From b3c7bf3a3e7f0e3996fefb097c169a4270f0efc9 Mon Sep 17 00:00:00 2001 From: Mike Kaply Date: Tue, 23 Nov 2021 18:57:53 +0000 Subject: [PATCH] Bug 1741204 - Consolidate cookie policy into one Behavior policy. r=pbz Differential Revision: https://phabricator.services.mozilla.com/D131825 --- .../enterprisepolicies/Policies.jsm | 106 +++++++++++------- .../schemas/policies-schema.json | 11 ++ .../xpcshell/test_simple_pref_policies.js | 84 ++++++++++++++ 3 files changed, 159 insertions(+), 42 deletions(-) diff --git a/browser/components/enterprisepolicies/Policies.jsm b/browser/components/enterprisepolicies/Policies.jsm index 120b4e7941e1..d3d8fcd6c512 100644 --- a/browser/components/enterprisepolicies/Policies.jsm +++ b/browser/components/enterprisepolicies/Policies.jsm @@ -428,50 +428,10 @@ var Policies = { }); } - if ( - param.Default !== undefined || - param.AcceptThirdParty !== undefined || - param.RejectTracker !== undefined || - param.Locked - ) { - const ACCEPT_COOKIES = 0; - const REJECT_THIRD_PARTY_COOKIES = 1; - const REJECT_ALL_COOKIES = 2; - const REJECT_UNVISITED_THIRD_PARTY = 3; - const REJECT_TRACKER = 4; - - let newCookieBehavior = ACCEPT_COOKIES; - if (param.Default !== undefined && !param.Default) { - newCookieBehavior = REJECT_ALL_COOKIES; - } else if (param.AcceptThirdParty) { - if (param.AcceptThirdParty == "never") { - newCookieBehavior = REJECT_THIRD_PARTY_COOKIES; - } else if (param.AcceptThirdParty == "from-visited") { - newCookieBehavior = REJECT_UNVISITED_THIRD_PARTY; - } - } else if (param.RejectTracker !== undefined && param.RejectTracker) { - newCookieBehavior = REJECT_TRACKER; - } - - PoliciesUtils.setDefaultPref( - "network.cookie.cookieBehavior", - newCookieBehavior, - param.Locked - ); - PoliciesUtils.setDefaultPref( - "network.cookie.cookieBehavior.pbmode", - newCookieBehavior, - param.Locked - ); - } - - const KEEP_COOKIES_UNTIL_EXPIRATION = 0; - const KEEP_COOKIES_UNTIL_END_OF_SESSION = 2; - if (param.ExpireAtSessionEnd !== undefined || param.Locked) { - let newLifetimePolicy = KEEP_COOKIES_UNTIL_EXPIRATION; + let newLifetimePolicy = Ci.nsICookieService.ACCEPT_NORMALLY; if (param.ExpireAtSessionEnd) { - newLifetimePolicy = KEEP_COOKIES_UNTIL_END_OF_SESSION; + newLifetimePolicy = Ci.nsICookieService.ACCEPT_SESSION; } PoliciesUtils.setDefaultPref( @@ -480,6 +440,68 @@ var Policies = { param.Locked ); } + + // New Cookie Behavior option takes precendence + let defaultPref = Services.prefs.getDefaultBranch(""); + let newCookieBehavior = defaultPref.getIntPref( + "network.cookie.cookieBehavior" + ); + let newCookieBehaviorPB = defaultPref.getIntPref( + "network.cookie.cookieBehavior.pbmode" + ); + if ("Behavior" in param || "BehaviorPrivateBrowsing" in param) { + let behaviors = { + accept: Ci.nsICookieService.BEHAVIOR_ACCEPT, + "reject-foreign": Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN, + reject: Ci.nsICookieService.BEHAVIOR_REJECT, + "limit-foreign": Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN, + "reject-tracker": Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER, + "reject-tracker-and-partition-foreign": + Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN, + }; + if ("Behavior" in param) { + newCookieBehavior = behaviors[param.Behavior]; + } + if ("BehaviorPrivateBrowsing" in param) { + newCookieBehaviorPB = behaviors[param.BehaviorPrivateBrowsing]; + } + } else { + // Default, AcceptThirdParty, and RejectTracker are being + // deprecated in favor of Behavior. They will continue + // to be supported, though. + if ( + param.Default !== undefined || + param.AcceptThirdParty !== undefined || + param.RejectTracker !== undefined || + param.Locked + ) { + newCookieBehavior = Ci.nsICookieService.BEHAVIOR_ACCEPT; + if (param.Default !== undefined && !param.Default) { + newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT; + } else if (param.AcceptThirdParty) { + if (param.AcceptThirdParty == "never") { + newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN; + } else if (param.AcceptThirdParty == "from-visited") { + newCookieBehavior = Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN; + } + } else if (param.RejectTracker) { + newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER; + } + } + // With the old cookie policy, we made private browsing the same. + newCookieBehaviorPB = newCookieBehavior; + } + // We set the values no matter what just in case the policy was only used to lock. + PoliciesUtils.setDefaultPref( + "network.cookie.cookieBehavior", + newCookieBehavior, + param.Locked + ); + PoliciesUtils.setDefaultPref( + "network.cookie.cookieBehavior.pbmode", + newCookieBehaviorPB, + param.Locked + ); }, }, diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json index 5ecf6950307d..6be46fce46c4 100644 --- a/browser/components/enterprisepolicies/schemas/policies-schema.json +++ b/browser/components/enterprisepolicies/schemas/policies-schema.json @@ -217,7 +217,18 @@ "Locked": { "type": "boolean" + }, + + "Behavior": { + "type": "string", + "enum": ["accept", "reject-foreign", "reject", "limit-foreign", "reject-tracker", "reject-tracker-and-partition-foreign"] + }, + + "BehaviorPrivateBrowsing": { + "type": "string", + "enum": ["accept", "reject-foreign", "reject", "limit-foreign", "reject-tracker", "reject-tracker-and-partition-foreign"] } + } }, diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js index 0c9dd6c0add6..c8f343a95537 100644 --- a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js @@ -817,6 +817,90 @@ const POLICIES_TESTS = [ "network.http.windows-sso.enabled": true, }, }, + + { + policies: { + Cookies: { + Behavior: "accept", + BehaviorPrivateBrowsing: "reject-foreign", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 0, + "network.cookie.cookieBehavior.pbmode": 1, + }, + }, + + { + policies: { + Cookies: { + Behavior: "reject-foreign", + BehaviorPrivateBrowsing: "reject", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 1, + "network.cookie.cookieBehavior.pbmode": 2, + }, + }, + + { + policies: { + Cookies: { + Behavior: "reject", + BehaviorPrivateBrowsing: "limit-foreign", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 2, + "network.cookie.cookieBehavior.pbmode": 3, + }, + }, + + { + policies: { + Cookies: { + Behavior: "limit-foreign", + BehaviorPrivateBrowsing: "reject-tracker", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 3, + "network.cookie.cookieBehavior.pbmode": 4, + }, + }, + + { + policies: { + Cookies: { + Behavior: "reject-tracker", + BehaviorPrivateBrowsing: "reject-tracker-and-partition-foreign", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 4, + "network.cookie.cookieBehavior.pbmode": 5, + }, + }, + + { + policies: { + Cookies: { + Behavior: "reject-tracker-and-partition-foreign", + BehaviorPrivateBrowsing: "accept", + Locked: true, + }, + }, + lockedPrefs: { + "network.cookie.cookieBehavior": 5, + "network.cookie.cookieBehavior.pbmode": 0, + }, + }, ]; add_task(async function test_policy_simple_prefs() {