summaryrefslogtreecommitdiffstats
path: root/toolkit/components/extensions/test/mochitest/test_ext_cookies.html
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/components/extensions/test/mochitest/test_ext_cookies.html')
-rw-r--r--toolkit/components/extensions/test/mochitest/test_ext_cookies.html367
1 files changed, 367 insertions, 0 deletions
diff --git a/toolkit/components/extensions/test/mochitest/test_ext_cookies.html b/toolkit/components/extensions/test/mochitest/test_ext_cookies.html
new file mode 100644
index 0000000000..cdec628975
--- /dev/null
+++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies.html
@@ -0,0 +1,367 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>WebExtension test</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
+ <script type="text/javascript" src="head.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<script type="text/javascript">
+"use strict";
+
+add_task(async function test_cookies() {
+ await SpecialPowers.pushPrefEnv({set: [
+ ["dom.security.https_first_pbm", false],
+ ["dom.security.https_first", false],
+ ]});
+
+ async function background() {
+ function assertExpected(expected, cookie) {
+ for (let key of Object.keys(cookie)) {
+ browser.test.assertTrue(key in expected, `found property ${key}`);
+ browser.test.assertEq(expected[key], cookie[key], `property value for ${key} is correct`);
+ }
+ browser.test.assertEq(Object.keys(expected).length, Object.keys(cookie).length, "all expected properties found");
+ }
+
+ async function getDocumentCookie(tabId) {
+ let results = await browser.tabs.executeScript(tabId, {
+ code: "document.cookie",
+ });
+ browser.test.assertEq(1, results.length, "executeScript returns one result");
+ return results[0];
+ }
+
+ async function testIpCookie(ipAddress, setHostOnly) {
+ const IP_TEST_HOST = ipAddress;
+ const IP_TEST_URL = `http://${IP_TEST_HOST}/`;
+ const IP_THE_FUTURE = Date.now() + 5 * 60;
+ const IP_STORE_ID = "firefox-default";
+
+ let expectedCookie = {
+ name: "name1",
+ value: "value1",
+ domain: IP_TEST_HOST,
+ hostOnly: true,
+ path: "/",
+ secure: false,
+ httpOnly: false,
+ sameSite: "no_restriction",
+ session: false,
+ expirationDate: IP_THE_FUTURE,
+ storeId: IP_STORE_ID,
+ firstPartyDomain: "",
+ partitionKey: null,
+ };
+
+ await browser.browsingData.removeCookies({});
+ let ip_cookie = await browser.cookies.set({
+ url: IP_TEST_URL,
+ domain: setHostOnly ? ipAddress : undefined,
+ name: "name1",
+ value: "value1",
+ expirationDate: IP_THE_FUTURE,
+ });
+ assertExpected(expectedCookie, ip_cookie);
+
+ let ip_cookies = await browser.cookies.getAll({name: "name1"});
+ browser.test.assertEq(1, ip_cookies.length, "ip cookie can be added");
+ assertExpected(expectedCookie, ip_cookies[0]);
+
+ ip_cookies = await browser.cookies.getAll({domain: IP_TEST_HOST, name: "name1"});
+ browser.test.assertEq(1, ip_cookies.length, "can get ip cookie by host");
+ assertExpected(expectedCookie, ip_cookies[0]);
+
+ let ip_details = await browser.cookies.remove({url: IP_TEST_URL, name: "name1"});
+ assertExpected({url: IP_TEST_URL, name: "name1", storeId: IP_STORE_ID, firstPartyDomain: "", partitionKey: null}, ip_details);
+
+ ip_cookies = await browser.cookies.getAll({name: "name1"});
+ browser.test.assertEq(0, ip_cookies.length, "ip cookie can be removed");
+ }
+
+ async function openPrivateWindowAndTab(TEST_URL) {
+ // Add some random suffix to make sure that we select the right tab.
+ const PRIVATE_TEST_URL = TEST_URL + "?random" + Math.random();
+
+ let tabReadyPromise = new Promise((resolve) => {
+ browser.webNavigation.onDOMContentLoaded.addListener(function listener({tabId}) {
+ browser.webNavigation.onDOMContentLoaded.removeListener(listener);
+ resolve(tabId);
+ }, {
+ url: [{
+ urlPrefix: PRIVATE_TEST_URL,
+ }],
+ });
+ });
+ // This tab is opened for two purposes:
+ // 1. To allow tests to run content scripts in the context of a tab,
+ // for fetching the value of document.cookie.
+ // 2. TODO Bug 1309637 To work around cookies in incognito windows,
+ // based on the analysis in comment 8.
+ let {id: windowId} = await browser.windows.create({
+ incognito: true,
+ url: PRIVATE_TEST_URL,
+ });
+ let tabId = await tabReadyPromise;
+ return {windowId, tabId};
+ }
+
+ function changePort(href, port) {
+ let url = new URL(href);
+ url.port = port;
+ return url.href;
+ }
+
+ await testIpCookie("[2a03:4000:6:310e:216:3eff:fe53:99b]", false);
+ await testIpCookie("[2a03:4000:6:310e:216:3eff:fe53:99b]", true);
+ await testIpCookie("192.168.1.1", false);
+ await testIpCookie("192.168.1.1", true);
+
+ const TEST_URL = "http://example.org/";
+ const TEST_SECURE_URL = "https://example.org/";
+ const THE_FUTURE = Date.now() + 5 * 60;
+ const TEST_PATH = "set_path";
+ const TEST_URL_WITH_PATH = TEST_URL + TEST_PATH;
+ const TEST_COOKIE_PATH = `/${TEST_PATH}`;
+ const STORE_ID = "firefox-default";
+ const PRIVATE_STORE_ID = "firefox-private";
+
+ let expected = {
+ name: "name1",
+ value: "value1",
+ domain: "example.org",
+ hostOnly: true,
+ path: "/",
+ secure: false,
+ httpOnly: false,
+ sameSite: "no_restriction",
+ session: false,
+ expirationDate: THE_FUTURE,
+ storeId: STORE_ID,
+ firstPartyDomain: "",
+ partitionKey: null,
+ };
+
+ // Remove all cookies before starting the test.
+ await browser.browsingData.removeCookies({});
+
+ let cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", expirationDate: THE_FUTURE});
+ assertExpected(expected, cookie);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
+ assertExpected(expected, cookie);
+
+ let cookies = await browser.cookies.getAll({name: "name1"});
+ browser.test.assertEq(1, cookies.length, "one cookie found for matching name");
+ assertExpected(expected, cookies[0]);
+
+ cookies = await browser.cookies.getAll({domain: "example.org"});
+ browser.test.assertEq(1, cookies.length, "one cookie found for matching domain");
+ assertExpected(expected, cookies[0]);
+
+ cookies = await browser.cookies.getAll({domain: "example.net"});
+ browser.test.assertEq(0, cookies.length, "no cookies found for non-matching domain");
+
+ cookies = await browser.cookies.getAll({secure: false});
+ browser.test.assertEq(1, cookies.length, "one non-secure cookie found");
+ assertExpected(expected, cookies[0]);
+
+ cookies = await browser.cookies.getAll({secure: true});
+ browser.test.assertEq(0, cookies.length, "no secure cookies found");
+
+ cookies = await browser.cookies.getAll({storeId: STORE_ID});
+ browser.test.assertEq(1, cookies.length, "one cookie found for valid storeId");
+ assertExpected(expected, cookies[0]);
+
+ cookies = await browser.cookies.getAll({storeId: "invalid_id"});
+ browser.test.assertEq(0, cookies.length, "no cookies found for invalid storeId");
+
+ let details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
+ assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
+ browser.test.assertEq(null, cookie, "removed cookie not found");
+
+ // Ports in cookie URLs should be ignored. Every API call uses a different port number for better coverage.
+ cookie = await browser.cookies.set({url: changePort(TEST_URL, 1234), name: "name1", value: "value1", expirationDate: THE_FUTURE});
+ assertExpected(expected, cookie);
+
+ cookie = await browser.cookies.get({url: changePort(TEST_URL, 65535), name: "name1"});
+ assertExpected(expected, cookie);
+
+ cookies = await browser.cookies.getAll({url: TEST_URL});
+ browser.test.assertEq(cookies.length, 1, "Found cookie using getAll without port");
+ assertExpected(expected, cookies[0]);
+
+ cookies = await browser.cookies.getAll({url: changePort(TEST_URL, 1)});
+ browser.test.assertEq(cookies.length, 1, "Found cookie using getAll with port");
+ assertExpected(expected, cookies[0]);
+
+ // .remove should return the URL of the API call, so the port is included in the return value.
+ const TEST_URL_TO_REMOVE = changePort(TEST_URL, 1023);
+ details = await browser.cookies.remove({url: TEST_URL_TO_REMOVE, name: "name1"});
+ assertExpected({url: TEST_URL_TO_REMOVE, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
+ browser.test.assertEq(null, cookie, "removed cookie not found");
+
+ let stores = await browser.cookies.getAllCookieStores();
+ browser.test.assertEq(1, stores.length, "expected number of stores returned");
+ browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
+ browser.test.assertEq(1, stores[0].tabIds.length, "one tabId returned for store");
+ browser.test.assertEq("number", typeof stores[0].tabIds[0], "tabId is a number");
+
+ // TODO bug 1372178: Opening private windows/tabs is not supported on Android
+ if (browser.windows) {
+ let {windowId} = await openPrivateWindowAndTab(TEST_URL);
+ let stores = await browser.cookies.getAllCookieStores();
+
+ browser.test.assertEq(2, stores.length, "expected number of stores returned");
+ browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
+ browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for store");
+ browser.test.assertEq(PRIVATE_STORE_ID, stores[1].id, "expected private store id returned");
+ browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for private store");
+
+ await browser.windows.remove(windowId);
+ }
+
+ cookie = await browser.cookies.set({url: TEST_URL, name: "name2", domain: ".example.org", expirationDate: THE_FUTURE});
+ browser.test.assertEq(false, cookie.hostOnly, "cookie is not a hostOnly cookie");
+
+ details = await browser.cookies.remove({url: TEST_URL, name: "name2"});
+ assertExpected({url: TEST_URL, name: "name2", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ // Create a session cookie.
+ cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1"});
+ browser.test.assertEq(true, cookie.session, "session cookie set");
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
+ browser.test.assertEq(true, cookie.session, "got session cookie");
+
+ cookies = await browser.cookies.getAll({session: true});
+ browser.test.assertEq(1, cookies.length, "one session cookie found");
+ browser.test.assertEq(true, cookies[0].session, "found session cookie");
+
+ cookies = await browser.cookies.getAll({session: false});
+ browser.test.assertEq(0, cookies.length, "no non-session cookies found");
+
+ details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
+ assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
+ browser.test.assertEq(null, cookie, "removed cookie not found");
+
+ cookie = await browser.cookies.set({url: TEST_SECURE_URL, name: "name1", value: "value1", secure: true});
+ browser.test.assertEq(true, cookie.secure, "secure cookie set");
+
+ cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
+ browser.test.assertEq(true, cookie.session, "got secure cookie");
+
+ cookies = await browser.cookies.getAll({secure: true});
+ browser.test.assertEq(1, cookies.length, "one secure cookie found");
+ browser.test.assertEq(true, cookies[0].secure, "found secure cookie");
+
+ cookies = await browser.cookies.getAll({secure: false});
+ browser.test.assertEq(0, cookies.length, "no non-secure cookies found");
+
+ details = await browser.cookies.remove({url: TEST_SECURE_URL, name: "name1"});
+ assertExpected({url: TEST_SECURE_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
+ browser.test.assertEq(null, cookie, "removed cookie not found");
+
+ cookie = await browser.cookies.set({url: TEST_URL_WITH_PATH, path: TEST_COOKIE_PATH, name: "name1", value: "value1", expirationDate: THE_FUTURE});
+ browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "created cookie with path");
+
+ cookie = await browser.cookies.get({url: TEST_URL_WITH_PATH, name: "name1"});
+ browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "got cookie with path");
+
+ cookies = await browser.cookies.getAll({path: TEST_COOKIE_PATH});
+ browser.test.assertEq(1, cookies.length, "one cookie with path found");
+ browser.test.assertEq(TEST_COOKIE_PATH, cookies[0].path, "found cookie with path");
+
+ cookie = await browser.cookies.get({url: TEST_URL + "invalid_path", name: "name1"});
+ browser.test.assertEq(null, cookie, "get with invalid path returns null");
+
+ cookies = await browser.cookies.getAll({path: "/invalid_path"});
+ browser.test.assertEq(0, cookies.length, "getAll with invalid path returns 0 cookies");
+
+ details = await browser.cookies.remove({url: TEST_URL_WITH_PATH, name: "name1"});
+ assertExpected({url: TEST_URL_WITH_PATH, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: true});
+ browser.test.assertEq(true, cookie.httpOnly, "httpOnly cookie set");
+
+ cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: false});
+ browser.test.assertEq(false, cookie.httpOnly, "non-httpOnly cookie set");
+
+ details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
+ assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.set({url: TEST_URL});
+ browser.test.assertEq("", cookie.name, "default name set");
+ browser.test.assertEq("", cookie.value, "default value set");
+ browser.test.assertEq(true, cookie.session, "no expiry date created session cookie");
+
+ // TODO bug 1372178: Opening private windows/tabs is not supported on Android
+ if (browser.windows) {
+ let {tabId, windowId} = await openPrivateWindowAndTab(TEST_URL);
+
+ browser.test.assertEq("", await getDocumentCookie(tabId), "initially no cookie");
+
+ let cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "private", expirationDate: THE_FUTURE, storeId: PRIVATE_STORE_ID});
+ browser.test.assertEq("private", cookie.value, "set the private cookie");
+
+ cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "default", expirationDate: THE_FUTURE, storeId: STORE_ID});
+ browser.test.assertEq("default", cookie.value, "set the default cookie");
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
+ browser.test.assertEq("private", cookie.value, "get the private cookie");
+ browser.test.assertEq(PRIVATE_STORE_ID, cookie.storeId, "get the private cookie storeId");
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
+ browser.test.assertEq("default", cookie.value, "get the default cookie");
+ browser.test.assertEq(STORE_ID, cookie.storeId, "get the default cookie storeId");
+
+ browser.test.assertEq("store=private", await getDocumentCookie(tabId), "private document.cookie should be set");
+
+ let details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: STORE_ID});
+ assertExpected({url: TEST_URL, name: "store", storeId: STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
+ browser.test.assertEq(null, cookie, "deleted the default cookie");
+
+ details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
+ assertExpected({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID, firstPartyDomain: "", partitionKey: null}, details);
+
+ cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
+ browser.test.assertEq(null, cookie, "deleted the private cookie");
+
+ browser.test.assertEq("", await getDocumentCookie(tabId), "private document.cookie should be removed");
+
+ await browser.windows.remove(windowId);
+ }
+
+ browser.test.notifyPass("cookies");
+ }
+
+ let extension = ExtensionTestUtils.loadExtension({
+ incognitoOverride: "spanning",
+ background,
+ manifest: {
+ permissions: ["cookies", "*://example.org/", "*://[2a03:4000:6:310e:216:3eff:fe53:99b]/", "*://192.168.1.1/", "webNavigation", "browsingData"],
+ },
+ });
+
+ await extension.startup();
+ await extension.awaitFinish("cookies");
+ await extension.unload();
+});
+
+</script>
+
+</body>
+</html>