Backed out 2 changesets (bug 1521051) for xpcshell fails on extensions/cookie/test/unit/test_cookies_thirdparty.js. CLOSED TREE

Backed out changeset 90bb620dd870 (bug 1521051)
Backed out changeset 483fa314e45e (bug 1521051)

browser/components/preferences/permissions.js

@@ -131,13 +131,8 @@ var gPermissionManager = {
       this.buildPermissionsList();
     } else if (data == "changed") {
       let p = this._permissions.get(permission.principal.origin);
-      // Maybe this item has been excluded before because it had an invalid capability.
+      p.capability = permission.capability;
-      if (p) {
+      this._handleCapabilityChange(p);
-        p.capability = permission.capability;
-        this._handleCapabilityChange(p);
-      } else {
-        this._addPermissionToList(permission);
-      }
       this.buildPermissionsList();
     } else if (data == "deleted") {
       this._removePermissionFromList(permission.principal.origin);
@@ -149,12 +144,6 @@ var gPermissionManager = {
     document.l10n.setAttributes(permissionlistitem.querySelector(".website-capability-value"), this._getCapabilityL10nId(perm.capability));
   },
 
-  _isCapabilitySupported(capability) {
-     return capability == Ci.nsIPermissionManager.ALLOW_ACTION ||
-            capability == Ci.nsIPermissionManager.DENY_ACTION ||
-            capability == Ci.nsICookiePermission.ACCESS_SESSION;
-  },
-
   _getCapabilityL10nId(capability) {
     let stringKey = null;
     switch (capability) {
@@ -164,6 +153,9 @@ var gPermissionManager = {
     case Ci.nsIPermissionManager.DENY_ACTION:
       stringKey = "permissions-capabilities-listitem-block";
       break;
+    case Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY:
+      stringKey = "permissions-capabilities-listitem-allow-first-party";
+      break;
     case Ci.nsICookiePermission.ACCESS_SESSION:
       stringKey = "permissions-capabilities-listitem-allow-session";
       break;
@@ -176,9 +168,6 @@ var gPermissionManager = {
   _addPermissionToList(perm) {
     if (perm.type !== this._type)
       return;
-    if (!this._isCapabilitySupported(perm.capability))
-      return;
-
     let p = new Permission(perm.principal, perm.type, perm.capability);
     this._permissions.set(p.origin, p);
   },

browser/locales/en-US/browser/preferences/permissions.ftl

@@ -60,6 +60,8 @@ permissions-capabilities-listitem-allow =
     .value = Allow
 permissions-capabilities-listitem-block =
     .value = Block
+permissions-capabilities-listitem-allow-first-party =
+    .value = Allow first party only
 permissions-capabilities-listitem-allow-session =
     .value = Allow for Session
 

browser/modules/Sanitizer.jsm

@@ -799,7 +799,9 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
   // If we have the 'cookie' permission for this principal, let's return
   // immediately.
   let p = Services.perms.testPermissionFromPrincipal(principal, "cookie");
-  if (p == Ci.nsICookiePermission.ACCESS_ALLOW) {
+  if (p == Ci.nsICookiePermission.ACCESS_ALLOW ||
+      p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY ||
+      p == Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY) {
     return true;
   }
 

dom/base/nsContentUtils.cpp

@@ -8188,6 +8188,22 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
     case nsICookiePermission::ACCESS_SESSION:
       *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
       break;
+    case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
+      // NOTE: The decision was made here to override the lifetime policy to be
+      // ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
+      // prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
+      // specific domain. As BEHAVIOR_REJECT_FOREIGN isn't visible in our UI,
+      // this is probably not an issue.
+      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+      break;
+    case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
+      // NOTE: The decision was made here to override the lifetime policy to be
+      // ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
+      // prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
+      // specific domain. As BEHAVIOR_LIMIT_FOREIGN isn't visible in our UI,
+      // this is probably not an issue.
+      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+      break;
   }
 }
 

dom/tests/mochitest/localstorage/mochitest.ini

@@ -50,3 +50,4 @@ skip-if = true # bug 1347690
 skip-if = toolkit == 'android'
 [test_storageConstructor.html]
 [test_localStorageSessionPrefOverride.html]
+[test_firstPartyOnlyPermission.html]

dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html

@@ -0,0 +1,62 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>first party storage permission test</title>
+
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+<script type="text/javascript">
+  TRY_ACCESS_SESSION_STORAGE =
+    'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
+
+  add_task(async function() {
+    await SpecialPowers.pushPrefEnv({
+      set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
+    });
+
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(false, "Shouldn't be available yet");
+    } catch (ex) {
+      ok(true, "Shouldn't be available yet");
+    }
+
+    await new Promise(resolve => SpecialPowers.pushPermissions([{
+      type: 'cookie',
+      allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
+      context: document,
+    }], resolve));
+
+    // With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
+    // able to run it from this iframe (as we are first party with the test
+    // runner parent document).
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(true, "Should be available");
+    } catch (ex) {
+      ok(false, "Should be available");
+    }
+
+    // A third party iframe should not have access however.
+    await new Promise(resolve => {
+      window.onmessage = evt => {
+        window.onmessage = null;
+        is(evt.data, "sessionStorage=false");
+        resolve();
+      };
+
+      let iframe = document.createElement('iframe');
+      iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
+      document.body.appendChild(iframe);
+    });
+  });
+
+</script>
+
+</head>
+
+<body>
+
+</body>
+</html>

extensions/cookie/nsCookiePermission.cpp

@@ -158,6 +158,7 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
 
   uint32_t perm;
   mPermMgr->TestPermission(aURI, kPermissionType, &perm);
+  bool isThirdParty = false;
   switch (perm) {
     case nsICookiePermission::ACCESS_SESSION:
       *aIsSession = true;
@@ -171,8 +172,36 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
       *aResult = false;
       break;
 
+    case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
+      mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
+      // If it's third party, we can't set the cookie
+      if (isThirdParty) *aResult = false;
+      break;
+
+    case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
+      mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
+      // If it's third party, check whether cookies are already set
+      if (isThirdParty) {
+        nsresult rv;
+        nsCOMPtr<nsICookieManager> cookieManager =
+            do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv);
+        if (NS_FAILED(rv)) {
+          *aResult = false;
+          break;
+        }
+        uint32_t priorCookieCount = 0;
+        nsAutoCString hostFromURI;
+        aURI->GetHost(hostFromURI);
+        cookieManager->CountCookiesFromHost(hostFromURI, &priorCookieCount);
+        *aResult = priorCookieCount != 0;
+      }
+      break;
+
     default:
-      // Here we can have any legacy permission value.
+      // the permission manager has nothing to say about this cookie -
+      // so, we apply the default prefs to it.
+      NS_ASSERTION(perm == nsIPermissionManager::UNKNOWN_ACTION,
+                   "unknown permission");
 
       // now we need to figure out what type of accept policy we're dealing with
       // if we accept cookies normally, just bail and return

extensions/cookie/test/unit/test_cookies_thirdparty.js

@@ -99,6 +99,20 @@ function run_test() {
   do_set_cookies(uri1, channel2, true, [1, 1, 1, 1]);
   Services.cookies.removeAll();
 
+  // Test per-site 3rd party cookie limiting with cookies enabled
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  var kPermissionType = "cookie";
+  var LIMIT_THIRD_PARTY = 10;
+  // LIMIT_THIRD_PARTY overrides
+  Services.perms.add(uri1, kPermissionType, LIMIT_THIRD_PARTY);
+  do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
+  Services.cookies.removeAll();
+  do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
+  Services.cookies.removeAll();
+  do_set_single_http_cookie(uri1, channel1, 1);
+  do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
+  Services.cookies.removeAll();
+
   // Test per-site 3rd party cookie limiting with 3rd party cookies disabled
   Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
   do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);

netwerk/cookie/nsCookieService.cpp

@@ -4080,6 +4080,31 @@ CookieStatus nsCookieService::CheckPrefs(
 
         case nsICookiePermission::ACCESS_ALLOW:
           return STATUS_ACCEPTED;
+
+        case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
+          if (aIsForeign) {
+            COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
+                              aCookieHeader,
+                              "third party cookies are blocked "
+                              "for this site");
+            *aRejectedReason =
+                nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
+            return STATUS_REJECTED;
+          }
+          return STATUS_ACCEPTED;
+
+        case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
+          if (!aIsForeign) return STATUS_ACCEPTED;
+          if (aNumOfCookies == 0) {
+            COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
+                              aCookieHeader,
+                              "third party cookies are blocked "
+                              "for this site");
+            *aRejectedReason =
+                nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
+            return STATUS_REJECTED;
+          }
+          return STATUS_ACCEPTED;
       }
     }
   }

netwerk/cookie/nsICookiePermission.idl

@@ -31,12 +31,8 @@ interface nsICookiePermission : nsISupports
    * any methods on this interface.
    */
   const nsCookieAccess ACCESS_SESSION = 8;
-
+  const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
-  /**
+  const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10;
-   * Don't use values 9 and 10! They used to be ACCESS_ALLOW_FIRST_PARTY_ONLY
-   * and ACCESS_LIMIT_THIRD_PARTY, now removed, but maybe still stored in some
-   * ancient user profiles.
-   */
 
   /**
    * setAccess

testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html

@@ -14,6 +14,8 @@ const DENY_ACTION = SpecialPowers.Ci.nsIPermissionManager.DENY_ACTION;
 const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION;
 const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION;
 const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION;
+const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
+const ACCESS_LIMIT_THIRD_PARTY = SpecialPowers.Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
 
 const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME;
 // expire Setting:
@@ -35,6 +37,8 @@ function starttest(){
   SpecialPowers.addPermission("pDENY", DENY_ACTION, document);
   SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document);
   SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document);
+  SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document);
+  SpecialPowers.addPermission("pTHIRDPARTY", ACCESS_LIMIT_THIRD_PARTY, document);
 
   setTimeout(test1, 0);
 }
@@ -57,6 +61,12 @@ function test1() {
   } else if (!SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document)) {
     dump('/**** ACCESS_SESSION not set ****/\n');
     setTimeout(test1, 0);
+  } else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) {
+    dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n');
+    setTimeout(test1, 0);
+  } else if (!SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document)) {
+    dump('/**** ACCESS_LIMIT_THIRD_PARTY not set ****/\n');
+    setTimeout(test1, 0);
   } else {
     test2();
   }
@@ -64,14 +74,7 @@ function test1() {
 
 function test2() {
   ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission');
-  SpecialPowers.pushPermissions([
+  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pTHIRDPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
-    {'type': 'pUNKNOWN', 'allow': true, 'context': document},
-    {'type': 'pALLOW', 'allow': false, 'context': document},
-    {'type': 'pDENY', 'allow': true, 'context': document},
-    {'type': 'pPROMPT', 'allow': true, 'context': document},
-    {'type': 'pSESSION', 'allow': true, 'context': document},
-    {'type': 'pREMOVE', 'remove': true, 'context': document},
-  ], test3);
 }
 
 function test3() {
@@ -81,25 +84,16 @@ function test3() {
   ok(SpecialPowers.testPermission('pDENY', ALLOW_ACTION, document), 'pDENY should have ALLOW permission');
   ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission');
   ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission');
+  ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission');
+  ok(SpecialPowers.testPermission('pTHIRDPARTY', ALLOW_ACTION, document), 'pTHIRDPARTY should have ALLOW permission');
 
   // only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures
-  SpecialPowers.pushPermissions([
+  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b);
-    {'type': 'pUNKNOWN', 'allow': true, 'context': document},
-    {'type': 'pALLOW', 'allow': false, 'context': document},
-    {'type': 'pDENY', 'allow': true, 'context': document},
-    {'type': 'pPROMPT', 'allow': false, 'context': document},
-    {'type': 'pREMOVE', 'remove': true, 'context': document},
-  ], test3b);
 }
 
 function test3b() {
   ok(SpecialPowers.testPermission('pPROMPT', DENY_ACTION, document), 'pPROMPT value should have DENY permission');
-  SpecialPowers.pushPermissions([
+  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document}, {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document}], test4);
-    {'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document},
-    {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document},
-    {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document},
-    {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document},
-  ], test4);
 }
 
 function test4() {
@@ -111,6 +105,7 @@ function test4() {
   SpecialPowers.flushPermissions(test5);
 }
 
+
 function test5() {
   ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN should have UNKNOWN permission');
   ok(SpecialPowers.testPermission('pALLOW', ALLOW_ACTION, document), 'pALLOW should have ALLOW permission');
@@ -118,12 +113,16 @@ function test5() {
   ok(SpecialPowers.testPermission('pPROMPT', PROMPT_ACTION, document), 'pPROMPT should have PROMPT permission');
   ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission');
   ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission');
+  ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission');
+  ok(SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document), 'pTHIRDPARTY should have ACCESS_LIMIT_THIRD_PARTY permission');
 
   SpecialPowers.removePermission("pPROMPT", document);
   SpecialPowers.removePermission("pALLOW", document);
   SpecialPowers.removePermission("pDENY", document);
   SpecialPowers.removePermission("pREMOVE", document);
   SpecialPowers.removePermission("pSESSION", document);
+  SpecialPowers.removePermission("pFIRSTPARTY", document);
+  SpecialPowers.removePermission("pTHIRDPARTY", document);
 
   setTimeout(test6, 0);
 }
@@ -144,6 +143,12 @@ function test6() {
   } else if (!SpecialPowers.testPermission('pSESSION', UNKNOWN_ACTION, document)) {
     dump('/**** pSESSION still set ****/\n');
     setTimeout(test6, 0);
+  } else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) {
+    dump('/**** pFIRSTPARTY still set ****/\n');
+    setTimeout(test6, 0);
+  } else if (!SpecialPowers.testPermission('pTHIRDPARTY', UNKNOWN_ACTION, document)) {
+    dump('/**** pTHIRDPARTY still set ****/\n');
+    setTimeout(test6, 0);
   } else {
     test7();
   }

testing/specialpowers/content/specialpowersAPI.js

@@ -802,6 +802,10 @@ SpecialPowersAPI.prototype = {
           originalValue = Ci.nsIPermissionManager.PROMPT_ACTION;
         } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_SESSION, context)) {
           originalValue = Ci.nsICookiePermission.ACCESS_SESSION;
+        } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) {
+          originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
+        } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, context)) {
+          originalValue = Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
         }
 
         let principal = this._getPrincipalFromArg(context);