1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const ORIGIN = "https://example.com";
const PERMISSIONS_PAGE =
getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
"permissions.html";
const SUBFRAME_PAGE =
getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
"temporary_permissions_subframe.html";
// Test that setting temp permissions triggers a change in the identity block.
add_task(async function testTempPermissionChangeEvents() {
let principal =
Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN);
let id = "geo";
await BrowserTestUtils.withNewTab(ORIGIN, function (browser) {
SitePermissions.setForPrincipal(
principal,
id,
SitePermissions.BLOCK,
SitePermissions.SCOPE_TEMPORARY,
browser
);
Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
state: SitePermissions.BLOCK,
scope: SitePermissions.SCOPE_TEMPORARY,
});
let geoIcon = document.querySelector(
".blocked-permission-icon[data-permission-id=geo]"
);
Assert.notEqual(
geoIcon.getBoundingClientRect().width,
0,
"geo anchor should be visible"
);
SitePermissions.removeFromPrincipal(principal, id, browser);
Assert.equal(
geoIcon.getBoundingClientRect().width,
0,
"geo anchor should not be visible"
);
});
});
// Test that temp blocked permissions requested by subframes (with a different URI) affect the whole page.
add_task(async function testTempPermissionSubframes() {
let uri = NetUtil.newURI(ORIGIN);
let principal = Services.scriptSecurityManager.createContentPrincipal(
uri,
{}
);
let id = "geo";
await BrowserTestUtils.withNewTab(SUBFRAME_PAGE, async function (browser) {
let popupshown = BrowserTestUtils.waitForEvent(
PopupNotifications.panel,
"popupshown"
);
await new Promise(r => {
SpecialPowers.pushPrefEnv(
{
set: [
["dom.security.featurePolicy.header.enabled", true],
["dom.security.featurePolicy.webidl.enabled", true],
],
},
r
);
});
// Request a permission.
await SpecialPowers.spawn(browser, [uri.host], async function (host0) {
let frame = content.document.getElementById("frame");
await content.SpecialPowers.spawn(frame, [host0], async function (host) {
const { E10SUtils } = ChromeUtils.importESModule(
"resource://gre/modules/E10SUtils.sys.mjs"
);
E10SUtils.wrapHandlingUserInput(this.content, true, function () {
let frameDoc = this.content.document;
// Make sure that the origin of our test page is different.
Assert.notEqual(frameDoc.location.host, host);
frameDoc.getElementById("geo").click();
});
});
});
await popupshown;
let popuphidden = BrowserTestUtils.waitForEvent(
PopupNotifications.panel,
"popuphidden"
);
let notification = PopupNotifications.panel.firstElementChild;
EventUtils.synthesizeMouseAtCenter(notification.secondaryButton, {});
await popuphidden;
Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
state: SitePermissions.BLOCK,
scope: SitePermissions.SCOPE_TEMPORARY,
});
});
});
|