mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1498591 - Add a test to ensure that navigating a subframe will revoke its storage access r=baku 

Differential Revision: https://phabricator.services.mozilla.com/D8555

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Ehsan Akhgari 2018-10-15 10:35:39 +00:00
Родитель ecd5aada04
Коммит e38073ca8f
3 изменённых файлов: 145 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
toolkit/components/antitracking/test/browser/browser.ini
Просмотреть файл

@ -60,6 +60,7 @@ support-files = tracker.js
[browser_storageAccessPrivateWindow.js]
skip-if = serviceworker_e10s
[browser_storageAccessPromiseResolveHandlerUserInteraction.js]
[browser_storageAccessRemovalNavigateSubframe.js]
[browser_storageAccessSandboxed.js]
skip-if = serviceworker_e10s
[browser_storageAccessWithHeuristics.js]

38
toolkit/components/antitracking/test/browser/browser_storageAccessRemovalNavigateSubframe.js Normal file
Просмотреть файл

@ -0,0 +1,38 @@
ChromeUtils.import("resource://gre/modules/Services.jsm");
AntiTracking.runTest("Storage Access is removed when subframe navigates",
// blocking callback
async _ => {
/* import-globals-from storageAccessAPIHelpers.js */
await noStorageAccessInitially();
},
// non-blocking callback
async _ => {
/* import-globals-from storageAccessAPIHelpers.js */
await noStorageAccessInitially();
/* import-globals-from storageAccessAPIHelpers.js */
let [threw, rejected] = await callRequestStorageAccess();
ok(!threw, "requestStorageAccess should not throw");
ok(!rejected, "requestStorageAccess should be available");
},
// cleanup function
async _ => {
await new Promise(resolve => {
Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve());
});
},
null, // extra prefs
false, // no window open test
false, // no user-interaction test
false, // no blocking notifications
false, // run in normal window
null, // no iframe sandbox
"navigate-subframe", // access removal type
// after-removal callback
async _ => {
/* import-globals-from storageAccessAPIHelpers.js */
await noStorageAccessInitially();
}
);

109
toolkit/components/antitracking/test/browser/head.js
Просмотреть файл

@ -1,6 +1,7 @@
const TEST_DOMAIN = "http://example.net";
const TEST_3RD_PARTY_DOMAIN = "https://tracking.example.org";
const TEST_3RD_PARTY_DOMAIN_TP = "https://tracking.example.com";
const TEST_4TH_PARTY_DOMAIN = "http://not-tracking.example.com";
const TEST_PATH = "/browser/toolkit/components/antitracking/test/browser/";
@ -11,6 +12,7 @@ const TEST_3RD_PARTY_PAGE = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdParty.html";
const TEST_3RD_PARTY_PAGE_WO = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartyWO.html";
const TEST_3RD_PARTY_PAGE_UI = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartyUI.html";
const TEST_3RD_PARTY_PAGE_WITH_SVG = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartySVG.html";
const TEST_4TH_PARTY_PAGE = TEST_4TH_PARTY_DOMAIN + TEST_PATH + "3rdParty.html";
const BEHAVIOR_ACCEPT = Ci.nsICookieService.BEHAVIOR_ACCEPT;
const BEHAVIOR_REJECT_FOREIGN = Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
@ -25,7 +27,8 @@ requestLongerTimeout(5);
this.AntiTracking = {
runTest(name, callbackTracking, callbackNonTracking, cleanupFunction, extraPrefs,
windowOpenTest = true, userInteractionTest = true, expectedBlockingNotifications = true,
runInPrivateWindow = false, iframeSandbox = null) {
runInPrivateWindow = false, iframeSandbox = null, accessRemoval = null,
callbackAfterRemoval = null) {
// Here we want to test that a 3rd party context is simply blocked.
this._createTask({
name,
@ -38,6 +41,8 @@ this.AntiTracking = {
expectedBlockingNotifications,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -52,6 +57,8 @@ this.AntiTracking = {
expectedBlockingNotifications,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -85,6 +92,8 @@ this.AntiTracking = {
options.blockingByAllowList = false;
}
callbackNonTracking = options.callback;
options.accessRemoval = null;
options.callbackAfterRemoval = null;
}
// Phase 1: Here we want to test that a 3rd party context is not blocked if pref is off.
@ -107,6 +116,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -121,6 +132,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -135,6 +148,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -149,6 +164,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -163,6 +180,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -177,6 +196,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -191,6 +212,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -205,6 +228,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -219,6 +244,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -233,6 +260,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -247,6 +276,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval: null, // only passed with non-blocking callback
callbackAfterRemoval: null,
});
this._createCleanupTask(cleanupFunction);
@ -261,6 +292,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -275,6 +308,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -289,6 +324,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -303,6 +340,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
@ -317,6 +356,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
} else if (!options.blockingByContentBlocking) {
@ -332,6 +373,8 @@ this.AntiTracking = {
expectedBlockingNotifications: false,
runInPrivateWindow,
iframeSandbox,
accessRemoval,
callbackAfterRemoval,
});
this._createCleanupTask(cleanupFunction);
}
@ -401,7 +444,11 @@ this.AntiTracking = {
(options.blockingByContentBlockingRTUI ? "" : "no") + " contentBlocking third-party cookies UI with" +
(options.allowList ? "" : "out") + " allow list test " + options.name +
" running in a " + (options.runInPrivateWindow ? "private" : "normal") + " window " +
" with iframe sandbox set to " + options.iframeSandbox);
" with iframe sandbox set to " + options.iframeSandbox +
" and access removal set to " + options.accessRemoval);
is(!!options.callbackAfterRemoval, !!options.accessRemoval,
"callbackAfterRemoval must be passed when accessRemoval is non-null");
let win = window;
if (options.runInPrivateWindow) {
@ -503,13 +550,25 @@ this.AntiTracking = {
}
info("Creating a 3rd party content");
let doAccessRemovalChecks = typeof options.accessRemoval == "string" &&
options.cookieBehavior == BEHAVIOR_REJECT_TRACKER &&
options.blockingByContentBlocking &&
options.blockingByContentBlockingRTUI &&
!options.allowList;
await ContentTask.spawn(browser,
{ page: TEST_3RD_PARTY_PAGE,
nextPage: TEST_4TH_PARTY_PAGE,
callback: options.callback.toString(),
iframeSandbox: options.iframeSandbox },
callbackAfterRemoval: options.callbackAfterRemoval ?
options.callbackAfterRemoval.toString() : null,
accessRemoval: options.accessRemoval,
iframeSandbox: options.iframeSandbox,
doAccessRemovalChecks },
async function(obj) {
let id = "id" + Math.random();
await new content.Promise(resolve => {
let ifr = content.document.createElement("iframe");
ifr.id = id;
ifr.onload = function() {
info("Sending code to the 3rd party content");
ifr.contentWindow.postMessage(obj.callback, "*");
@ -541,6 +600,50 @@ this.AntiTracking = {
content.document.body.appendChild(ifr);
ifr.src = obj.page;
});
if (obj.doAccessRemovalChecks) {
info(`Running after removal checks (${obj.accessRemoval})`);
switch (obj.accessRemoval) {
case "navigate-subframe":
await new content.Promise(resolve => {
let ifr = content.document.getElementById(id);
let oldWindow = ifr.contentWindow;
ifr.onload = function() {
info("Sending code to the old 3rd party content");
oldWindow.postMessage(obj.callbackAfterRemoval, "*");
};
if (typeof obj.iframeSandbox == "string") {
ifr.setAttribute("sandbox", obj.iframeSandbox);
}
content.addEventListener("message", function msg(event) {
if (event.data.type == "finish") {
content.removeEventListener("message", msg);
resolve();
return;
}
if (event.data.type == "ok") {
ok(event.data.what, event.data.msg);
return;
}
if (event.data.type == "info") {
info(event.data.msg);
return;
}
ok(false, "Unknown message");
});
ifr.src = obj.nextPage;
});
break;
default:
ok(false, "Unexpected accessRemoval code passed: " + obj.accessRemoval);
break;
}
}
});
if (options.allowList) {