Bug 1908470 - Make it harder to detect when PPA is disabled r=emilio

The privateAttribution API returns early when the user has disabled
Privacy Preserving Attribution. This makes it possible to detect this
condition by passing in an invalid target domain and observing whether
the API raises an exception.

This moves the user preference checks to happen after input validation,
so that input validation happens (and an exception is thrown) even when
PPA is disabled.

Note that it might still be possible to detect whether PPA is enabled by
observing the timing of calls.

Differential Revision: https://phabricator.services.mozilla.com/D217642

dom/privateattribution/PrivateAttribution.cpp

@@ -65,10 +65,6 @@ bool PrivateAttribution::GetSourceHostIfNonPrivate(nsACString& aSourceHost,
 
 void PrivateAttribution::SaveImpression(
     const PrivateAttributionImpressionOptions& aOptions, ErrorResult& aRv) {
-  if (!ShouldRecord()) {
-    return;
-  }
-
   nsAutoCString source;
   if (!GetSourceHostIfNonPrivate(source, aRv)) {
     return;
@@ -78,6 +74,10 @@ void PrivateAttribution::SaveImpression(
     return;
   }
 
+  if (!ShouldRecord()) {
+    return;
+  }
+
   if (XRE_IsParentProcess()) {
     nsCOMPtr<nsIPrivateAttributionService> pa =
         components::PrivateAttribution::Service();
@@ -99,10 +99,6 @@ void PrivateAttribution::SaveImpression(
 
 void PrivateAttribution::MeasureConversion(
     const PrivateAttributionConversionOptions& aOptions, ErrorResult& aRv) {
-  if (!ShouldRecord()) {
-    return;
-  }
-
   nsAutoCString source;
   if (!GetSourceHostIfNonPrivate(source, aRv)) {
     return;
@@ -112,6 +108,11 @@ void PrivateAttribution::MeasureConversion(
       return;
     }
   }
+
+  if (!ShouldRecord()) {
+    return;
+  }
+
   if (XRE_IsParentProcess()) {
     nsCOMPtr<nsIPrivateAttributionService> pa =
         components::PrivateAttribution::Service();

dom/privateattribution/moz.build

@@ -30,6 +30,8 @@ XPCSHELL_TESTS_MANIFESTS += [
     "tests/xpcshell/xpcshell.toml",
 ]
 
+MOCHITEST_MANIFESTS += ["tests/mochitest/mochitest.toml"]
+
 EXTRA_JS_MODULES += [
     "PrivateAttributionService.sys.mjs",
 ]

dom/privateattribution/tests/mochitest/mochitest.toml

@@ -0,0 +1,10 @@
+[DEFAULT]
+prefs = [
+    "dom.origin-trials.enabled=true",
+    "dom.origin-trials.private-attribution.state=1",
+    "dom.private-attribution.submission.enabled=false",
+    "datareporting.healthreport.uploadEnabled=false",
+]
+scheme = "https"
+
+["test_ppa_disabled_detectable.html"]

dom/privateattribution/tests/mochitest/test_ppa_disabled_detectable.html

@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+
+<head>
+  <meta charset="utf-8">
+  <title>PPA Throws for Invalid Source or Target Domains</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" href="/tests/SimpleTest/test.css"/>
+</head>
+
+<body>
+<script>
+  add_task(async function testSaveImpressionThrowsWithInvalidTarget() {
+    try {
+      navigator.privateAttribution.saveImpression({
+        type: "view",
+        index: 6,
+        ad: "ad_id",
+        target: "~"
+      });
+      ok(false, "saveImpression did not throw");
+    } catch(e) {
+      ok(true, "saveImpression throws:" + e);
+    }
+  });
+
+  add_task(async function testMeasureConversionThrowsWithInvalidSource() {
+    try {
+      navigator.privateAttribution.measureConversion({
+        task: "task_id",
+        histogramSize: 5,
+        lookbackDays: 30,
+        impression: "view",
+        ads: ["ad_id"],
+        sources: ["~"]
+      })
+      ok(false, "measureConversion did not throw");
+    } catch(e) {
+      ok(true, "measureConversion throws:" + e);
+    }
+  });
+</script>
+</body>
+
+</html>