browser/base/content/test/favicons/browser_favicon_credentials.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

const ROOT_DIR = getRootDirectory(gTestPath);

const EXAMPLE_NET_ROOT = ROOT_DIR.replace(
  "chrome://mochitests/content/",
  "https://example.net/"
);

const EXAMPLE_COM_ROOT = ROOT_DIR.replace(
  "chrome://mochitests/content/",
  "https://example.com/"
);

const FAVICON_URL = EXAMPLE_COM_ROOT + "credentials.png";

// Bug 1746646: Make mochitests work with TCP enabled (cookieBehavior = 5)
// All instances of addPermission and removePermission set up 3rd-party storage
// access in a way that allows the test to proceed with TCP enabled.

function run_test(url, shouldHaveCookies, description) {
  add_task(async () => {
    await SpecialPowers.addPermission(
      "3rdPartyStorage^https://example.com",
      true,
      url
    );

    await BrowserTestUtils.withNewTab(
      { gBrowser, url: "about:blank" },
      async browser => {
        const faviconPromise = waitForFaviconMessage(true, FAVICON_URL);

        BrowserTestUtils.loadURIString(browser, url);
        await BrowserTestUtils.browserLoaded(browser);

        await faviconPromise;

        const seenCookie = Services.cookies
          .getCookiesFromHost(
            "example.com", // the icon's host, not the page's
            browser.contentPrincipal.originAttributes
          )
          .some(cookie => cookie.name == "faviconCookie2");

        // Clean up.
        Services.cookies.removeAll();
        Services.cache2.clear();

        if (shouldHaveCookies) {
          Assert.ok(
            seenCookie,
            `Should have seen the cookie (${description}).`
          );
        } else {
          Assert.ok(
            !seenCookie,
            `Should have not seen the cookie (${description}).`
          );
        }
      }
    );
    await SpecialPowers.removePermission(
      "3rdPartyStorage^https://example.com",
      url
    );
  });
}

// crossorigin="" only has credentials in the same-origin case
run_test(`${EXAMPLE_NET_ROOT}credentials1.html`, false, "anonymous, remote");
run_test(
  `${EXAMPLE_COM_ROOT}credentials1.html`,
  true,
  "anonymous, same-origin"
);

// crossorigin="use-credentials" always has them
run_test(
  `${EXAMPLE_NET_ROOT}credentials2.html`,
  true,
  "use-credentials, remote"
);
run_test(
  `${EXAMPLE_COM_ROOT}credentials2.html`,
  true,
  "use-credentials, same-origin"
);