зеркало из https://github.com/mozilla/gecko-dev.git
450 строки
14 KiB
JavaScript
450 строки
14 KiB
JavaScript
function addPerm(aOrigin, aName) {
|
|
let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
aOrigin
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
principal,
|
|
aName,
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
}
|
|
|
|
add_task(async function() {
|
|
// Make sure that we get a new process for the tab which we create. This is
|
|
// important, because we want to assert information about the initial state
|
|
// of the local permissions cache.
|
|
|
|
addPerm("http://example.com", "perm1");
|
|
addPerm("http://foo.bar.example.com", "perm2");
|
|
addPerm("about:home", "perm3");
|
|
addPerm("https://example.com", "perm4");
|
|
// NOTE: This permission is a preload permission, so it should be available in
|
|
// the content process from startup.
|
|
addPerm("https://somerandomwebsite.com", "cookie");
|
|
|
|
await BrowserTestUtils.withNewTab(
|
|
{ gBrowser, url: "about:blank", forceNewProcess: true },
|
|
async function(aBrowser) {
|
|
await SpecialPowers.spawn(aBrowser, [], async function() {
|
|
// Before the load http URIs shouldn't have been sent down yet
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm1-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"perm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm2-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"perm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm3-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm4-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://somerandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"cookie-1"
|
|
);
|
|
|
|
let iframe = content.document.createElement("iframe");
|
|
|
|
// Perform a load of example.com
|
|
await new Promise(resolve => {
|
|
iframe.setAttribute("src", "http://example.com");
|
|
iframe.onload = resolve;
|
|
content.document.body.appendChild(iframe);
|
|
});
|
|
|
|
// After the load finishes, the iframe process should know about example.com, but not foo.bar.example.com
|
|
await content.SpecialPowers.spawn(iframe, [], async function() {
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm1-2"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"perm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm2-2"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"perm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm3-2"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm4-2"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://somerandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"cookie-2"
|
|
);
|
|
});
|
|
|
|
// In Fission only, the parent process should have no knowledge about the child
|
|
// process permissions
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"perm1-3"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"perm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm2-3"
|
|
);
|
|
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm4-3"
|
|
);
|
|
});
|
|
|
|
addPerm("http://example.com", "newperm1");
|
|
addPerm("http://foo.bar.example.com", "newperm2");
|
|
addPerm("about:home", "newperm3");
|
|
addPerm("https://example.com", "newperm4");
|
|
addPerm("https://someotherrandomwebsite.com", "cookie");
|
|
|
|
await SpecialPowers.spawn(aBrowser, [], async function() {
|
|
// The new permissions should be available, but only for
|
|
// http://example.com (without Fission), and about:home.
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"perm1-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"newperm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"newperm1-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"perm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm2-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"newperm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"newperm2-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"perm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm3-3"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"newperm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"newperm3-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm4-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"newperm4"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"newperm4-1"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://somerandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"cookie-3"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://someotherrandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"othercookie-3"
|
|
);
|
|
|
|
let iframe = content.document.createElement("iframe");
|
|
// Loading a subdomain now, on https
|
|
await new Promise(resolve => {
|
|
iframe.setAttribute("src", "https://sub1.test1.example.com");
|
|
iframe.onload = resolve;
|
|
content.document.body.appendChild(iframe);
|
|
});
|
|
|
|
// After the load finishes, the iframe process should not know about
|
|
// the permissions of its base domain.
|
|
await content.SpecialPowers.spawn(iframe, [], async function() {
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm4-5"
|
|
);
|
|
|
|
// In Fission not across schemes, though.
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"perm1-5"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"newperm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"newperm1-2"
|
|
);
|
|
});
|
|
|
|
// The parent process should still have no permission under Fission.
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"perm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"perm1-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://example.com"
|
|
),
|
|
"newperm1"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"newperm1-3"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://example.com"
|
|
),
|
|
"perm4"
|
|
),
|
|
SpecialPowers.useRemoteSubframes
|
|
? Services.perms.UNKNOWN_ACTION
|
|
: Services.perms.ALLOW_ACTION,
|
|
"perm4-6"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"perm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"perm2-5"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"http://foo.bar.example.com"
|
|
),
|
|
"newperm2"
|
|
),
|
|
Services.perms.UNKNOWN_ACTION,
|
|
"newperm2-2"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"perm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"perm3-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"about:home"
|
|
),
|
|
"newperm3"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"newperm3-2"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://somerandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"cookie-4"
|
|
);
|
|
is(
|
|
Services.perms.testPermissionFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
"https://someotherrandomwebsite.com"
|
|
),
|
|
"cookie"
|
|
),
|
|
Services.perms.ALLOW_ACTION,
|
|
"othercookie-4"
|
|
);
|
|
});
|
|
}
|
|
);
|
|
});
|