1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
/**
* Inserts an iframe element and resolves once the iframe has loaded.
* @param {*} browser - Browser to insert the iframe into.
* @param {string} url - URL to load in the iframe.
* @returns {Promise<BrowsingContext>} Promise which resolves to the iframe's
* BrowsingContext.
*/
function insertIframeAndWaitForLoad(browser, url) {
return SpecialPowers.spawn(browser, [url], async url => {
let iframe = content.document.createElement("iframe");
iframe.src = url;
content.document.body.appendChild(iframe);
// Wait for it to load.
await ContentTaskUtils.waitForEvent(iframe, "load");
return iframe.browsingContext;
});
}
// Tests that first party cookies are available to an iframe with storage
// access, without reload, while the first party context tab is still open.
add_task(async function test_with_first_party_tab_open() {
await BrowserTestUtils.withNewTab("https://example.org", async browser => {
info("Set a first party cookie via `document.cookie`.");
await SpecialPowers.spawn(browser, [], async () => {
content.document.cookie = "foo=bar; Secure; SameSite=None; max-age=3600;";
});
info("Keep example.org's first party tab open.");
await BrowserTestUtils.withNewTab("https://example.com", async browser => {
info("Insert an iframe with example.org.");
let iframeBC = await insertIframeAndWaitForLoad(
browser,
"https://example.org"
);
await SpecialPowers.spawn(iframeBC, [], async () => {
ok(
!(await content.document.hasStorageAccess()),
"example.org should not have storage access initially."
);
info("Simulate user activation.");
SpecialPowers.wrap(content.document).notifyUserGestureActivation();
info("Request storage access.");
await content.document.requestStorageAccess();
ok(
await content.document.hasStorageAccess(),
"example.org should have storage access after request succeeded."
);
is(
content.document.cookie,
"foo=bar",
"example.org should have access to the cookie set in the first party context previously."
);
});
});
});
info("Cleanup.");
Services.perms.removeAll();
Services.cookies.removeAll();
});
// Tests that first party cookies are available to an iframe with storage
// access, without reload, after the first party context tab has been closed.
add_task(async function test_all_tabs_closed() {
await BrowserTestUtils.withNewTab("https://example.org", async browser => {
info("Set a first party cookie via `document.cookie`.");
await SpecialPowers.spawn(browser, [], async () => {
content.document.cookie = "foo=bar; Secure; SameSite=None; max-age=3600;";
});
});
info(
"Now that example.org's tab is closed, open a new tab with example.com which embeds example.org."
);
await BrowserTestUtils.withNewTab("https://example.com", async browser => {
info("Insert an iframe with example.org.");
let iframeBC = await insertIframeAndWaitForLoad(
browser,
"https://example.org"
);
await SpecialPowers.spawn(iframeBC, [], async () => {
ok(
!(await content.document.hasStorageAccess()),
"example.org should not have storage access initially."
);
content.document.cookie =
"fooPartitioned=bar; Secure; SameSite=None; max-age=3600;";
info("Simulate user activation.");
SpecialPowers.wrap(content.document).notifyUserGestureActivation();
info("Request storage access.");
await content.document.requestStorageAccess();
ok(
await content.document.hasStorageAccess(),
"example.org should have storage access after request succeeded."
);
is(
content.document.cookie,
"foo=bar",
"example.org should have access to the cookie set in the first party context previously."
);
});
});
info("Cleanup.");
Services.perms.removeAll();
Services.cookies.removeAll();
});
// Tests that an iframe with storage access receives cookie changes done in
// another tab in the first party context.
add_task(async function test_cookie_updates_broadcasted_to_other_tabs() {
info("Open a new tab with example.com which embeds example.org.");
await BrowserTestUtils.withNewTab("https://example.com", async browser => {
info("Insert an iframe with example.org.");
let iframeBC = await insertIframeAndWaitForLoad(
browser,
"https://example.org"
);
await SpecialPowers.spawn(iframeBC, [], async () => {
ok(
!(await content.document.hasStorageAccess()),
"example.org should not have storage access initially."
);
info("Simulate user activation.");
SpecialPowers.wrap(content.document).notifyUserGestureActivation();
info("Request storage access.");
await content.document.requestStorageAccess();
ok(
await content.document.hasStorageAccess(),
"example.org should have storage access after request succeeded."
);
});
info("Open a new tab with example.org to set a first party cookie.");
await BrowserTestUtils.withNewTab("https://example.org", async browser => {
info("Set a first party cookie via `document.cookie`");
await SpecialPowers.spawn(browser, [], async () => {
content.document.cookie =
"foo=bar; Secure; SameSite=None; max-age=3600;";
});
info("Make sure the cookie arrived in the example.org iframe.");
await SpecialPowers.spawn(iframeBC, [], async () => {
is(
content.document.cookie,
"foo=bar",
"example.org should have access to the cookie set in the first party context."
);
});
});
info(
"The first party tab has been closed. Make sure the cookie is still available in the iframe."
);
await SpecialPowers.spawn(iframeBC, [], async () => {
is(
content.document.cookie,
"foo=bar",
"example.org should have access to the cookie set in the first party context."
);
});
});
info("Cleanup.");
Services.perms.removeAll();
Services.cookies.removeAll();
});
|
