1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<!DOCTYPE HTML>
<html>
<head>
<title>WebExtension test</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
<script type="text/javascript" src="head.js"></script>
<script type="text/javascript" src="head_cookies.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<script type="text/javascript">
"use strict";
add_task(async function init() {
// We need to trigger a cookie eviction in order to test our batch delete
// observer.
// Set quotaPerHost to maxPerHost - 1, so there is only one cookie
// will be evicted everytime.
SpecialPowers.setIntPref("network.cookie.quotaPerHost", 2);
SpecialPowers.setIntPref("network.cookie.maxPerHost", 3);
SimpleTest.registerCleanupFunction(() => {
SpecialPowers.clearUserPref("network.cookie.quotaPerHost");
SpecialPowers.clearUserPref("network.cookie.maxPerHost");
});
});
add_task(async function test_bad_cookie_permissions() {
info("Test non-matching, non-secure domain with non-secure cookie");
await testCookies({
permissions: ["http://example.com/", "cookies"],
url: "http://example.net/",
domain: "example.net",
secure: false,
shouldPass: false,
shouldWrite: false,
});
info("Test non-matching, secure domain with non-secure cookie");
await testCookies({
permissions: ["https://example.com/", "cookies"],
url: "https://example.net/",
domain: "example.net",
secure: false,
shouldPass: false,
shouldWrite: false,
});
info("Test non-matching, secure domain with secure cookie");
await testCookies({
permissions: ["https://example.com/", "cookies"],
url: "https://example.net/",
domain: "example.net",
secure: false,
shouldPass: false,
shouldWrite: false,
});
info("Test matching subdomain with superdomain privileges, secure cookie (http)");
await testCookies({
permissions: ["http://foo.bar.example.com/", "cookies"],
url: "http://foo.bar.example.com/",
domain: ".example.com",
secure: true,
shouldPass: false,
shouldWrite: true,
});
info("Test matching, non-secure domain with secure cookie");
await testCookies({
permissions: ["http://example.com/", "cookies"],
url: "http://example.com/",
domain: "example.com",
secure: true,
shouldPass: false,
shouldWrite: true,
});
info("Test matching, non-secure host, secure URL");
await testCookies({
permissions: ["http://example.com/", "cookies"],
url: "https://example.com/",
domain: "example.com",
secure: true,
shouldPass: false,
shouldWrite: false,
});
info("Test non-matching domain");
await testCookies({
permissions: ["http://example.com/", "cookies"],
url: "http://example.com/",
domain: "example.net",
secure: false,
shouldPass: false,
shouldWrite: false,
});
info("Test invalid scheme");
await testCookies({
permissions: ["ftp://example.com/", "cookies"],
url: "ftp://example.com/",
domain: "example.com",
secure: false,
shouldPass: false,
shouldWrite: false,
});
});
</script>
</body>
</html>
|
