(p);
} else {
this._addPermissionToList(permission);
}
p.capability = permission.capability;
this._handleCapabilityChange(p);
this.buildPermissionsList();
} else if (data == "deleted") {
this._removePermissionFromList(permission.principal.origin);
@ -149,12 +144,6 @@ var gPermissionManager = {
document.l10n.setAttributes(permissionlistitem.querySelector(".website-capability-value"), this._getCapabilityL10nId(perm.capability));
},
_isCapabilitySupported(capability) {
return capability == Ci.nsIPermissionManager.ALLOW_ACTION ||
capability == Ci.nsIPermissionManager.DENY_ACTION ||
capability == Ci.nsICookiePermission.ACCESS_SESSION;
},
_getCapabilityL10nId(capability) {
let stringKey = null;
switch (capability) {
@ -164,6 +153,9 @@ var gPermissionManager = {
case Ci.nsIPermissionManager.DENY_ACTION:
stringKey = "permissions-capabilities-listitem-block";
break;
case Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY:
stringKey = "permissions-capabilities-listitem-allow-first-party";
break;
case Ci.nsICookiePermission.ACCESS_SESSION:
stringKey = "permissions-capabilities-listitem-allow-session";
break;
@ -176,9 +168,6 @@ var gPermissionManager = {
_addPermissionToList(perm) {
if (perm.type !== this._type)
return;
if (!this._isCapabilitySupported(perm.capability))
return;
let p = new Permission(perm.principal, perm.type, perm.capability);
this._permissions.set(p.origin, p);
},

Просмотреть файл

@ -60,6 +60,8 @@ permissions-capabilities-listitem-allow =
.value = Allow
permissions-capabilities-listitem-block =
.value = Block
permissions-capabilities-listitem-allow-first-party =
.value = Allow first party only
permissions-capabilities-listitem-allow-session =
.value = Allow for Session

Просмотреть файл

@ -799,7 +799,9 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
// If we have the 'cookie' permission for this principal, let's return
// immediately.
let p = Services.perms.testPermissionFromPrincipal(principal, "cookie");
if (p == Ci.nsICookiePermission.ACCESS_ALLOW) {
if (p == Ci.nsICookiePermission.ACCESS_ALLOW ||
p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY ||
p == Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY) {
return true;
}

Просмотреть файл

@ -8188,6 +8188,22 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
case nsICookiePermission::ACCESS_SESSION:
*aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
break;
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
// NOTE: The decision was made here to override the lifetime policy to be
// ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
// prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
// specific domain. As BEHAVIOR_REJECT_FOREIGN isn't visible in our UI,
// this is probably not an issue.
*aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
break;
case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
// NOTE: The decision was made here to override the lifetime policy to be
// ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
// prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
// specific domain. As BEHAVIOR_LIMIT_FOREIGN isn't visible in our UI,
// this is probably not an issue.
*aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
break;
}
}

Просмотреть файл

@ -50,3 +50,4 @@ skip-if = true # bug 1347690
skip-if = toolkit == 'android'
[test_storageConstructor.html]
[test_localStorageSessionPrefOverride.html]
[test_firstPartyOnlyPermission.html]

Просмотреть файл

@ -0,0 +1,62 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>first party storage permission test</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<script type="text/javascript">
TRY_ACCESS_SESSION_STORAGE =
'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
add_task(async function() {
await SpecialPowers.pushPrefEnv({
set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
});
try {
sessionStorage.setItem("blocked", "blocked");
ok(false, "Shouldn't be available yet");
} catch (ex) {
ok(true, "Shouldn't be available yet");
}
await new Promise(resolve => SpecialPowers.pushPermissions([{
type: 'cookie',
allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
context: document,
}], resolve));
// With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
// able to run it from this iframe (as we are first party with the test
// runner parent document).
try {
sessionStorage.setItem("blocked", "blocked");
ok(true, "Should be available");
} catch (ex) {
ok(false, "Should be available");
}
// A third party iframe should not have access however.
await new Promise(resolve => {
window.onmessage = evt => {
window.onmessage = null;
is(evt.data, "sessionStorage=false");
resolve();
};
let iframe = document.createElement('iframe');
iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
document.body.appendChild(iframe);
});
});
</script>
</head>
<body>
</body>
</html>

Просмотреть файл

@ -158,6 +158,7 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
uint32_t perm;
mPermMgr->TestPermission(aURI, kPermissionType, &perm);
bool isThirdParty = false;
switch (perm) {
case nsICookiePermission::ACCESS_SESSION:
*aIsSession = true;
@ -171,8 +172,36 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
*aResult = false;
break;
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
// If it's third party, we can't set the cookie
if (isThirdParty) *aResult = false;
break;
case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
// If it's third party, check whether cookies are already set
if (isThirdParty) {
nsresult rv;
nsCOMPtr<nsICookieManager> cookieManager =
do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
*aResult = false;
break;
}
uint32_t priorCookieCount = 0;
nsAutoCString hostFromURI;
aURI->GetHost(hostFromURI);
cookieManager->CountCookiesFromHost(hostFromURI, &priorCookieCount);
*aResult = priorCookieCount != 0;
}
break;
default:
// Here we can have any legacy permission value.
// the permission manager has nothing to say about this cookie -
// so, we apply the default prefs to it.
NS_ASSERTION(perm == nsIPermissionManager::UNKNOWN_ACTION,
"unknown permission");
// now we need to figure out what type of accept policy we're dealing with
// if we accept cookies normally, just bail and return

Просмотреть файл

@ -99,6 +99,20 @@ function run_test() {
do_set_cookies(uri1, channel2, true, [1, 1, 1, 1]);
Services.cookies.removeAll();
// Test per-site 3rd party cookie limiting with cookies enabled
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
var kPermissionType = "cookie";
var LIMIT_THIRD_PARTY = 10;
// LIMIT_THIRD_PARTY overrides
Services.perms.add(uri1, kPermissionType, LIMIT_THIRD_PARTY);
do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
Services.cookies.removeAll();
do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
Services.cookies.removeAll();
do_set_single_http_cookie(uri1, channel1, 1);
do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
Services.cookies.removeAll();
// Test per-site 3rd party cookie limiting with 3rd party cookies disabled
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);

Просмотреть файл

@ -4080,6 +4080,31 @@ CookieStatus nsCookieService::CheckPrefs(
case nsICookiePermission::ACCESS_ALLOW:
return STATUS_ACCEPTED;
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
if (aIsForeign) {
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
aCookieHeader,
"third party cookies are blocked "
"for this site");
*aRejectedReason =
nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
return STATUS_REJECTED;
}
return STATUS_ACCEPTED;
case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
if (!aIsForeign) return STATUS_ACCEPTED;
if (aNumOfCookies == 0) {
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
aCookieHeader,
"third party cookies are blocked "
"for this site");
*aRejectedReason =
nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
return STATUS_REJECTED;
}
return STATUS_ACCEPTED;
}
}
}

Просмотреть файл

@ -31,12 +31,8 @@ interface nsICookiePermission : nsISupports
* any methods on this interface.
*/
const nsCookieAccess ACCESS_SESSION = 8;
/**
* Don't use values 9 and 10! They used to be ACCESS_ALLOW_FIRST_PARTY_ONLY
* and ACCESS_LIMIT_THIRD_PARTY, now removed, but maybe still stored in some
* ancient user profiles.
*/
const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10;
/**
* setAccess

Просмотреть файл

@ -14,6 +14,8 @@ const DENY_ACTION = SpecialPowers.Ci.nsIPermissionManager.DENY_ACTION;
const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION;
const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION;
const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION;
const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
const ACCESS_LIMIT_THIRD_PARTY = SpecialPowers.Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME;
// expire Setting:
@ -35,6 +37,8 @@ function starttest(){
SpecialPowers.addPermission("pDENY", DENY_ACTION, document);
SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document);
SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document);
SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document);
SpecialPowers.addPermission("pTHIRDPARTY", ACCESS_LIMIT_THIRD_PARTY, document);
setTimeout(test1, 0);
}
@ -57,6 +61,12 @@ function test1() {
} else if (!SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document)) {
dump('/**** ACCESS_SESSION not set ****/\n');
setTimeout(test1, 0);
} else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) {
dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n');
setTimeout(test1, 0);
} else if (!SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document)) {
dump('/**** ACCESS_LIMIT_THIRD_PARTY not set ****/\n');
setTimeout(test1, 0);
} else {
test2();
}
@ -64,14 +74,7 @@ function test1() {
function test2() {
ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission');
SpecialPowers.pushPermissions([
{'type': 'pUNKNOWN', 'allow': true, 'context': document},
{'type': 'pALLOW', 'allow': false, 'context': document},
{'type': 'pDENY', 'allow': true, 'context': document},
{'type': 'pPROMPT', 'allow': true, 'context': document},
{'type': 'pSESSION', 'allow': true, 'context': document},
{'type': 'pREMOVE', 'remove': true, 'context': document},
], test3);
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pTHIRDPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
}
function test3() {
@ -81,25 +84,16 @@ function test3() {
ok(SpecialPowers.testPermission('pDENY', ALLOW_ACTION, document), 'pDENY should have ALLOW permission');
ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission');
ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission');
ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission');
ok(SpecialPowers.testPermission('pTHIRDPARTY', ALLOW_ACTION, document), 'pTHIRDPARTY should have ALLOW permission');
// only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures
SpecialPowers.pushPermissions([
{'type': 'pUNKNOWN', 'allow': true, 'context': document},
{'type': 'pALLOW', 'allow': false, 'context': document},
{'type': 'pDENY', 'allow': true, 'context': document},
{'type': 'pPROMPT', 'allow': false, 'context': document},
{'type': 'pREMOVE', 'remove': true, 'context': document},
], test3b);
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b);
}
function test3b() {
ok(SpecialPowers.testPermission('pPROMPT', DENY_ACTION, document), 'pPROMPT value should have DENY permission');
SpecialPowers.pushPermissions([
{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document},
{'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document},
{'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document},
{'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document},
], test4);
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document}, {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document}], test4);
}
function test4() {
@ -111,6 +105,7 @@ function test4() {
SpecialPowers.flushPermissions(test5);
}
function test5() {
ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN should have UNKNOWN permission');
ok(SpecialPowers.testPermission('pALLOW', ALLOW_ACTION, document), 'pALLOW should have ALLOW permission');
@ -118,12 +113,16 @@ function test5() {
ok(SpecialPowers.testPermission('pPROMPT', PROMPT_ACTION, document), 'pPROMPT should have PROMPT permission');
ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission');
ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission');
ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission');
ok(SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document), 'pTHIRDPARTY should have ACCESS_LIMIT_THIRD_PARTY permission');
SpecialPowers.removePermission("pPROMPT", document);
SpecialPowers.removePermission("pALLOW", document);
SpecialPowers.removePermission("pDENY", document);
SpecialPowers.removePermission("pREMOVE", document);
SpecialPowers.removePermission("pSESSION", document);
SpecialPowers.removePermission("pFIRSTPARTY", document);
SpecialPowers.removePermission("pTHIRDPARTY", document);
setTimeout(test6, 0);
}
@ -144,6 +143,12 @@ function test6() {
} else if (!SpecialPowers.testPermission('pSESSION', UNKNOWN_ACTION, document)) {
dump('/**** pSESSION still set ****/\n');
setTimeout(test6, 0);
} else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) {
dump('/**** pFIRSTPARTY still set ****/\n');
setTimeout(test6, 0);
} else if (!SpecialPowers.testPermission('pTHIRDPARTY', UNKNOWN_ACTION, document)) {
dump('/**** pTHIRDPARTY still set ****/\n');
setTimeout(test6, 0);
} else {
test7();
}

Просмотреть файл

@ -802,6 +802,10 @@ SpecialPowersAPI.prototype = {
originalValue = Ci.nsIPermissionManager.PROMPT_ACTION;
} else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_SESSION, context)) {
originalValue = Ci.nsICookiePermission.ACCESS_SESSION;
} else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) {
originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
} else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, context)) {
originalValue = Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
}
let principal = this._getPrincipalFromArg(context);