summaryrefslogtreecommitdiffstats
path: root/extensions/permissions/test/browser_permmgr_sync.js
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/permissions/test/browser_permmgr_sync.js')
-rw-r--r--extensions/permissions/test/browser_permmgr_sync.js448
1 files changed, 448 insertions, 0 deletions
diff --git a/extensions/permissions/test/browser_permmgr_sync.js b/extensions/permissions/test/browser_permmgr_sync.js
new file mode 100644
index 0000000000..619c29842c
--- /dev/null
+++ b/extensions/permissions/test/browser_permmgr_sync.js
@@ -0,0 +1,448 @@
+function addPerm(aOrigin, aName) {
+ let principal =
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(aOrigin);
+ Services.perms.addFromPrincipal(
+ principal,
+ aName,
+ Services.perms.ALLOW_ACTION
+ );
+}
+
+add_task(async function () {
+ // Make sure that we get a new process for the tab which we create. This is
+ // important, because we want to assert information about the initial state
+ // of the local permissions cache.
+
+ addPerm("http://example.com", "perm1");
+ addPerm("http://foo.bar.example.com", "perm2");
+ addPerm("about:home", "perm3");
+ addPerm("https://example.com", "perm4");
+ // NOTE: This permission is a preload permission, so it should be available in
+ // the content process from startup.
+ addPerm("https://somerandomwebsite.com", "cookie");
+
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url: "about:blank", forceNewProcess: true },
+ async function (aBrowser) {
+ await SpecialPowers.spawn(aBrowser, [], async function () {
+ // Before the load http URIs shouldn't have been sent down yet
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm1-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "perm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm2-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "perm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm3-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm4-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://somerandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "cookie-1"
+ );
+
+ let iframe = content.document.createElement("iframe");
+
+ // Perform a load of example.com
+ await new Promise(resolve => {
+ iframe.setAttribute("src", "http://example.com");
+ iframe.onload = resolve;
+ content.document.body.appendChild(iframe);
+ });
+
+ // After the load finishes, the iframe process should know about example.com, but not foo.bar.example.com
+ await content.SpecialPowers.spawn(iframe, [], async function () {
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm1-2"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "perm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm2-2"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "perm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm3-2"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm4-2"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://somerandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "cookie-2"
+ );
+ });
+
+ // In Fission only, the parent process should have no knowledge about the child
+ // process permissions
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "perm1-3"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "perm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm2-3"
+ );
+
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm4-3"
+ );
+ });
+
+ addPerm("http://example.com", "newperm1");
+ addPerm("http://foo.bar.example.com", "newperm2");
+ addPerm("about:home", "newperm3");
+ addPerm("https://example.com", "newperm4");
+ addPerm("https://someotherrandomwebsite.com", "cookie");
+
+ await SpecialPowers.spawn(aBrowser, [], async function () {
+ // The new permissions should be available, but only for
+ // http://example.com (without Fission), and about:home.
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "perm1-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "newperm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "newperm1-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "perm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm2-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "newperm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "newperm2-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "perm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm3-3"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "newperm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "newperm3-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm4-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "newperm4"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "newperm4-1"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://somerandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "cookie-3"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://someotherrandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "othercookie-3"
+ );
+
+ let iframe = content.document.createElement("iframe");
+ // Loading a subdomain now, on https
+ await new Promise(resolve => {
+ iframe.setAttribute("src", "https://sub1.test1.example.com");
+ iframe.onload = resolve;
+ content.document.body.appendChild(iframe);
+ });
+
+ // After the load finishes, the iframe process should not know about
+ // the permissions of its base domain.
+ await content.SpecialPowers.spawn(iframe, [], async function () {
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm4-5"
+ );
+
+ // In Fission not across schemes, though.
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "perm1-5"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "newperm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "newperm1-2"
+ );
+ });
+
+ // The parent process should still have no permission under Fission.
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "perm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "perm1-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://example.com"
+ ),
+ "newperm1"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "newperm1-3"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://example.com"
+ ),
+ "perm4"
+ ),
+ SpecialPowers.useRemoteSubframes
+ ? Services.perms.UNKNOWN_ACTION
+ : Services.perms.ALLOW_ACTION,
+ "perm4-6"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "perm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "perm2-5"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "http://foo.bar.example.com"
+ ),
+ "newperm2"
+ ),
+ Services.perms.UNKNOWN_ACTION,
+ "newperm2-2"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "perm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "perm3-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "about:home"
+ ),
+ "newperm3"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "newperm3-2"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://somerandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "cookie-4"
+ );
+ is(
+ Services.perms.testPermissionFromPrincipal(
+ Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+ "https://someotherrandomwebsite.com"
+ ),
+ "cookie"
+ ),
+ Services.perms.ALLOW_ACTION,
+ "othercookie-4"
+ );
+ });
+ }
+ );
+});
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 22:34:57 +0000