summaryrefslogtreecommitdiffstats
path: root/netwerk/test/unit/test_cookies_thirdparty_session.js
blob: eefd5d87f9d1cf566afb7732450b416a961b5858 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */

// test third party persistence across sessions, for the cases:
// 1) network.cookie.thirdparty.sessionOnly = false
// 2) network.cookie.thirdparty.sessionOnly = true

"use strict";

add_task(async () => {
  // Set up a profile.
  do_get_profile();

  // We don't want to have CookieJarSettings blocking this test.
  Services.prefs.setBoolPref(
    "network.cookieJarSettings.unblocked_for_testing",
    true
  );
  Services.prefs.setBoolPref("dom.security.https_first", false);

  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);

  CookieXPCShellUtils.createServer({
    hosts: ["foo.com", "bar.com", "third.com"],
  });

  // Create URIs and channels pointing to foo.com and bar.com.
  // We will use these to put foo.com into first and third party contexts.
  var spec1 = "http://foo.com/foo.html";
  var spec2 = "http://bar.com/bar.html";
  var uri1 = NetUtil.newURI(spec1);
  var uri2 = NetUtil.newURI(spec2);
  var channel1 = NetUtil.newChannel({
    uri: uri1,
    loadUsingSystemPrincipal: true,
  });
  var channel2 = NetUtil.newChannel({
    uri: uri2,
    loadUsingSystemPrincipal: true,
  });

  // Force the channel URI to be used when determining the originating URI of
  // the channel.
  var httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
  var httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
  httpchannel1.forceAllowThirdPartyCookie = true;
  httpchannel2.forceAllowThirdPartyCookie = true;

  // test with cookies enabled, and third party cookies persistent.
  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
  Services.prefs.setBoolPref("network.cookie.thirdparty.sessionOnly", false);
  await do_set_cookies(uri1, channel2, false, [1, 2]);
  await do_set_cookies(uri2, channel1, true, [1, 2]);

  // fake a profile change
  await promise_close_profile();

  do_load_profile();
  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 2);
  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);

  // test with third party cookies for session only.
  Services.prefs.setBoolPref("network.cookie.thirdparty.sessionOnly", true);
  Services.cookies.removeAll();
  await do_set_cookies(uri1, channel2, false, [1, 2]);
  await do_set_cookies(uri2, channel1, true, [1, 2]);

  // fake a profile change
  await promise_close_profile();

  do_load_profile();
  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 0);
  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
  Services.prefs.clearUserPref("dom.security.https_first");
  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
});