1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
/*
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
"use strict";
const {
HTTPS_EXAMPLE_ORG,
HTTPS_EXAMPLE_COM,
HTTP_EXAMPLE_COM,
browserTestPath,
waitForAllExpectedTests,
cleanupObservers,
checkExpectedCookies,
preclean_test,
cleanup_test,
} = ChromeUtils.importESModule(
"resource://testing-common/cookie_filtering_helper.sys.mjs"
);
async function runSuiteWithContentListener(name, trigger_suite_func, expected) {
return async function (browser) {
info("Running content suite: " + name);
await SpecialPowers.spawn(browser, [expected, name], checkExpectedCookies);
await trigger_suite_func();
await SpecialPowers.spawn(browser, [], waitForAllExpectedTests);
await SpecialPowers.spawn(browser, [], cleanupObservers);
info("Complete content suite: " + name);
};
}
// TEST: Cross Origin Resource (com)
// * process receives only COR cookies pertaining to same page
async function test_cross_origin_resource_com() {
let comExpected = [];
comExpected.push("test-cookie=comhtml"); // 1
comExpected.push("test-cookie=png"); // 2
comExpected.push("test-cookie=orghtml"); // 3
// nothing for 4, 5, 6, 7 -> goes to .org process
comExpected.push("test-cookie=png"); // 8
await BrowserTestUtils.withNewTab(
{
gBrowser,
url: browserTestPath(HTTPS_EXAMPLE_COM),
},
await runSuiteWithContentListener(
"COR example.com",
triggerCrossOriginSuite,
comExpected
)
);
Services.cookies.removeAll();
}
// TEST: Cross Origin Resource (org)
// * received COR cookies only pertaining to the process's page
async function test_cross_origin_resource_org() {
let orgExpected = [];
// nothing for 1, 2 and 3 -> goes to .com
orgExpected.push("test-cookie=png"); // 4
orgExpected.push("test-cookie=orghtml"); // 5
orgExpected.push("test-cookie=png"); // 6
orgExpected.push("test-cookie=comhtml"); // 7
// 8 nothing for 8 -> goes to .com process
orgExpected.push("test-cookie=png"); // 9. Sentinel to verify no more came in
await BrowserTestUtils.withNewTab(
{
gBrowser,
url: browserTestPath(HTTPS_EXAMPLE_ORG),
},
await runSuiteWithContentListener(
"COR example.org",
triggerCrossOriginSuite,
orgExpected
)
);
}
// seems to block better than fetch for secondary resource
// using for more predicatable recving
async function requestBrowserPageWithFilename(
testName,
requestFrom,
filename,
param = ""
) {
let url = requestFrom + "/browser/netwerk/test/browser/" + filename;
// add param if necessary
if (param != "") {
url += "?" + param;
}
info("requesting " + url + " (" + testName + ")");
await BrowserTestUtils.withNewTab(
{
gBrowser,
url,
},
async () => {}
);
}
async function triggerCrossOriginSuite() {
// SameSite - 1 com page, 2 com png
await requestBrowserPageWithFilename(
"SameSite resource (com)",
HTTPS_EXAMPLE_COM,
"cookie_filtering_secure_resource_com.html"
);
// COR - 3 com page, 4 org png
await requestBrowserPageWithFilename(
"COR (com-org)",
HTTPS_EXAMPLE_COM,
"cookie_filtering_secure_resource_org.html"
);
// SameSite - 5 org page, 6 org png
await requestBrowserPageWithFilename(
"SameSite resource (org)",
HTTPS_EXAMPLE_ORG,
"cookie_filtering_secure_resource_org.html"
);
// COR - 7 org page, 8 com png
await requestBrowserPageWithFilename(
"SameSite resource (org-com)",
HTTPS_EXAMPLE_ORG,
"cookie_filtering_secure_resource_com.html"
);
// Sentinel to verify no more cookies come in after last true test
await requestBrowserPageWithFilename(
"COR sentinel",
HTTPS_EXAMPLE_ORG,
"cookie_filtering_square.png"
);
}
add_task(preclean_test);
add_task(test_cross_origin_resource_com); // 4
add_task(test_cross_origin_resource_org); // 5
add_task(cleanup_test);
|
