Bug 1610371 - Test, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D62584

--HG--
extra : moz-landing-system : lando

toolkit/components/antitracking/test/browser/browser.ini

@@ -18,6 +18,7 @@ support-files =
   dynamicfpi_head.js
   partitionedstorage_head.js
   storageprincipal_head.js
+  cookiesCORS.sjs
   image.sjs
   imageCacheWorker.js
   page.html
@@ -150,4 +151,5 @@ skip-if = fission
 support-files = sharedWorker.js partitionedSharedWorker.js
 [browser_socialtracking.js]
 skip-if = fission
+[browser_thirdPartyStorageRejectionForCORS.js]
 [browser_urlDecorationStripping.js]

toolkit/components/antitracking/test/browser/browser_thirdPartyStorageRejectionForCORS.js

@@ -0,0 +1,57 @@
+// This test works by setting up an exception for the tracker domain, which
+// disables all the anti-tracking tests.
+
+/* import-globals-from antitracking_head.js */
+
+add_task(async _ => {
+  PermissionTestUtils.add(
+    "http://example.net",
+    "cookie",
+    Services.perms.ALLOW_ACTION
+  );
+
+  registerCleanupFunction(_ => {
+    Services.perms.removeAll();
+  });
+});
+
+AntiTracking._createTask({
+  name: "Test that we don't store 3P cookies from non-anonymous CORS XHR",
+  cookieBehavior: BEHAVIOR_REJECT_FOREIGN,
+  blockingByContentBlockingRTUI: false,
+  allowList: false,
+  thirdPartyPage: TEST_DOMAIN + TEST_PATH + "3rdParty.html",
+  callback: async _ => {
+    await new Promise(resolve => {
+      const xhr = new XMLHttpRequest();
+      xhr.open(
+        "GET",
+        "https://tracking.example.org/browser/toolkit/components/antitracking/test/browser/cookiesCORS.sjs?some;max-age=999999",
+        true
+      );
+      xhr.withCredentials = true;
+      xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+      xhr.onreadystatechange = _ => {
+        if (4 === xhr.readyState && 200 === xhr.status) {
+          resolve();
+        }
+      };
+      xhr.send();
+    });
+  },
+  extraPrefs: null,
+  expectedBlockingNotifications:
+    Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_FOREIGN,
+  runInPrivateWindow: false,
+  iframeSandbox: null,
+  accessRemoval: null,
+  callbackAfterRemoval: null,
+});
+
+add_task(async _ => {
+  await new Promise(resolve => {
+    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value =>
+      resolve()
+    );
+  });
+});

toolkit/components/antitracking/test/browser/cookiesCORS.sjs

@@ -0,0 +1,9 @@
+function handleRequest(aRequest, aResponse) {
+  aResponse.setStatusLine(aRequest.httpVersion, 200);
+  aResponse.setHeader("Access-Control-Allow-Origin", "http://example.net");
+  aResponse.setHeader("Access-Control-Allow-Credentials", "true");
+
+  if (aRequest.queryString) {
+    aResponse.setHeader("Set-Cookie", "foopy=" + aRequest.queryString);
+  }
+}