From dc777dc7a62677445737ab8982fe1047aeb92c72 Mon Sep 17 00:00:00 2001 From: Andrea Marchesini Date: Wed, 23 Jan 2019 19:19:18 +0100 Subject: [PATCH] Bug 1521051 - nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, r=valentin, r=johannh --- browser/modules/Sanitizer.jsm | 3 +-- dom/base/nsContentUtils.cpp | 8 -------- extensions/cookie/nsCookiePermission.cpp | 19 ------------------- .../test/unit/test_cookies_thirdparty.js | 14 -------------- netwerk/cookie/nsCookieService.cpp | 13 ------------- netwerk/cookie/nsICookiePermission.idl | 6 +++++- .../test_SpecialPowersPushPermissions.html | 13 +------------ .../specialpowers/content/specialpowersAPI.js | 2 -- 8 files changed, 7 insertions(+), 71 deletions(-) diff --git a/browser/modules/Sanitizer.jsm b/browser/modules/Sanitizer.jsm index b8e889000cc9..5d6caf7a09e0 100644 --- a/browser/modules/Sanitizer.jsm +++ b/browser/modules/Sanitizer.jsm @@ -800,8 +800,7 @@ function cookiesAllowedForDomainOrSubDomain(principal) { // immediately. let p = Services.perms.testPermissionFromPrincipal(principal, "cookie"); if (p == Ci.nsICookiePermission.ACCESS_ALLOW || - p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY || - p == Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY) { + p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY) { return true; } diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index c586df022524..8009ba1379f2 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -8196,14 +8196,6 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal( // this is probably not an issue. *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY; break; - case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY: - // NOTE: The decision was made here to override the lifetime policy to be - // ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does - // prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a - // specific domain. As BEHAVIOR_LIMIT_FOREIGN isn't visible in our UI, - // this is probably not an issue. - *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY; - break; } } diff --git a/extensions/cookie/nsCookiePermission.cpp b/extensions/cookie/nsCookiePermission.cpp index f09c0aa2008f..d518be24e1a8 100644 --- a/extensions/cookie/nsCookiePermission.cpp +++ b/extensions/cookie/nsCookiePermission.cpp @@ -178,25 +178,6 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel, if (isThirdParty) *aResult = false; break; - case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY: - mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty); - // If it's third party, check whether cookies are already set - if (isThirdParty) { - nsresult rv; - nsCOMPtr cookieManager = - do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv); - if (NS_FAILED(rv)) { - *aResult = false; - break; - } - uint32_t priorCookieCount = 0; - nsAutoCString hostFromURI; - aURI->GetHost(hostFromURI); - cookieManager->CountCookiesFromHost(hostFromURI, &priorCookieCount); - *aResult = priorCookieCount != 0; - } - break; - default: // the permission manager has nothing to say about this cookie - // so, we apply the default prefs to it. diff --git a/extensions/cookie/test/unit/test_cookies_thirdparty.js b/extensions/cookie/test/unit/test_cookies_thirdparty.js index a39f807f2256..983d8495e4a6 100644 --- a/extensions/cookie/test/unit/test_cookies_thirdparty.js +++ b/extensions/cookie/test/unit/test_cookies_thirdparty.js @@ -99,20 +99,6 @@ function run_test() { do_set_cookies(uri1, channel2, true, [1, 1, 1, 1]); Services.cookies.removeAll(); - // Test per-site 3rd party cookie limiting with cookies enabled - Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); - var kPermissionType = "cookie"; - var LIMIT_THIRD_PARTY = 10; - // LIMIT_THIRD_PARTY overrides - Services.perms.add(uri1, kPermissionType, LIMIT_THIRD_PARTY); - do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]); - Services.cookies.removeAll(); - do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]); - Services.cookies.removeAll(); - do_set_single_http_cookie(uri1, channel1, 1); - do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]); - Services.cookies.removeAll(); - // Test per-site 3rd party cookie limiting with 3rd party cookies disabled Services.prefs.setIntPref("network.cookie.cookieBehavior", 1); do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]); diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp index 9afa4f023ce8..6694ce2f8fc7 100644 --- a/netwerk/cookie/nsCookieService.cpp +++ b/netwerk/cookie/nsCookieService.cpp @@ -4092,19 +4092,6 @@ CookieStatus nsCookieService::CheckPrefs( return STATUS_REJECTED; } return STATUS_ACCEPTED; - - case nsICookiePermission::ACCESS_LIMIT_THIRD_PARTY: - if (!aIsForeign) return STATUS_ACCEPTED; - if (aNumOfCookies == 0) { - COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI, - aCookieHeader, - "third party cookies are blocked " - "for this site"); - *aRejectedReason = - nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION; - return STATUS_REJECTED; - } - return STATUS_ACCEPTED; } } } diff --git a/netwerk/cookie/nsICookiePermission.idl b/netwerk/cookie/nsICookiePermission.idl index cceb7bafb765..32bd658cae49 100644 --- a/netwerk/cookie/nsICookiePermission.idl +++ b/netwerk/cookie/nsICookiePermission.idl @@ -32,7 +32,11 @@ interface nsICookiePermission : nsISupports */ const nsCookieAccess ACCESS_SESSION = 8; const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9; - const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10; + + /** + * Don't use value 10! It used to be ACCESS_LIMIT_THIRD_PARTY, now removed, + * but maybe still stored in some ancient user profiles. + */ /** * setAccess diff --git a/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html b/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html index 709d2cc7d956..6e8809715b88 100644 --- a/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html +++ b/testing/mochitest/tests/Harness_sanity/test_SpecialPowersPushPermissions.html @@ -15,7 +15,6 @@ const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION; const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION; const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION; const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY; -const ACCESS_LIMIT_THIRD_PARTY = SpecialPowers.Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY; const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME; // expire Setting: @@ -38,7 +37,6 @@ function starttest(){ SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document); SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document); SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document); - SpecialPowers.addPermission("pTHIRDPARTY", ACCESS_LIMIT_THIRD_PARTY, document); setTimeout(test1, 0); } @@ -64,9 +62,6 @@ function test1() { } else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) { dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n'); setTimeout(test1, 0); - } else if (!SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document)) { - dump('/**** ACCESS_LIMIT_THIRD_PARTY not set ****/\n'); - setTimeout(test1, 0); } else { test2(); } @@ -74,7 +69,7 @@ function test1() { function test2() { ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission'); - SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pTHIRDPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3); + SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3); } function test3() { @@ -85,7 +80,6 @@ function test3() { ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission'); ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission'); ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission'); - ok(SpecialPowers.testPermission('pTHIRDPARTY', ALLOW_ACTION, document), 'pTHIRDPARTY should have ALLOW permission'); // only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b); @@ -114,7 +108,6 @@ function test5() { ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission'); ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission'); ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission'); - ok(SpecialPowers.testPermission('pTHIRDPARTY', ACCESS_LIMIT_THIRD_PARTY, document), 'pTHIRDPARTY should have ACCESS_LIMIT_THIRD_PARTY permission'); SpecialPowers.removePermission("pPROMPT", document); SpecialPowers.removePermission("pALLOW", document); @@ -122,7 +115,6 @@ function test5() { SpecialPowers.removePermission("pREMOVE", document); SpecialPowers.removePermission("pSESSION", document); SpecialPowers.removePermission("pFIRSTPARTY", document); - SpecialPowers.removePermission("pTHIRDPARTY", document); setTimeout(test6, 0); } @@ -146,9 +138,6 @@ function test6() { } else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) { dump('/**** pFIRSTPARTY still set ****/\n'); setTimeout(test6, 0); - } else if (!SpecialPowers.testPermission('pTHIRDPARTY', UNKNOWN_ACTION, document)) { - dump('/**** pTHIRDPARTY still set ****/\n'); - setTimeout(test6, 0); } else { test7(); } diff --git a/testing/specialpowers/content/specialpowersAPI.js b/testing/specialpowers/content/specialpowersAPI.js index c6ec9411279f..26946fb10b3e 100644 --- a/testing/specialpowers/content/specialpowersAPI.js +++ b/testing/specialpowers/content/specialpowersAPI.js @@ -804,8 +804,6 @@ SpecialPowersAPI.prototype = { originalValue = Ci.nsICookiePermission.ACCESS_SESSION; } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) { originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY; - } else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY, context)) { - originalValue = Ci.nsICookiePermission.ACCESS_LIMIT_THIRD_PARTY; } let principal = this._getPrincipalFromArg(context);