From 49e73da23de05c4515f2ed9d40e59dbbaa77668c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Can=20Berk=20G=C3=BCder?= Date: Thu, 25 Jul 2024 20:58:30 +0000 Subject: [PATCH] Bug 1908470 - Make it harder to detect when PPA is disabled r=emilio The privateAttribution API returns early when the user has disabled Privacy Preserving Attribution. This makes it possible to detect this condition by passing in an invalid target domain and observing whether the API raises an exception. This moves the user preference checks to happen after input validation, so that input validation happens (and an exception is thrown) even when PPA is disabled. Note that it might still be possible to detect whether PPA is enabled by observing the timing of calls. Differential Revision: https://phabricator.services.mozilla.com/D217642 --- dom/privateattribution/PrivateAttribution.cpp | 17 +++---- dom/privateattribution/moz.build | 2 + .../tests/mochitest/mochitest.toml | 10 +++++ .../test_ppa_disabled_detectable.html | 45 +++++++++++++++++++ 4 files changed, 66 insertions(+), 8 deletions(-) create mode 100644 dom/privateattribution/tests/mochitest/mochitest.toml create mode 100644 dom/privateattribution/tests/mochitest/test_ppa_disabled_detectable.html diff --git a/dom/privateattribution/PrivateAttribution.cpp b/dom/privateattribution/PrivateAttribution.cpp index f645cfe89027..3be93f43304e 100644 --- a/dom/privateattribution/PrivateAttribution.cpp +++ b/dom/privateattribution/PrivateAttribution.cpp @@ -65,10 +65,6 @@ bool PrivateAttribution::GetSourceHostIfNonPrivate(nsACString& aSourceHost, void PrivateAttribution::SaveImpression( const PrivateAttributionImpressionOptions& aOptions, ErrorResult& aRv) { - if (!ShouldRecord()) { - return; - } - nsAutoCString source; if (!GetSourceHostIfNonPrivate(source, aRv)) { return; @@ -78,6 +74,10 @@ void PrivateAttribution::SaveImpression( return; } + if (!ShouldRecord()) { + return; + } + if (XRE_IsParentProcess()) { nsCOMPtr pa = components::PrivateAttribution::Service(); @@ -99,10 +99,6 @@ void PrivateAttribution::SaveImpression( void PrivateAttribution::MeasureConversion( const PrivateAttributionConversionOptions& aOptions, ErrorResult& aRv) { - if (!ShouldRecord()) { - return; - } - nsAutoCString source; if (!GetSourceHostIfNonPrivate(source, aRv)) { return; @@ -112,6 +108,11 @@ void PrivateAttribution::MeasureConversion( return; } } + + if (!ShouldRecord()) { + return; + } + if (XRE_IsParentProcess()) { nsCOMPtr pa = components::PrivateAttribution::Service(); diff --git a/dom/privateattribution/moz.build b/dom/privateattribution/moz.build index e121df659883..294a7483df7c 100644 --- a/dom/privateattribution/moz.build +++ b/dom/privateattribution/moz.build @@ -30,6 +30,8 @@ XPCSHELL_TESTS_MANIFESTS += [ "tests/xpcshell/xpcshell.toml", ] +MOCHITEST_MANIFESTS += ["tests/mochitest/mochitest.toml"] + EXTRA_JS_MODULES += [ "PrivateAttributionService.sys.mjs", ] diff --git a/dom/privateattribution/tests/mochitest/mochitest.toml b/dom/privateattribution/tests/mochitest/mochitest.toml new file mode 100644 index 000000000000..aae2c7b8e809 --- /dev/null +++ b/dom/privateattribution/tests/mochitest/mochitest.toml @@ -0,0 +1,10 @@ +[DEFAULT] +prefs = [ + "dom.origin-trials.enabled=true", + "dom.origin-trials.private-attribution.state=1", + "dom.private-attribution.submission.enabled=false", + "datareporting.healthreport.uploadEnabled=false", +] +scheme = "https" + +["test_ppa_disabled_detectable.html"] diff --git a/dom/privateattribution/tests/mochitest/test_ppa_disabled_detectable.html b/dom/privateattribution/tests/mochitest/test_ppa_disabled_detectable.html new file mode 100644 index 000000000000..0cb3e44168bb --- /dev/null +++ b/dom/privateattribution/tests/mochitest/test_ppa_disabled_detectable.html @@ -0,0 +1,45 @@ + + + + + + PPA Throws for Invalid Source or Target Domains + + + + + + + + +