diff --git a/browser/base/content/test/protectionsUI/browser_protectionsUI_trackers_subview.js b/browser/base/content/test/protectionsUI/browser_protectionsUI_trackers_subview.js index c31d160dbbf4..7fe52065eaba 100644 --- a/browser/base/content/test/protectionsUI/browser_protectionsUI_trackers_subview.js +++ b/browser/base/content/test/protectionsUI/browser_protectionsUI_trackers_subview.js @@ -88,7 +88,7 @@ async function assertSitesListed(blocked) { let listItem = listItems.find( // eslint-disable-next-line @microsoft/sdl/no-insecure-url - item => item.querySelector("label").value == "https://trackertest.org" + item => item.querySelector("label").value == "http://trackertest.org" ); ok(listItem, "Has an item for trackertest.org"); ok(BrowserTestUtils.is_visible(listItem), "List item is visible"); diff --git a/browser/base/content/test/protectionsUI/trackingAPI.js b/browser/base/content/test/protectionsUI/trackingAPI.js index cf9f88f60260..de5479a70f9a 100644 --- a/browser/base/content/test/protectionsUI/trackingAPI.js +++ b/browser/base/content/test/protectionsUI/trackingAPI.js @@ -58,7 +58,7 @@ onmessage = event => { case "image": createImage( // eslint-disable-next-line @microsoft/sdl/no-insecure-url - "https://trackertest.org/browser/browser/base/content/test/protectionsUI/cookieServer.sjs?type=image-no-cookie" + "http://trackertest.org/browser/browser/base/content/test/protectionsUI/cookieServer.sjs?type=image-no-cookie" ); break; case "window-open": diff --git a/browser/base/content/test/protectionsUI/trackingPage.html b/browser/base/content/test/protectionsUI/trackingPage.html index 8b16b4b0104d..60ee20203bb8 100644 --- a/browser/base/content/test/protectionsUI/trackingPage.html +++ b/browser/base/content/test/protectionsUI/trackingPage.html @@ -8,6 +8,6 @@ - + diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db index 052c4b9085d2..8a62e68811d2 100644 Binary files a/build/pgo/certs/cert9.db and b/build/pgo/certs/cert9.db differ diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db index 5b27b6fbf709..b9274ef1e859 100644 Binary files a/build/pgo/certs/key4.db and b/build/pgo/certs/key4.db differ diff --git a/build/pgo/certs/mochitest-cert.ca b/build/pgo/certs/mochitest-cert.ca index f62abd37e330..fd968257a167 100644 --- a/build/pgo/certs/mochitest-cert.ca +++ b/build/pgo/certs/mochitest-cert.ca @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIUSXOeCVPnrKtO0qeVgmcZ9x6dKqowDQYJKoZIhvcNAQEL +MIID1TCCAr2gAwIBAgIUMxWonuaoi1gBujMOrB4Ap5YkGu0wDQYJKoZIhvcNAQEL BQAwHTEbMBkGA1UEAwwSIE1vY2hpdGVzdCBUZXN0IENBMCIYDzIwMjIwMTAxMDAw MDAwWhgPMjAzMjAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFCBNb2NoaXRlc3QgVGVz dCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB @@ -8,16 +8,16 @@ CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD -rNoYCjXtjQIDAQABo4IBFjCCARIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgfoGA1Ud -EQSB8jCB74IKbW9jaGkudGVzdIILZXhhbXBsZS5jb22CDSouZXhhbXBsZS5jb22C +rNoYCjXtjQIDAQABo4IBBTCCAQEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgekGA1Ud +EQSB4TCB3oIKbW9jaGkudGVzdIILZXhhbXBsZS5jb22CDSouZXhhbXBsZS5jb22C C2V4YW1wbGUubmV0gg0qLmV4YW1wbGUubmV0ggtleGFtcGxlLm9yZ4INKi5leGFt cGxlLm9yZ4IPKi5pdGlzYXRyYXAub3Jngg4qLnhuLS1qeGFscGRscIIQaXRpc2F0 cmFja2VyLm9yZ4IMdzNjLXRlc3Qub3Jngg4qLnczYy10ZXN0Lm9yZ4IVbW9jaGl0 -ZXN0LnlvdXR1YmUuY29tgglsb2NhbGhvc3SCCTEyNy4wLjAuMoIPdHJhY2tlcnRl -c3Qub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCOk+ebxLrKSUkgwusVtZ0AshmXPSMh -qLRevykLc4EqXCE78nvrFp632N4+Kn7B2bpB1OdrL8d79gP5xv9Ky0h/2queMtaX -HHY5RVHTpQSGEJD1gmlajCN1elCTMrJLvfewudHOd8gvBBTI9iLr0swORvBgy1uO -WoypkOXV/B7HuuFBK4UnguVBdC/XFDfZzpMpaM5LCr7zARlskQsDECocdPr88Ifs -Gj97VS3cyc9rPsfKG0F0JE5rx1Dlxtur5VN4Lk0SFzoAs5/W0z4Sio46D53TgLnh -Mq1z+hkwQILxkrfvgEpHL6X19nMLAtjja3FSqgqXw8NQWFEekvcrig6n +ZXN0LnlvdXR1YmUuY29tgglsb2NhbGhvc3SCCTEyNy4wLjAuMjANBgkqhkiG9w0B +AQsFAAOCAQEAlqXzcG/TvKitOZh3SrY+AQH3sbop8gQ5NnzEVTXt4N8LI7Kbb8h1 +2aZjwvnCp0yCdk0dRekZq8f6xq5bd6/k0C4Wkr9ivCdhxc4nvuZa62S2X53JObm2 +egUReeNSqjYyxfO6k1L36+iSLU2iYpYxgPCae0h5c2Fg9UtIbsmjLVqkdGYBnH1B +HAuVGJkWoKDt9QlG2uROdhFqcz6pSXlTifev6hQ2Ffl7HirIqyqwtB+JygMSat52 +ROfvcFTHXGx0K1OmfjUid9yA2mGUOY/NO2HQhYzm9a4zS10Bw+f19SgVjDOx9pK+ +cl8wZKk5SlwmMi346ctGcPNLVBxDcAps4Q== -----END CERTIFICATE----- diff --git a/build/pgo/certs/mochitest-cert.certspec b/build/pgo/certs/mochitest-cert.certspec index 6c998f030b06..89698c9dc11d 100644 --- a/build/pgo/certs/mochitest-cert.certspec +++ b/build/pgo/certs/mochitest-cert.certspec @@ -2,4 +2,4 @@ issuer: Mochitest Test CA subject: Mochitest Test Cert validity:20220101-20320101 extension:extKeyUsage:serverAuth -extension:subjectAlternativeName:mochi.test,example.com,*.example.com,example.net,*.example.net,example.org,*.example.org,*.itisatrap.org,*.xn--jxalpdlp,itisatracker.org,w3c-test.org,*.w3c-test.org,mochitest.youtube.com,localhost,127.0.0.2,trackertest.org +extension:subjectAlternativeName:mochi.test,example.com,*.example.com,example.net,*.example.net,example.org,*.example.org,*.itisatrap.org,*.xn--jxalpdlp,itisatracker.org,w3c-test.org,*.w3c-test.org,mochitest.youtube.com,localhost,127.0.0.2 diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client index 714a36722f82..9b8f2caf7e55 100644 Binary files a/build/pgo/certs/mochitest.client and b/build/pgo/certs/mochitest.client differ diff --git a/build/pgo/server-locations.txt b/build/pgo/server-locations.txt index 1843f361325e..be5394ac1c6b 100644 --- a/build/pgo/server-locations.txt +++ b/build/pgo/server-locations.txt @@ -213,7 +213,6 @@ https://tracking.example.org:443 https://another-tracking.example.net:443 https://social-tracking.example.org:443 https://email-tracking.example.org:443 -https://trackertest.org:443 # # Used while testing flash blocking (Bug 1307604) diff --git a/toolkit/components/antitracking/test/browser/browser.ini b/toolkit/components/antitracking/test/browser/browser.ini index e835622f0e18..e7528c3c3ee1 100644 --- a/toolkit/components/antitracking/test/browser/browser.ini +++ b/toolkit/components/antitracking/test/browser/browser.ini @@ -16,8 +16,6 @@ prefs = network.cookie.sameSite.laxByDefault=false # Disable https-first because of explicit http/https testing dom.security.https_first=false - # Enable constraining storage access api to secure contexts - dom.storage_access.dont_grant_insecure_contexts=true support-files = container.html diff --git a/toolkit/components/antitracking/test/browser/browser_hasStorageAccess.js b/toolkit/components/antitracking/test/browser/browser_hasStorageAccess.js index 6cb6689c64cc..362d60bd624d 100644 --- a/toolkit/components/antitracking/test/browser/browser_hasStorageAccess.js +++ b/toolkit/components/antitracking/test/browser/browser_hasStorageAccess.js @@ -200,6 +200,8 @@ var testCases = [ "privacy.partition.always_partition_third_party_non_cookie_storage", false, ], + // Testing Storage Access API grants constrained to secure contexts + ["dom.storage_access.dont_grant_insecure_contexts", true], ], expectedBlockingNotifications: 0, runInPrivateWindow: false, diff --git a/toolkit/components/antitracking/test/browser/browser_partitionedLockManager.js b/toolkit/components/antitracking/test/browser/browser_partitionedLockManager.js index 21c3c9637d40..df1106903b5a 100644 --- a/toolkit/components/antitracking/test/browser/browser_partitionedLockManager.js +++ b/toolkit/components/antitracking/test/browser/browser_partitionedLockManager.js @@ -18,13 +18,7 @@ PartitionedStorageHelper.runTest( is(locks.length, 2, "We should have granted 2 lock requests at this point"); }, - async _ => { - await new Promise(resolve => { - Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => - resolve() - ); - }); - }, + /* cleanupFunction */ undefined, /* extraPrefs */ undefined, { runInSecureContext: true } ); diff --git a/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js b/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js index 5fca844dfeb9..812cbcffa425 100644 --- a/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js +++ b/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js @@ -428,7 +428,7 @@ PartitionedStorageHelper.runTest( ); is( res.value, - "https://not-tracking.example.com/browser/toolkit/components/antitracking/test/browser/empty.js", + "http://not-tracking.example.com/browser/toolkit/components/antitracking/test/browser/empty.js", "The first-party service worker received fetch event." ); res = await sendAndWaitWorkerMessage( @@ -463,7 +463,7 @@ PartitionedStorageHelper.runTest( ); is( res.value, - "https://not-tracking.example.com/browser/toolkit/components/antitracking/test/browser/empty.js", + "http://not-tracking.example.com/browser/toolkit/components/antitracking/test/browser/empty.js", "The third-party service worker received fetch event." ); }, diff --git a/toolkit/components/antitracking/test/browser/browser_partitionedSharedWorkers.js b/toolkit/components/antitracking/test/browser/browser_partitionedSharedWorkers.js index 97c58c52178a..337d36b6e4a5 100644 --- a/toolkit/components/antitracking/test/browser/browser_partitionedSharedWorkers.js +++ b/toolkit/components/antitracking/test/browser/browser_partitionedSharedWorkers.js @@ -44,9 +44,7 @@ PartitionedStorageHelper.runTestInNormalAndPrivateMode( resolve() ); }); - }, - [], - false + } ); PartitionedStorageHelper.runPartitioningTestInNormalAndPrivateMode( diff --git a/toolkit/components/antitracking/test/browser/browser_storageAccessPrivilegeAPI.js b/toolkit/components/antitracking/test/browser/browser_storageAccessPrivilegeAPI.js index 9594fdf270b1..ba109768beb7 100644 --- a/toolkit/components/antitracking/test/browser/browser_storageAccessPrivilegeAPI.js +++ b/toolkit/components/antitracking/test/browser/browser_storageAccessPrivilegeAPI.js @@ -265,7 +265,7 @@ add_task(async function test_privilege_api_with_dFPI() { ); let browser = tab.linkedBrowser; - await insertSubFrame(browser, TEST_4TH_PARTY_PAGE_HTTPS, "test"); + await insertSubFrame(browser, TEST_4TH_PARTY_PAGE, "test"); // Verify that the third-party context doesn't have storage access at // beginning. @@ -282,7 +282,7 @@ add_task(async function test_privilege_api_with_dFPI() { }); let storagePermissionPromise = waitStoragePermission( - "https://not-tracking.example.com" + "http://not-tracking.example.com" ); // Verify if the prompt has been shown. @@ -299,7 +299,7 @@ add_task(async function test_privilege_api_with_dFPI() { try { await content.document.requestStorageAccessForOrigin( - "https://not-tracking.example.com/" + "http://not-tracking.example.com/" ); } catch (e) { ok(false, "The API shouldn't throw."); @@ -328,7 +328,7 @@ add_task(async function test_privilege_api_with_dFPI() { }); // Insert another third-party content iframe and check if it has storage access. - await insertSubFrame(browser, TEST_4TH_PARTY_PAGE_HTTPS, "test2"); + await insertSubFrame(browser, TEST_4TH_PARTY_PAGE, "test2"); await runScriptInSubFrame(browser, "test2", async _ => { await hasStorageAccessInitially(); @@ -350,7 +350,7 @@ add_task(async function test_privilege_api_with_dFPI() { is(document.cookie, "name=value", "Setting cookie to partitioned context."); }); - await clearStoragePermission("https://not-tracking.example.com"); + await clearStoragePermission("http://not-tracking.example.com"); Services.cookies.removeAll(); BrowserTestUtils.removeTab(tab); }); diff --git a/toolkit/components/antitracking/test/browser/browser_storageAccessRejectsInsecureContexts.js b/toolkit/components/antitracking/test/browser/browser_storageAccessRejectsInsecureContexts.js index 942e4e3bc701..ce864d1e78a7 100644 --- a/toolkit/components/antitracking/test/browser/browser_storageAccessRejectsInsecureContexts.js +++ b/toolkit/components/antitracking/test/browser/browser_storageAccessRejectsInsecureContexts.js @@ -13,6 +13,10 @@ Services.scriptloader.loadSubScript( ); add_task(async function testInsecureContext() { + await SpecialPowers.pushPrefEnv({ + set: [["dom.storage_access.dont_grant_insecure_contexts", true]], + }); + await setPreferences(); await openPageAndRunCode( diff --git a/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js b/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js index 6a31d53a0ef1..5a8c7970c542 100644 --- a/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js +++ b/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js @@ -13,7 +13,7 @@ AntiTracking._createTask({ await callRequestStorageAccess(); const TRACKING_PAGE = - "https://another-tracking.example.net/browser/browser/base/content/test/protectionsUI/trackingPage.html"; + "http://another-tracking.example.net/browser/browser/base/content/test/protectionsUI/trackingPage.html"; async function runChecks(name) { let iframe = document.createElement("iframe"); iframe.src = TRACKING_PAGE; @@ -44,11 +44,11 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, errorMessageDomains: [ - "https://tracking.example.org", - "https://tracking.example.org", - "https://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", ], }); @@ -79,10 +79,10 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, errorMessageDomains: [ - "https://tracking.example.org", - "https://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", ], }); @@ -110,10 +110,10 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, errorMessageDomains: [ - "https://tracking.example.org", - "https://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", ], }); @@ -141,10 +141,10 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, errorMessageDomains: [ - "https://tracking.example.org", - "https://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", ], }); diff --git a/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks_alwaysPartition.js b/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks_alwaysPartition.js index cdb1bf2b83eb..1ba0b8923031 100644 --- a/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks_alwaysPartition.js +++ b/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks_alwaysPartition.js @@ -16,7 +16,7 @@ AntiTracking._createTask({ await callRequestStorageAccess(); const TRACKING_PAGE = - "https://another-tracking.example.net/browser/browser/base/content/test/protectionsUI/trackingPage.html"; + "http://another-tracking.example.net/browser/browser/base/content/test/protectionsUI/trackingPage.html"; async function runChecks(name) { let iframe = document.createElement("iframe"); iframe.src = TRACKING_PAGE; @@ -47,13 +47,13 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, errorMessageDomains: [ - "https://tracking.example.org", - "https://tracking.example.org", - "https://tracking.example.org", - "https://tracking.example.org", - "https://trackertest.org", + "http://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", + "http://tracking.example.org", + "http://trackertest.org", ], }); @@ -84,8 +84,8 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, - errorMessageDomains: ["https://tracking.example.org"], + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, + errorMessageDomains: ["http://tracking.example.org"], }); add_task(async _ => { @@ -112,8 +112,8 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, - errorMessageDomains: ["http://example.net", "https://tracking.example.org"], + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, + errorMessageDomains: ["http://example.net", "http://tracking.example.org"], }); add_task(async _ => { @@ -140,8 +140,8 @@ AntiTracking._createTask({ iframeSandbox: null, accessRemoval: null, callbackAfterRemoval: null, - thirdPartyPage: TEST_3RD_PARTY_PAGE, - errorMessageDomains: ["https://tracking.example.org"], + thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP, + errorMessageDomains: ["http://tracking.example.org"], }); add_task(async _ => { diff --git a/toolkit/components/antitracking/test/browser/partitionedstorage_head.js b/toolkit/components/antitracking/test/browser/partitionedstorage_head.js index d37b8177c4dc..42574fdb9347 100644 --- a/toolkit/components/antitracking/test/browser/partitionedstorage_head.js +++ b/toolkit/components/antitracking/test/browser/partitionedstorage_head.js @@ -13,22 +13,14 @@ Services.scriptloader.loadSubScript( ); this.PartitionedStorageHelper = { - runTestInNormalAndPrivateMode( - name, - callback, - cleanupFunction, - extraPrefs, - runInSecure = true - ) { + runTestInNormalAndPrivateMode(name, callback, cleanupFunction, extraPrefs) { // Normal mode this.runTest(name, callback, cleanupFunction, extraPrefs, { - runInSecureContext: runInSecure, runInPrivateWindow: false, }); // Private mode this.runTest(name, callback, cleanupFunction, extraPrefs, { - runInSecureContext: runInSecure, runInPrivateWindow: true, }); }, @@ -38,7 +30,7 @@ this.PartitionedStorageHelper = { callback, cleanupFunction, extraPrefs, - { runInPrivateWindow = false, runInSecureContext = true } = {} + { runInPrivateWindow = false, runInSecureContext = false } = {} ) { DynamicFPIHelper.runTest( name,