1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
/**
* Bug 1282655 - Test if site permissions are universal across origin attributes.
*
* This test is testing the cookie "permission" for a specific URI.
*/
const { PermissionTestUtils } = ChromeUtils.importESModule(
"resource://testing-common/PermissionTestUtils.sys.mjs"
);
const TEST_PAGE = "https://example.net";
const uri = Services.io.newURI(TEST_PAGE);
async function disableCookies() {
Services.cookies.removeAll();
PermissionTestUtils.add(uri, "cookie", Services.perms.DENY_ACTION);
// A workaround for making this test working. In Bug 1330467, we separate the
// permissions between different firstPartyDomains, but not for the
// userContextID and the privateBrowsingId. So we need to manually add the
// permission for FPDs in order to make this test working. This test should be
// eventually removed once the permissions are isolated by OAs.
let principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
firstPartyDomain: "example.com",
});
PermissionTestUtils.add(principal, "cookie", Services.perms.DENY_ACTION);
principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
firstPartyDomain: "example.org",
});
PermissionTestUtils.add(principal, "cookie", Services.perms.DENY_ACTION);
}
async function ensureCookieNotSet(aBrowser) {
await SpecialPowers.spawn(aBrowser, [], async function () {
content.document.cookie = "key=value; SameSite=None; Secure;";
Assert.equal(
content.document.cookie,
"",
"Setting/reading cookies should be disabled" +
" for this domain for all origin attribute combinations."
);
});
}
IsolationTestTools.runTests(
TEST_PAGE,
ensureCookieNotSet,
() => true,
disableCookies
);
async function enableCookies() {
Services.cookies.removeAll();
PermissionTestUtils.add(uri, "cookie", Services.perms.ALLOW_ACTION);
// A workaround for making this test working.
let principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
firstPartyDomain: "example.com",
});
PermissionTestUtils.add(principal, "cookie", Services.perms.ALLOW_ACTION);
principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
firstPartyDomain: "example.org",
});
PermissionTestUtils.add(principal, "cookie", Services.perms.ALLOW_ACTION);
}
async function ensureCookieSet(aBrowser) {
await SpecialPowers.spawn(aBrowser, [], function () {
content.document.cookie = "key=value; SameSite=None; Secure;";
Assert.equal(
content.document.cookie,
"key=value",
"Setting/reading cookies should be" +
" enabled for this domain for all origin attribute combinations."
);
});
}
IsolationTestTools.runTests(
TEST_PAGE,
ensureCookieSet,
() => true,
enableCookies
);
registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.sameSite.laxByDefault");
Services.cookies.removeAll();
});
|