1 files changed, 118 insertions, 0 deletions
diff --git a/browser/base/content/test/permissions/browser_temporary_permissions.js b/browser/base/content/test/permissions/browser_temporary_permissions.js
new file mode 100644
index 0000000000..83f7e49d56
--- /dev/null
+++ b/browser/base/content/test/permissions/browser_temporary_permissions.js
@@ -0,0 +1,118 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const ORIGIN = "https://example.com";
+const PERMISSIONS_PAGE =
+  getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
+  "permissions.html";
+const SUBFRAME_PAGE =
+  getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
+  "temporary_permissions_subframe.html";
+
+// Test that setting temp permissions triggers a change in the identity block.
+add_task(async function testTempPermissionChangeEvents() {
+  let principal =
+    Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN);
+  let id = "geo";
+
+  await BrowserTestUtils.withNewTab(ORIGIN, function (browser) {
+    SitePermissions.setForPrincipal(
+      principal,
+      id,
+      SitePermissions.BLOCK,
+      SitePermissions.SCOPE_TEMPORARY,
+      browser
+    );
+
+    Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
+      state: SitePermissions.BLOCK,
+      scope: SitePermissions.SCOPE_TEMPORARY,
+    });
+
+    let geoIcon = document.querySelector(
+      ".blocked-permission-icon[data-permission-id=geo]"
+    );
+
+    Assert.notEqual(
+      geoIcon.getBoundingClientRect().width,
+      0,
+      "geo anchor should be visible"
+    );
+
+    SitePermissions.removeFromPrincipal(principal, id, browser);
+
+    Assert.equal(
+      geoIcon.getBoundingClientRect().width,
+      0,
+      "geo anchor should not be visible"
+    );
+  });
+});
+
+// Test that temp blocked permissions requested by subframes (with a different URI) affect the whole page.
+add_task(async function testTempPermissionSubframes() {
+  let uri = NetUtil.newURI(ORIGIN);
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
+    uri,
+    {}
+  );
+  let id = "geo";
+
+  await BrowserTestUtils.withNewTab(SUBFRAME_PAGE, async function (browser) {
+    let popupshown = BrowserTestUtils.waitForEvent(
+      PopupNotifications.panel,
+      "popupshown"
+    );
+
+    await new Promise(r => {
+      SpecialPowers.pushPrefEnv(
+        {
+          set: [
+            ["dom.security.featurePolicy.header.enabled", true],
+            ["dom.security.featurePolicy.webidl.enabled", true],
+          ],
+        },
+        r
+      );
+    });
+
+    // Request a permission.
+    await SpecialPowers.spawn(browser, [uri.host], async function (host0) {
+      let frame = content.document.getElementById("frame");
+
+      await content.SpecialPowers.spawn(frame, [host0], async function (host) {
+        const { E10SUtils } = ChromeUtils.importESModule(
+          "resource://gre/modules/E10SUtils.sys.mjs"
+        );
+
+        E10SUtils.wrapHandlingUserInput(this.content, true, function () {
+          let frameDoc = this.content.document;
+
+          // Make sure that the origin of our test page is different.
+          Assert.notEqual(frameDoc.location.host, host);
+
+          frameDoc.getElementById("geo").click();
+        });
+      });
+    });
+
+    await popupshown;
+
+    let popuphidden = BrowserTestUtils.waitForEvent(
+      PopupNotifications.panel,
+      "popuphidden"
+    );
+
+    let notification = PopupNotifications.panel.firstElementChild;
+    EventUtils.synthesizeMouseAtCenter(notification.secondaryButton, {});
+
+    await popuphidden;
+
+    Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
+      state: SitePermissions.BLOCK,
+      scope: SitePermissions.SCOPE_TEMPORARY,
+    });
+  });
+});