summaryrefslogtreecommitdiffstats
path: root/browser/components/sessionstore/test/browser_cookies_privacy.js
blob: 2c588c8a4931b4ca5024607ea0e9de19e1d98f10 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
"use strict";

// MAX_EXPIRY should be 2^63-1, but JavaScript can't handle that precision.
const MAX_EXPIRY = Math.pow(2, 62);

function addCookie(scheme, secure = false) {
  let cookie = createTestCookie(scheme, secure);
  Services.cookies.add(
    cookie.host,
    cookie.path,
    cookie.name,
    cookie.value,
    cookie.secure,
    /* isHttpOnly = */ false,
    /* isSession = */ true,
    MAX_EXPIRY,
    /* originAttributes = */ {},
    Ci.nsICookie.SAMESITE_NONE,
    Ci.nsICookie.SCHEME_HTTPS
  );
  return cookie;
}

function createTestCookie(scheme, secure = false) {
  let r = Math.round(Math.random() * 100000);

  let cookie = {
    host: `${scheme}://example.com`,
    path: "/",
    name: `name${r}`,
    value: `value${r}`,
    secure,
  };

  return cookie;
}

function getCookie() {
  let state = JSON.parse(ss.getBrowserState());
  let cookies = state.cookies || [];
  return cookies[0];
}

function compareCookies(a) {
  let b = getCookie();
  return a.host == b.host && a.name == b.name && a.value == b.value;
}

// Setup and cleanup.
add_task(async function test_setup() {
  Services.prefs.clearUserPref("browser.sessionstore.privacy_level");

  registerCleanupFunction(() => {
    Services.prefs.clearUserPref("browser.sessionstore.privacy_level");
    Services.cookies.removeAll();
  });
});

// Test privacy_level=none (default). We store all session cookies.
add_task(async function test_level_none() {
  Services.cookies.removeAll();

  // Set level=none, store all cookies.
  Services.prefs.setIntPref("browser.sessionstore.privacy_level", 0);

  // With the default privacy level we collect all cookies.
  ok(compareCookies(addCookie("http")), "non-secure http cookie stored");
  Services.cookies.removeAll();

  // With the default privacy level we collect all cookies.
  ok(compareCookies(addCookie("https")), "non-secure https cookie stored");
  Services.cookies.removeAll();

  // With the default privacy level we collect all cookies.
  ok(compareCookies(addCookie("https", true)), "secure https cookie stored");
  Services.cookies.removeAll();
});

// Test privacy_level=encrypted. We store all non-secure session cookies.
add_task(async function test_level_encrypted() {
  Services.cookies.removeAll();

  // Set level=encrypted, don't store any secure cookies.
  Services.prefs.setIntPref("browser.sessionstore.privacy_level", 1);

  // With level=encrypted, non-secure cookies will be stored.
  ok(compareCookies(addCookie("http")), "non-secure http cookie stored");
  Services.cookies.removeAll();

  // With level=encrypted, non-secure cookies will be stored,
  // even if sent by an HTTPS site.
  ok(compareCookies(addCookie("https")), "non-secure https cookie stored");
  Services.cookies.removeAll();

  // With level=encrypted, non-secure cookies will be stored,
  // even if sent by an HTTPS site.
  ok(
    addCookie("https", true) && !getCookie(),
    "secure https cookie not stored"
  );
  Services.cookies.removeAll();
});

// Test privacy_level=full. We store no session cookies.
add_task(async function test_level_full() {
  Services.cookies.removeAll();

  // Set level=full, don't store any cookies.
  Services.prefs.setIntPref("browser.sessionstore.privacy_level", 2);

  // With level=full we must not store any cookies.
  ok(addCookie("http") && !getCookie(), "non-secure http cookie not stored");
  Services.cookies.removeAll();

  // With level=full we must not store any cookies.
  ok(addCookie("https") && !getCookie(), "non-secure https cookie not stored");
  Services.cookies.removeAll();

  // With level=full we must not store any cookies.
  ok(
    addCookie("https", true) && !getCookie(),
    "secure https cookie not stored"
  );
  Services.cookies.removeAll();
});