Bug 1521051 - Get rid of nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, r=johannh, r=flod

2019-01-23 19:19:19 +01:00 · 2019-01-23 19:19:19 +01:00 · 8e0c688733
--- a/browser/components/preferences/permissions.js
+++ b/browser/components/preferences/permissions.js
@ -131,8 +131,13 @@ var gPermissionManager = {
      this.buildPermissionsList();
    } else if (data == "changed") {
      let p = this._permissions.get(permission.principal.origin);
-      p.capability = permission.capability;
+      // Maybe this item has been excluded before because it had an invalid capability.
-      this._handleCapabilityChange(p);
+      if (p) {
        p.capability = permission.capability;
        this._handleCapabilityChange(p);
      } else {
        this._addPermissionToList(permission);
      }
      this.buildPermissionsList();
    } else if (data == "deleted") {
      this._removePermissionFromList(permission.principal.origin);
@ -144,6 +149,12 @@ var gPermissionManager = {
    document.l10n.setAttributes(permissionlistitem.querySelector(".website-capability-value"), this._getCapabilityL10nId(perm.capability));
  },
  _isCapabilitySupported(capability) {
     return capability == Ci.nsIPermissionManager.ALLOW_ACTION ||
            capability == Ci.nsIPermissionManager.DENY_ACTION ||
            capability == Ci.nsICookiePermission.ACCESS_SESSION;
  },
  _getCapabilityL10nId(capability) {
    let stringKey = null;
    switch (capability) {
@ -153,9 +164,6 @@ var gPermissionManager = {
    case Ci.nsIPermissionManager.DENY_ACTION:
      stringKey = "permissions-capabilities-listitem-block";
      break;
    case Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY:
      stringKey = "permissions-capabilities-listitem-allow-first-party";
      break;
    case Ci.nsICookiePermission.ACCESS_SESSION:
      stringKey = "permissions-capabilities-listitem-allow-session";
      break;
@ -168,6 +176,9 @@ var gPermissionManager = {
  _addPermissionToList(perm) {
    if (perm.type !== this._type)
      return;
    if (!this._isCapabilitySupported(perm.capability))
      return;
    let p = new Permission(perm.principal, perm.type, perm.capability);
    this._permissions.set(p.origin, p);
  },
--- a/browser/locales/en-US/browser/preferences/permissions.ftl
+++ b/browser/locales/en-US/browser/preferences/permissions.ftl
@ -60,8 +60,6 @@ permissions-capabilities-listitem-allow =
    .value = Allow
 permissions-capabilities-listitem-block =
    .value = Block
 permissions-capabilities-listitem-allow-first-party =
    .value = Allow first party only
 permissions-capabilities-listitem-allow-session =
    .value = Allow for Session
--- a/browser/modules/Sanitizer.jsm
+++ b/browser/modules/Sanitizer.jsm
@ -799,8 +799,7 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
  // If we have the 'cookie' permission for this principal, let's return
  // immediately.
  let p = Services.perms.testPermissionFromPrincipal(principal, "cookie");
-  if (p == Ci.nsICookiePermission.ACCESS_ALLOW ||
+  if (p == Ci.nsICookiePermission.ACCESS_ALLOW) {
      p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY) {
    return true;
  }
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -8174,14 +8174,6 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
    case nsICookiePermission::ACCESS_SESSION:
      *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
      break;
    case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
      // NOTE: The decision was made here to override the lifetime policy to be
      // ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
      // prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
      // specific domain. As BEHAVIOR_REJECT_FOREIGN isn't visible in our UI,
      // this is probably not an issue.
      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
      break;
  }
 }
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@ -50,4 +50,3 @@ skip-if = true # bug 1347690
 skip-if = toolkit == 'android'
 [test_storageConstructor.html]
 [test_localStorageSessionPrefOverride.html]
 [test_firstPartyOnlyPermission.html]
--- a/dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
+++ b/dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
@ -1,62 +0,0 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>first party storage permission test</title>
 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
 <script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 <script type="text/javascript">
  TRY_ACCESS_SESSION_STORAGE =
    'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
  add_task(async function() {
    await SpecialPowers.pushPrefEnv({
      set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
    });
    try {
      sessionStorage.setItem("blocked", "blocked");
      ok(false, "Shouldn't be available yet");
    } catch (ex) {
      ok(true, "Shouldn't be available yet");
    }
    await new Promise(resolve => SpecialPowers.pushPermissions([{
      type: 'cookie',
      allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
      context: document,
    }], resolve));
    // With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
    // able to run it from this iframe (as we are first party with the test
    // runner parent document).
    try {
      sessionStorage.setItem("blocked", "blocked");
      ok(true, "Should be available");
    } catch (ex) {
      ok(false, "Should be available");
    }
    // A third party iframe should not have access however.
    await new Promise(resolve => {
      window.onmessage = evt => {
        window.onmessage = null;
        is(evt.data, "sessionStorage=false");
        resolve();
      };
      let iframe = document.createElement('iframe');
      iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
      document.body.appendChild(iframe);
    });
  });
 </script>
 </head>
 <body>
 </body>
 </html>
--- a/extensions/cookie/nsCookiePermission.cpp
+++ b/extensions/cookie/nsCookiePermission.cpp
@ -158,7 +158,6 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
  uint32_t perm;
  mPermMgr->TestPermission(aURI, kPermissionType, &perm);
  bool isThirdParty = false;
  switch (perm) {
    case nsICookiePermission::ACCESS_SESSION:
      *aIsSession = true;
@ -172,17 +171,8 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
      *aResult = false;
      break;
    case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
      mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
      // If it's third party, we can't set the cookie
      if (isThirdParty) *aResult = false;
      break;
    default:
-      // the permission manager has nothing to say about this cookie -
+      // Here we can have any legacy permission value.
      // so, we apply the default prefs to it.
      NS_ASSERTION(perm == nsIPermissionManager::UNKNOWN_ACTION,
                   "unknown permission");
      // now we need to figure out what type of accept policy we're dealing with
      // if we accept cookies normally, just bail and return
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@ -4068,18 +4068,6 @@ CookieStatus nsCookieService::CheckPrefs(
        case nsICookiePermission::ACCESS_ALLOW:
          return STATUS_ACCEPTED;
        case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
          if (aIsForeign) {
            COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
                              aCookieHeader,
                              "third party cookies are blocked "
                              "for this site");
            *aRejectedReason =
                nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
            return STATUS_REJECTED;
          }
          return STATUS_ACCEPTED;
      }
    }
  }
--- a/netwerk/cookie/nsICookiePermission.idl
+++ b/netwerk/cookie/nsICookiePermission.idl
@ -31,11 +31,11 @@ interface nsICookiePermission : nsISupports
   * any methods on this interface.
   */
  const nsCookieAccess ACCESS_SESSION = 8;
  const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
  /**
-   * Don't use value 10! It used to be ACCESS_LIMIT_THIRD_PARTY, now removed,
+   * Don't use values 9 and 10! They used to be ACCESS_ALLOW_FIRST_PARTY_ONLY
-   * but maybe still stored in some ancient user profiles.
+   * and ACCESS_LIMIT_THIRD_PARTY, now removed, but maybe still stored in some
   * ancient user profiles.
   */
  /**
--- a/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html
+++ b/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html
@ -14,7 +14,6 @@ const DENY_ACTION = SpecialPowers.Ci.nsIPermissionManager.DENY_ACTION;
 const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION;
 const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION;
 const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION;
 const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
 const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME;
 // expire Setting:
@ -36,7 +35,6 @@ function starttest(){
  SpecialPowers.addPermission("pDENY", DENY_ACTION, document);
  SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document);
  SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document);
  SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document);
  setTimeout(test1, 0);
 }
@ -59,9 +57,6 @@ function test1() {
  } else if (!SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document)) {
    dump('/**** ACCESS_SESSION not set ****/\n');
    setTimeout(test1, 0);
  } else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) {
    dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n');
    setTimeout(test1, 0);
  } else {
    test2();
  }
@ -69,7 +64,14 @@ function test1() {
 function test2() {
  ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission');
-  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
+  SpecialPowers.pushPermissions([
    {'type': 'pUNKNOWN', 'allow': true, 'context': document},
    {'type': 'pALLOW', 'allow': false, 'context': document},
    {'type': 'pDENY', 'allow': true, 'context': document},
    {'type': 'pPROMPT', 'allow': true, 'context': document},
    {'type': 'pSESSION', 'allow': true, 'context': document},
    {'type': 'pREMOVE', 'remove': true, 'context': document},
  ], test3);
 }
 function test3() {
@ -79,15 +81,25 @@ function test3() {
  ok(SpecialPowers.testPermission('pDENY', ALLOW_ACTION, document), 'pDENY should have ALLOW permission');
  ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission');
  ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission');
  ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission');
  // only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures
-  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b);
+  SpecialPowers.pushPermissions([
    {'type': 'pUNKNOWN', 'allow': true, 'context': document},
    {'type': 'pALLOW', 'allow': false, 'context': document},
    {'type': 'pDENY', 'allow': true, 'context': document},
    {'type': 'pPROMPT', 'allow': false, 'context': document},
    {'type': 'pREMOVE', 'remove': true, 'context': document},
  ], test3b);
 }
 function test3b() {
  ok(SpecialPowers.testPermission('pPROMPT', DENY_ACTION, document), 'pPROMPT value should have DENY permission');
-  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document}, {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document}], test4);
+  SpecialPowers.pushPermissions([
    {'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document},
    {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document},
    {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document},
    {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document},
  ], test4);
 }
 function test4() {
@ -99,7 +111,6 @@ function test4() {
  SpecialPowers.flushPermissions(test5);
 }
 function test5() {
  ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN should have UNKNOWN permission');
  ok(SpecialPowers.testPermission('pALLOW', ALLOW_ACTION, document), 'pALLOW should have ALLOW permission');
@ -107,14 +118,12 @@ function test5() {
  ok(SpecialPowers.testPermission('pPROMPT', PROMPT_ACTION, document), 'pPROMPT should have PROMPT permission');
  ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission');
  ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission');
  ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission');
  SpecialPowers.removePermission("pPROMPT", document);
  SpecialPowers.removePermission("pALLOW", document);
  SpecialPowers.removePermission("pDENY", document);
  SpecialPowers.removePermission("pREMOVE", document);
  SpecialPowers.removePermission("pSESSION", document);
  SpecialPowers.removePermission("pFIRSTPARTY", document);
  setTimeout(test6, 0);
 }
@ -135,9 +144,6 @@ function test6() {
  } else if (!SpecialPowers.testPermission('pSESSION', UNKNOWN_ACTION, document)) {
    dump('/**** pSESSION still set ****/\n');
    setTimeout(test6, 0);
  } else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) {
    dump('/**** pFIRSTPARTY still set ****/\n');
    setTimeout(test6, 0);
  } else {
    test7();
  }
--- a/testing/specialpowers/content/specialpowersAPI.js
+++ b/testing/specialpowers/content/specialpowersAPI.js
@ -802,8 +802,6 @@ SpecialPowersAPI.prototype = {
          originalValue = Ci.nsIPermissionManager.PROMPT_ACTION;
        } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_SESSION, context)) {
          originalValue = Ci.nsICookiePermission.ACCESS_SESSION;
        } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) {
          originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
        }
        let principal = this._getPrincipalFromArg(context);