1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
"use strict";
var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
const { RemoteSettings } = ChromeUtils.import(
"resource://services-settings/remote-settings.js"
);
do_get_profile();
// Let's use AddonTestUtils and ExtensionTestUtils to open/close tabs.
var { AddonTestUtils, MockAsyncShutdown } = ChromeUtils.import(
"resource://testing-common/AddonTestUtils.jsm"
);
// eslint-disable-next-line no-unused-vars
XPCOMUtils.defineLazyModuleGetters(this, {
ExtensionTestUtils: "resource://testing-common/ExtensionXPCShellUtils.jsm",
});
ExtensionTestUtils.init(this);
var createHttpServer = (...args) => {
AddonTestUtils.maybeInit(this);
return AddonTestUtils.createHttpServer(...args);
};
const server = createHttpServer({
hosts: ["3rdparty.org", "4thparty.org", "foobar.com"],
});
async function testThings(prefValue, expected) {
await new Promise(resolve =>
Services.clearData.deleteData(
Ci.nsIClearDataService.CLEAR_ALL_CACHES,
resolve
)
);
Services.prefs.setCharPref("privacy.rejectForeign.allowList", prefValue);
let cookiePromise = new Promise(resolve => {
server.registerPathHandler("/test3rdPartyChannel", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.write(`<html><img src="http://3rdparty.org/img" /></html>`);
});
server.registerPathHandler("/img", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
resolve(request.hasHeader("Cookie") ? request.getHeader("Cookie") : "");
response.setHeader("Content-Type", "image/png", false);
response.write("Not an image");
});
});
// Let's load 3rdparty.org as a 3rd-party.
let contentPage = await ExtensionTestUtils.loadContentPage(
"http://foobar.com/test3rdPartyChannel"
);
Assert.equal(await cookiePromise, expected, "Cookies received?");
await contentPage.close();
cookiePromise = new Promise(resolve => {
server.registerPathHandler("/test3rdPartyDocument", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.write(
`<html><iframe src="http://3rdparty.org/iframe" /></html>`
);
});
server.registerPathHandler("/iframe", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
resolve(request.hasHeader("Cookie") ? request.getHeader("Cookie") : "");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.write(`<html><img src="http://4thparty.org/img" /></html>`);
});
server.registerPathHandler("/img", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
resolve(request.hasHeader("Cookie") ? request.getHeader("Cookie") : "");
response.setHeader("Content-Type", "image/png", false);
response.write("Not an image");
});
});
// Let's load 3rdparty.org loading a 4th-party.
contentPage = await ExtensionTestUtils.loadContentPage(
"http://foobar.com/test3rdPartyDocument"
);
Assert.equal(await cookiePromise, expected, "Cookies received?");
await contentPage.close();
}
add_task(async function test_rejectForeignAllowList() {
Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
Services.prefs.setBoolPref(
"network.cookie.rejectForeignWithExceptions.enabled",
true
);
// We don't want to have 'secure' cookies because our test http server doesn't run in https.
Services.prefs.setBoolPref(
"network.cookie.sameSite.noneRequiresSecure",
false
);
server.registerPathHandler("/setCookies", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.setHeader("Set-Cookie", "cookie=wow; sameSite=none", true);
response.write("<html></html>");
});
// Let's set a cookie.
let contentPage = await ExtensionTestUtils.loadContentPage(
"http://3rdparty.org/setCookies"
);
await contentPage.close();
Assert.equal(Services.cookies.cookies.length, 1);
// Without exceptionlisting, no cookies should be shared.
await testThings("", "");
// Let's exceptionlist 3rdparty.org
await testThings("3rdparty.org", "cookie=wow");
});
|
