diff options
Diffstat (limited to 'extensions/permissions/test/browser_permmgr_sync.js')
-rw-r--r-- | extensions/permissions/test/browser_permmgr_sync.js | 449 |
1 files changed, 449 insertions, 0 deletions
diff --git a/extensions/permissions/test/browser_permmgr_sync.js b/extensions/permissions/test/browser_permmgr_sync.js new file mode 100644 index 0000000000..d4ada33394 --- /dev/null +++ b/extensions/permissions/test/browser_permmgr_sync.js @@ -0,0 +1,449 @@ +function addPerm(aOrigin, aName) { + let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin( + aOrigin + ); + Services.perms.addFromPrincipal( + principal, + aName, + Services.perms.ALLOW_ACTION + ); +} + +add_task(async function() { + // Make sure that we get a new process for the tab which we create. This is + // important, because we want to assert information about the initial state + // of the local permissions cache. + + addPerm("http://example.com", "perm1"); + addPerm("http://foo.bar.example.com", "perm2"); + addPerm("about:home", "perm3"); + addPerm("https://example.com", "perm4"); + // NOTE: This permission is a preload permission, so it should be available in + // the content process from startup. + addPerm("https://somerandomwebsite.com", "cookie"); + + await BrowserTestUtils.withNewTab( + { gBrowser, url: "about:blank", forceNewProcess: true }, + async function(aBrowser) { + await SpecialPowers.spawn(aBrowser, [], async function() { + // Before the load http URIs shouldn't have been sent down yet + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + Services.perms.UNKNOWN_ACTION, + "perm1-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "perm2" + ), + Services.perms.UNKNOWN_ACTION, + "perm2-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "perm3" + ), + Services.perms.ALLOW_ACTION, + "perm3-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + Services.perms.UNKNOWN_ACTION, + "perm4-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://somerandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "cookie-1" + ); + + let iframe = content.document.createElement("iframe"); + + // Perform a load of example.com + await new Promise(resolve => { + iframe.setAttribute("src", "http://example.com"); + iframe.onload = resolve; + content.document.body.appendChild(iframe); + }); + + // After the load finishes, the iframe process should know about example.com, but not foo.bar.example.com + await content.SpecialPowers.spawn(iframe, [], async function() { + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + Services.perms.ALLOW_ACTION, + "perm1-2" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "perm2" + ), + Services.perms.UNKNOWN_ACTION, + "perm2-2" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "perm3" + ), + Services.perms.ALLOW_ACTION, + "perm3-2" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + Services.perms.UNKNOWN_ACTION, + "perm4-2" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://somerandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "cookie-2" + ); + }); + + // In Fission only, the parent process should have no knowledge about the child + // process permissions + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "perm1-3" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "perm2" + ), + Services.perms.UNKNOWN_ACTION, + "perm2-3" + ); + + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + Services.perms.UNKNOWN_ACTION, + "perm4-3" + ); + }); + + addPerm("http://example.com", "newperm1"); + addPerm("http://foo.bar.example.com", "newperm2"); + addPerm("about:home", "newperm3"); + addPerm("https://example.com", "newperm4"); + addPerm("https://someotherrandomwebsite.com", "cookie"); + + await SpecialPowers.spawn(aBrowser, [], async function() { + // The new permissions should be available, but only for + // http://example.com (without Fission), and about:home. + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "perm1-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "newperm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "newperm1-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "perm2" + ), + Services.perms.UNKNOWN_ACTION, + "perm2-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "newperm2" + ), + Services.perms.UNKNOWN_ACTION, + "newperm2-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "perm3" + ), + Services.perms.ALLOW_ACTION, + "perm3-3" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "newperm3" + ), + Services.perms.ALLOW_ACTION, + "newperm3-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + Services.perms.UNKNOWN_ACTION, + "perm4-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "newperm4" + ), + Services.perms.UNKNOWN_ACTION, + "newperm4-1" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://somerandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "cookie-3" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://someotherrandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "othercookie-3" + ); + + let iframe = content.document.createElement("iframe"); + // Loading a subdomain now, on https + await new Promise(resolve => { + iframe.setAttribute("src", "https://sub1.test1.example.com"); + iframe.onload = resolve; + content.document.body.appendChild(iframe); + }); + + // After the load finishes, the iframe process should not know about + // the permissions of its base domain. + await content.SpecialPowers.spawn(iframe, [], async function() { + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + Services.perms.ALLOW_ACTION, + "perm4-5" + ); + + // In Fission not across schemes, though. + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "perm1-5" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "newperm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "newperm1-2" + ); + }); + + // The parent process should still have no permission under Fission. + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "perm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "perm1-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com" + ), + "newperm1" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "newperm1-3" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ), + "perm4" + ), + SpecialPowers.useRemoteSubframes + ? Services.perms.UNKNOWN_ACTION + : Services.perms.ALLOW_ACTION, + "perm4-6" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "perm2" + ), + Services.perms.UNKNOWN_ACTION, + "perm2-5" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://foo.bar.example.com" + ), + "newperm2" + ), + Services.perms.UNKNOWN_ACTION, + "newperm2-2" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "perm3" + ), + Services.perms.ALLOW_ACTION, + "perm3-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "about:home" + ), + "newperm3" + ), + Services.perms.ALLOW_ACTION, + "newperm3-2" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://somerandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "cookie-4" + ); + is( + Services.perms.testPermissionFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://someotherrandomwebsite.com" + ), + "cookie" + ), + Services.perms.ALLOW_ACTION, + "othercookie-4" + ); + }); + } + ); +}); |