summaryrefslogtreecommitdiffstats
path: root/netwerk/test/unit/test_bug526789.js
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/test/unit/test_bug526789.js')
-rw-r--r--netwerk/test/unit/test_bug526789.js289
1 files changed, 289 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_bug526789.js b/netwerk/test/unit/test_bug526789.js
new file mode 100644
index 0000000000..ec80249a3c
--- /dev/null
+++ b/netwerk/test/unit/test_bug526789.js
@@ -0,0 +1,289 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async () => {
+ var cm = Services.cookies;
+ var expiry = (Date.now() + 1000) * 1000;
+
+ cm.removeAll();
+
+ // Allow all cookies.
+ Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+ Services.prefs.setBoolPref("dom.security.https_first", false);
+
+ // test that variants of 'baz.com' get normalized appropriately, but that
+ // malformed hosts are rejected
+ cm.add(
+ "baz.com",
+ "/",
+ "foo",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+ Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1);
+ Assert.equal(cm.countCookiesFromHost(".baz.com"), 1);
+ Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+ Assert.equal(cm.countCookiesFromHost(".baz.com."), 0);
+ do_check_throws(function () {
+ cm.countCookiesFromHost("baz.com..");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost("baz..com");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost("..baz.com");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ cm.remove("BAZ.com.", "foo", "/", {});
+ Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+ cm.remove("baz.com", "foo", "/", {});
+ Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+
+ // Test that 'baz.com' and 'baz.com.' are treated differently
+ cm.add(
+ "baz.com.",
+ "/",
+ "foo",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+ Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0);
+ Assert.equal(cm.countCookiesFromHost(".baz.com"), 0);
+ Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+ Assert.equal(cm.countCookiesFromHost(".baz.com."), 1);
+ cm.remove("baz.com", "foo", "/", {});
+ Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+ cm.remove("baz.com.", "foo", "/", {});
+ Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+
+ // test that domain cookies are illegal for IP addresses, aliases such as
+ // 'localhost', and eTLD's such as 'co.uk'
+ cm.add(
+ "192.168.0.1",
+ "/",
+ "foo",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1);
+ Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".192.168.0.1");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".192.168.0.1.");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ cm.add(
+ "localhost",
+ "/",
+ "foo",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(cm.countCookiesFromHost("localhost"), 1);
+ Assert.equal(cm.countCookiesFromHost("localhost."), 0);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".localhost");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".localhost.");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ cm.add(
+ "co.uk",
+ "/",
+ "foo",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(cm.countCookiesFromHost("co.uk"), 1);
+ Assert.equal(cm.countCookiesFromHost("co.uk."), 0);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".co.uk");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".co.uk.");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ cm.removeAll();
+
+ CookieXPCShellUtils.createServer({
+ hosts: ["baz.com", "192.168.0.1", "localhost", "co.uk", "foo.com"],
+ });
+
+ var uri = NetUtil.newURI("http://baz.com/");
+ Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+ Assert.equal(uri.asciiHost, "baz.com");
+
+ await CookieXPCShellUtils.setCookieToDocument(uri.spec, "foo=bar");
+ const docCookies = await CookieXPCShellUtils.getCookieStringFromDocument(
+ uri.spec
+ );
+ Assert.equal(docCookies, "foo=bar");
+
+ Assert.equal(cm.countCookiesFromHost(""), 0);
+ do_check_throws(function () {
+ cm.countCookiesFromHost(".");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.countCookiesFromHost("..");
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ var cookies = cm.getCookiesFromHost("", {});
+ Assert.ok(!cookies.length);
+ do_check_throws(function () {
+ cm.getCookiesFromHost(".", {});
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.getCookiesFromHost("..", {});
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ cookies = cm.getCookiesFromHost("baz.com", {});
+ Assert.equal(cookies.length, 1);
+ Assert.equal(cookies[0].name, "foo");
+ cookies = cm.getCookiesFromHost("", {});
+ Assert.ok(!cookies.length);
+ do_check_throws(function () {
+ cm.getCookiesFromHost(".", {});
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ do_check_throws(function () {
+ cm.getCookiesFromHost("..", {});
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ cm.removeAll();
+
+ // test that an empty host to add() or remove() works,
+ // but a host of '.' doesn't
+ cm.add(
+ "",
+ "/",
+ "foo2",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ Assert.equal(getCookieCount(), 1);
+ do_check_throws(function () {
+ cm.add(
+ ".",
+ "/",
+ "foo3",
+ "bar",
+ false,
+ false,
+ true,
+ expiry,
+ {},
+ Ci.nsICookie.SAMESITE_NONE,
+ Ci.nsICookie.SCHEME_HTTPS
+ );
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+ Assert.equal(getCookieCount(), 1);
+
+ cm.remove("", "foo2", "/", {});
+ Assert.equal(getCookieCount(), 0);
+ do_check_throws(function () {
+ cm.remove(".", "foo3", "/", {});
+ }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+ // test that the 'domain' attribute accepts a leading dot for IP addresses,
+ // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
+ // resulting cookie is for the exact host only.
+ await testDomainCookie("http://192.168.0.1/", "192.168.0.1");
+ await testDomainCookie("http://localhost/", "localhost");
+ await testDomainCookie("http://co.uk/", "co.uk");
+
+ // Test that trailing dots are treated differently for purposes of the
+ // 'domain' attribute when using setCookieStringFromDocument.
+ await testTrailingDotCookie("http://localhost/", "localhost");
+ await testTrailingDotCookie("http://foo.com/", "foo.com");
+
+ cm.removeAll();
+});
+
+function getCookieCount() {
+ var cm = Services.cookies;
+ return cm.cookies.length;
+}
+
+async function testDomainCookie(uriString, domain) {
+ var cm = Services.cookies;
+
+ cm.removeAll();
+
+ await CookieXPCShellUtils.setCookieToDocument(
+ uriString,
+ "foo=bar; domain=" + domain
+ );
+
+ var cookies = cm.getCookiesFromHost(domain, {});
+ Assert.ok(cookies.length);
+ Assert.equal(cookies[0].host, domain);
+ cm.removeAll();
+
+ await CookieXPCShellUtils.setCookieToDocument(
+ uriString,
+ "foo=bar; domain=." + domain
+ );
+
+ cookies = cm.getCookiesFromHost(domain, {});
+ Assert.ok(cookies.length);
+ Assert.equal(cookies[0].host, domain);
+ cm.removeAll();
+}
+
+async function testTrailingDotCookie(uriString, domain) {
+ var cm = Services.cookies;
+
+ cm.removeAll();
+
+ await CookieXPCShellUtils.setCookieToDocument(
+ uriString,
+ "foo=bar; domain=" + domain + "/"
+ );
+
+ Assert.equal(cm.countCookiesFromHost(domain), 0);
+ Assert.equal(cm.countCookiesFromHost(domain + "."), 0);
+ cm.removeAll();
+ Services.prefs.clearUserPref("dom.security.https_first");
+}