summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/permissions/browser_temporary_permissions.js
blob: 83f7e49d56125b694d435eb08ee5806b8e4b88f6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

const ORIGIN = "https://example.com";
const PERMISSIONS_PAGE =
  getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
  "permissions.html";
const SUBFRAME_PAGE =
  getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) +
  "temporary_permissions_subframe.html";

// Test that setting temp permissions triggers a change in the identity block.
add_task(async function testTempPermissionChangeEvents() {
  let principal =
    Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN);
  let id = "geo";

  await BrowserTestUtils.withNewTab(ORIGIN, function (browser) {
    SitePermissions.setForPrincipal(
      principal,
      id,
      SitePermissions.BLOCK,
      SitePermissions.SCOPE_TEMPORARY,
      browser
    );

    Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
      state: SitePermissions.BLOCK,
      scope: SitePermissions.SCOPE_TEMPORARY,
    });

    let geoIcon = document.querySelector(
      ".blocked-permission-icon[data-permission-id=geo]"
    );

    Assert.notEqual(
      geoIcon.getBoundingClientRect().width,
      0,
      "geo anchor should be visible"
    );

    SitePermissions.removeFromPrincipal(principal, id, browser);

    Assert.equal(
      geoIcon.getBoundingClientRect().width,
      0,
      "geo anchor should not be visible"
    );
  });
});

// Test that temp blocked permissions requested by subframes (with a different URI) affect the whole page.
add_task(async function testTempPermissionSubframes() {
  let uri = NetUtil.newURI(ORIGIN);
  let principal = Services.scriptSecurityManager.createContentPrincipal(
    uri,
    {}
  );
  let id = "geo";

  await BrowserTestUtils.withNewTab(SUBFRAME_PAGE, async function (browser) {
    let popupshown = BrowserTestUtils.waitForEvent(
      PopupNotifications.panel,
      "popupshown"
    );

    await new Promise(r => {
      SpecialPowers.pushPrefEnv(
        {
          set: [
            ["dom.security.featurePolicy.header.enabled", true],
            ["dom.security.featurePolicy.webidl.enabled", true],
          ],
        },
        r
      );
    });

    // Request a permission.
    await SpecialPowers.spawn(browser, [uri.host], async function (host0) {
      let frame = content.document.getElementById("frame");

      await content.SpecialPowers.spawn(frame, [host0], async function (host) {
        const { E10SUtils } = ChromeUtils.importESModule(
          "resource://gre/modules/E10SUtils.sys.mjs"
        );

        E10SUtils.wrapHandlingUserInput(this.content, true, function () {
          let frameDoc = this.content.document;

          // Make sure that the origin of our test page is different.
          Assert.notEqual(frameDoc.location.host, host);

          frameDoc.getElementById("geo").click();
        });
      });
    });

    await popupshown;

    let popuphidden = BrowserTestUtils.waitForEvent(
      PopupNotifications.panel,
      "popuphidden"
    );

    let notification = PopupNotifications.panel.firstElementChild;
    EventUtils.synthesizeMouseAtCenter(notification.secondaryButton, {});

    await popuphidden;

    Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), {
      state: SitePermissions.BLOCK,
      scope: SitePermissions.SCOPE_TEMPORARY,
    });
  });
});