Bug 1521051 - nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, r=valentin, r=johannh

browser/modules/Sanitizer.jsm

@@ -800,8 +800,7 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
   // immediately.
   let p = Services.perms.testPermissionFromPrincipal(principal, "cookie");
   if (p == Ci.nsICookiePermission.ACCESS_ALLOW ||
-      p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY ||
-      p == Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY) {
+      p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY) {
     return true;
   }
 

dom/base/nsContentUtils.cpp

@@ -8196,14 +8196,6 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
       // this is probably not an issue.
       *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
       break;
-    case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
-      // NOTE: The decision was made here to override the lifetime policy to be
-      // ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
-      // prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
-      // specific domain. As BEHAVIOR_LIMIT_FOREIGN isn't visible in our UI,
-      // this is probably not an issue.
-      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-      break;
   }
 }
 

extensions/cookie/nsCookiePermission.cpp

@@ -178,25 +178,6 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
       if (isThirdParty) *aResult = false;
       break;
 
-    case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
-      mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
-      // If it's third party, check whether cookies are already set
-      if (isThirdParty) {
-        nsresult rv;
-        nsCOMPtr<nsICookieManager> cookieManager =
-            do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv);
-        if (NS_FAILED(rv)) {
-          *aResult = false;
-          break;
-        }
-        uint32_t priorCookieCount = 0;
-        nsAutoCString hostFromURI;
-        aURI->GetHost(hostFromURI);
-        cookieManager->CountCookiesFromHost(hostFromURI, &priorCookieCount);
-        *aResult = priorCookieCount != 0;
-      }
-      break;
-
     default:
       // the permission manager has nothing to say about this cookie -
       // so, we apply the default prefs to it.

extensions/cookie/test/unit/test_cookies_thirdparty.js

@@ -99,20 +99,6 @@ function run_test() {
   do_set_cookies(uri1, channel2, true, [1, 1, 1, 1]);
   Services.cookies.removeAll();
 
-  // Test per-site 3rd party cookie limiting with cookies enabled
-  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
-  var kPermissionType = "cookie";
-  var LIMIT_THIRD_PARTY = 10;
-  // LIMIT_THIRD_PARTY overrides
-  Services.perms.add(uri1, kPermissionType, LIMIT_THIRD_PARTY);
-  do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
-  Services.cookies.removeAll();
-  do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
-  Services.cookies.removeAll();
-  do_set_single_http_cookie(uri1, channel1, 1);
-  do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
-  Services.cookies.removeAll();
-
   // Test per-site 3rd party cookie limiting with 3rd party cookies disabled
   Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
   do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);

netwerk/cookie/nsCookieService.cpp

@@ -4092,19 +4092,6 @@ CookieStatus nsCookieService::CheckPrefs(
             return STATUS_REJECTED;
           }
           return STATUS_ACCEPTED;
-
-        case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY:
-          if (!aIsForeign) return STATUS_ACCEPTED;
-          if (aNumOfCookies == 0) {
-            COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
-                              aCookieHeader,
-                              "third party cookies are blocked "
-                              "for this site");
-            *aRejectedReason =
-                nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
-            return STATUS_REJECTED;
-          }
-          return STATUS_ACCEPTED;
       }
     }
   }

netwerk/cookie/nsICookiePermission.idl

@@ -32,7 +32,11 @@ interface nsICookiePermission : nsISupports
    */
   const nsCookieAccess ACCESS_SESSION = 8;
   const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
-  const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10;
+
+  /**
+   * Don't use value 10! It used to be ACCESS_LIMIT_THIRD_PARTY, now removed,
+   * but maybe still stored in some ancient user profiles.
+   */
 
   /**
    * setAccess

testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html

@@ -15,7 +15,6 @@ const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION;
 const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION;
 const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION;
 const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
-const ACCESS_LIMIT_THIRD_PARTY = SpecialPowers.Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
 
 const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME;
 // expire Setting:
@@ -38,7 +37,6 @@ function starttest(){
   SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document);
   SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document);
   SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document);
-  SpecialPowers.addPermission("pTHIRDPARTY", ACCESS_LIMIT_THIRD_PARTY, document);
 
   setTimeout(test1, 0);
 }
@@ -64,9 +62,6 @@ function test1() {
   } else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) {
     dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n');
     setTimeout(test1, 0);
-  } else if (!SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document)) {
-    dump('/**** ACCESS_LIMIT_THIRD_PARTY not set ****/\n');
-    setTimeout(test1, 0);
   } else {
     test2();
   }
@@ -74,7 +69,7 @@ function test1() {
 
 function test2() {
   ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission');
-  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pTHIRDPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
+  SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
 }
 
 function test3() {
@@ -85,7 +80,6 @@ function test3() {
   ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission');
   ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission');
   ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission');
-  ok(SpecialPowers.testPermission('pTHIRDPARTY', ALLOW_ACTION, document), 'pTHIRDPARTY should have ALLOW permission');
 
   // only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures
   SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b);
@@ -114,7 +108,6 @@ function test5() {
   ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission');
   ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission');
   ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission');
-  ok(SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document), 'pTHIRDPARTY should have ACCESS_LIMIT_THIRD_PARTY permission');
 
   SpecialPowers.removePermission("pPROMPT", document);
   SpecialPowers.removePermission("pALLOW", document);
@@ -122,7 +115,6 @@ function test5() {
   SpecialPowers.removePermission("pREMOVE", document);
   SpecialPowers.removePermission("pSESSION", document);
   SpecialPowers.removePermission("pFIRSTPARTY", document);
-  SpecialPowers.removePermission("pTHIRDPARTY", document);
 
   setTimeout(test6, 0);
 }
@@ -146,9 +138,6 @@ function test6() {
   } else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) {
     dump('/**** pFIRSTPARTY still set ****/\n');
     setTimeout(test6, 0);
-  } else if (!SpecialPowers.testPermission('pTHIRDPARTY', UNKNOWN_ACTION, document)) {
-    dump('/**** pTHIRDPARTY still set ****/\n');
-    setTimeout(test6, 0);
   } else {
     test7();
   }

testing/specialpowers/content/specialpowersAPI.js

@@ -804,8 +804,6 @@ SpecialPowersAPI.prototype = {
           originalValue = Ci.nsICookiePermission.ACCESS_SESSION;
         } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) {
           originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
-        } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, context)) {
-          originalValue = Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY;
         }
 
         let principal = this._getPrincipalFromArg(context);