/* Any copyright is dedicated to the Public Domain. http://creativecommons.org/publicdomain/zero/1.0/ */ // test third party cookie blocking, for the cases: // 1) with null channel // 2) with channel, but with no docshell parent "use strict"; add_task(async () => { Services.prefs.setBoolPref( "network.cookieJarSettings.unblocked_for_testing", true ); Services.prefs.setBoolPref("dom.security.https_first", false); // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default" Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false); CookieXPCShellUtils.createServer({ hosts: ["foo.com", "bar.com", "third.com"], }); function createChannel(uri, principal = null) { const channel = NetUtil.newChannel({ uri, loadingPrincipal: principal || Services.scriptSecurityManager.createContentPrincipal(uri, {}), securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, }); return channel.QueryInterface(Ci.nsIHttpChannelInternal); } // Create URIs and channels pointing to foo.com and bar.com. // We will use these to put foo.com into first and third party contexts. let spec1 = "http://foo.com/foo.html"; let spec2 = "http://bar.com/bar.html"; let uri1 = NetUtil.newURI(spec1); let uri2 = NetUtil.newURI(spec2); // test with cookies enabled { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_ACCEPT ); let channel1 = createChannel(uri1); let channel2 = createChannel(uri2); await do_set_cookies(uri1, channel1, true, [1, 2]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [1, 2]); Services.cookies.removeAll(); } // test with third party cookies blocked { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN ); let channel1 = createChannel(uri1); let channel2 = createChannel(uri2); await do_set_cookies(uri1, channel1, true, [0, 1]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [0, 0]); Services.cookies.removeAll(); } // test with third party cookies blocked using system principal { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN ); let channel1 = createChannel( uri1, Services.scriptSecurityManager.getSystemPrincipal() ); let channel2 = createChannel( uri2, Services.scriptSecurityManager.getSystemPrincipal() ); await do_set_cookies(uri1, channel1, true, [0, 1]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [0, 0]); Services.cookies.removeAll(); } // Force the channel URI to be used when determining the originating URI of // the channel. // test with third party cookies blocked // test with cookies enabled { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_ACCEPT ); let channel1 = createChannel(uri1); channel1.forceAllowThirdPartyCookie = true; let channel2 = createChannel(uri2); channel2.forceAllowThirdPartyCookie = true; await do_set_cookies(uri1, channel1, true, [1, 2]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [1, 2]); Services.cookies.removeAll(); } // test with third party cookies blocked { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN ); let channel1 = createChannel(uri1); channel1.forceAllowThirdPartyCookie = true; let channel2 = createChannel(uri2); channel2.forceAllowThirdPartyCookie = true; await do_set_cookies(uri1, channel1, true, [0, 1]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [0, 0]); Services.cookies.removeAll(); } // test with third party cookies limited { Services.prefs.setIntPref( "network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN ); let channel1 = createChannel(uri1); channel1.forceAllowThirdPartyCookie = true; let channel2 = createChannel(uri2); channel2.forceAllowThirdPartyCookie = true; await do_set_cookies(uri1, channel1, true, [0, 1]); Services.cookies.removeAll(); await do_set_cookies(uri1, channel2, true, [0, 0]); Services.cookies.removeAll(); do_set_single_http_cookie(uri1, channel1, 1); await do_set_cookies(uri1, channel2, true, [1, 2]); Services.cookies.removeAll(); } Services.prefs.clearUserPref("dom.security.https_first"); Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault"); });