toolkit/components/antitracking/test/browser/browser_storageAccess_TopLevel_CrossOriginSameSite.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

add_task(async function testIntermediatePreferenceReadSameSite() {
  await SpecialPowers.pushPrefEnv({
    set: [
      ["dom.storage_access.enabled", true],
      ["dom.storage_access.forward_declared.enabled", true],
      [
        "network.cookie.cookieBehavior",
        BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN,
      ],
      ["dom.storage_access.auto_grants", false],
      ["dom.storage_access.max_concurrent_auto_grants", 1],
    ],
  });
  let tab = await BrowserTestUtils.openNewForegroundTab({
    gBrowser,
    url: TEST_DOMAIN_7,
  });
  let browser = tab.linkedBrowser;
  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {
    SpecialPowers.wrap(content.document).notifyUserGestureActivation();
    var p = content.document.completeStorageAccessRequestFromSite(tp);
    try {
      await p;
      ok(false, "Must not resolve.");
    } catch {
      ok(true, "Must reject because we don't have the initial request.");
    }
  });

  await SpecialPowers.pushPermissions([
    {
      type: "AllowStorageAccessRequest^https://example.com",
      allow: 1,
      context: TEST_DOMAIN_7,
    },
  ]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {
    SpecialPowers.wrap(content.document).notifyUserGestureActivation();
    var p = content.document.completeStorageAccessRequestFromSite(tp);
    try {
      await p;
      ok(false, "Must not resolve.");
    } catch {
      ok(true, "Must reject because the permission is cross site.");
    }
  });

  await SpecialPowers.pushPermissions([
    {
      type: "AllowStorageAccessRequest^https://example.org",
      allow: 1,
      context: TEST_DOMAIN_7,
    },
  ]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {
    SpecialPowers.wrap(content.document).notifyUserGestureActivation();
    var p = content.document.completeStorageAccessRequestFromSite(tp);
    try {
      await p;
      ok(
        true,
        "Must resolve now that we have the permission from the embedee."
      );
    } catch {
      ok(false, "Must not reject.");
    }
  });

  await SpecialPowers.pushPermissions([
    {
      type: "AllowStorageAccessRequest^https://example.org",
      allow: 1,
      context: TEST_DOMAIN_8,
    },
  ]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {
    SpecialPowers.wrap(content.document).notifyUserGestureActivation();
    var p = content.document.completeStorageAccessRequestFromSite(tp);
    try {
      await p;
      ok(
        true,
        "Must resolve now that we have the permission from the embedee."
      );
    } catch {
      ok(false, "Must not reject.");
    }
  });

  await BrowserTestUtils.removeTab(tab);
});

// Note: TEST_DOMAIN_7 and TEST_DOMAIN_8 are Same-Site
add_task(async function testIntermediatePreferenceWriteCrossOrigin() {
  await SpecialPowers.pushPrefEnv({
    set: [
      ["dom.storage_access.enabled", true],
      ["dom.storage_access.forward_declared.enabled", true],
      [
        "network.cookie.cookieBehavior",
        BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN,
      ],
      ["dom.storage_access.auto_grants", false],
      ["dom.storage_access.max_concurrent_auto_grants", 1],
    ],
  });
  let tab = await BrowserTestUtils.openNewForegroundTab({
    gBrowser,
    url: TEST_3RD_PARTY_PAGE,
  });
  let browser = tab.linkedBrowser;
  await SpecialPowers.spawn(browser, [TEST_DOMAIN_8], async tp => {
    SpecialPowers.wrap(content.document).notifyUserGestureActivation();
    var p = content.document.requestStorageAccessUnderSite(tp);
    try {
      await p;
      ok(
        true,
        "Must resolve- no funny business here, we just want to set the intermediate pref"
      );
    } catch {
      ok(false, "Must not reject.");
    }
  });

  let principal =
    Services.scriptSecurityManager.createContentPrincipalFromOrigin(
      TEST_DOMAIN_8
    );
  // Important to note that this is the site but not origin of TEST_3RD_PARTY_PAGE
  var permission = Services.perms.testPermissionFromPrincipal(
    principal,
    "AllowStorageAccessRequest^https://example.org"
  );
  ok(permission == Services.perms.ALLOW_ACTION);

  // Test that checking the permission across site works
  principal =
    Services.scriptSecurityManager.createContentPrincipalFromOrigin(
      TEST_DOMAIN_7
    );
  // Important to note that this is the site but not origin of TEST_3RD_PARTY_PAGE
  permission = Services.perms.testPermissionFromPrincipal(
    principal,
    "AllowStorageAccessRequest^https://example.org"
  );
  ok(permission == Services.perms.ALLOW_ACTION);

  await BrowserTestUtils.removeTab(tab);
});

add_task(async () => {
  Services.perms.removeAll();
  await new Promise(resolve => {
    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value =>
      resolve()
    );
  });
});