mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
Backed out 2 changesets (bug 1452496) for bustage on build/src/netwerk/test/TestNamedPipeService.cpp on a CLOSED TREE
Backed out changeset 071ecf5e3680 (bug 1452496) Backed out changeset 8bf36c469e22 (bug 1452496)
This commit is contained in:
Gurzau Raul
parent
818bd556c8
commit
719a001ee1
@ -1,47 +0,0 @@
|
||||
// Custom *.sjs file specifically for the needs of Bug 1452496
|
||||
|
||||
// small red image
|
||||
const IMG_BYTES = atob(
|
||||
"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
|
||||
"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
|
||||
|
||||
const FRAME = `
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
|
||||
</head>
|
||||
<body>
|
||||
<script type="application/javascript">
|
||||
window.parent.postMessage({result: document.cookie}, 'http://mochi.test:8888');
|
||||
</script>
|
||||
</body>
|
||||
</html>`;
|
||||
|
||||
function handleRequest(request, response)
|
||||
{
|
||||
// avoid confusing cache behaviors
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
|
||||
if (request.queryString === "setSameSiteCookie") {
|
||||
response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
|
||||
response.setHeader("Content-Type", "image/png");
|
||||
response.write(IMG_BYTES);
|
||||
return;
|
||||
}
|
||||
|
||||
if (request.queryString === "setRegularCookie") {
|
||||
response.setHeader("Set-Cookie", "myRegularKey=regularCookie;", true);
|
||||
response.setHeader("Content-Type", "image/png");
|
||||
response.write(IMG_BYTES);
|
||||
return;
|
||||
}
|
||||
|
||||
if (request.queryString === "loadFrame") {
|
||||
response.write(FRAME);
|
||||
return;
|
||||
}
|
||||
|
||||
// we should never get here, but just in case return something unexpected
|
||||
response.write("D'oh");
|
||||
}
|
||||
@ -10,7 +10,6 @@ support-files =
|
||||
file_block_subresource_redir_to_data.sjs
|
||||
file_same_site_cookies_subrequest.sjs
|
||||
file_same_site_cookies_toplevel_nav.sjs
|
||||
file_same_site_cookies_cross_origin_context.sjs
|
||||
|
||||
[test_contentpolicytype_targeted_link_iframe.html]
|
||||
[test_nosniff.html]
|
||||
@ -26,4 +25,3 @@ skip-if = toolkit == 'android'
|
||||
[test_block_subresource_redir_to_data.html]
|
||||
[test_same_site_cookies_subrequest.html]
|
||||
[test_same_site_cookies_toplevel_nav.html]
|
||||
[test_same_site_cookies_cross_origin_context.html]
|
||||
|
||||
@ -1,87 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<img id="cookieImage">
|
||||
<iframe id="testframe"></iframe>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/*
|
||||
* Description of the test:
|
||||
* 1) We load an image from http://example.com which tries to
|
||||
* a) a same site cookie
|
||||
* b) a regular cookie
|
||||
* in the context of http://mochi.test
|
||||
* 2) We load an iframe from http://example.com and check if the cookie
|
||||
* is available.
|
||||
* 3) We observe that:
|
||||
* (a) same site cookie has been discarded in a cross origin context.
|
||||
* (b) the regular cookie is available.
|
||||
*/
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
const CROSS_ORIGIN = "http://example.com/";
|
||||
const PATH = "tests/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs";
|
||||
|
||||
let curTest = 0;
|
||||
|
||||
var tests = [
|
||||
{
|
||||
description: "same-site cookie in cross origin context",
|
||||
imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
|
||||
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
|
||||
result: "", // no cookie should be set
|
||||
},
|
||||
{
|
||||
description: "regular cookie in cross origin context",
|
||||
imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
|
||||
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
|
||||
result: "myRegularKey=regularCookie",
|
||||
},
|
||||
];
|
||||
|
||||
|
||||
window.addEventListener("message", receiveMessage);
|
||||
function receiveMessage(event) {
|
||||
is(event.data.result, tests[curTest].result, tests[curTest].description);
|
||||
curTest += 1;
|
||||
|
||||
// // lets see if we ran all the tests
|
||||
if (curTest == tests.length) {
|
||||
window.removeEventListener("message", receiveMessage);
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
// otherwise it's time to run the next test
|
||||
setCookieAndInitTest();
|
||||
}
|
||||
|
||||
function setupQueryResultAndRunTest() {
|
||||
let testframe = document.getElementById("testframe");
|
||||
testframe.src = tests[curTest].frameSRC;
|
||||
}
|
||||
|
||||
function setCookieAndInitTest() {
|
||||
var cookieImage = document.getElementById("cookieImage");
|
||||
cookieImage.onload = function() {
|
||||
ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
|
||||
setupQueryResultAndRunTest();
|
||||
}
|
||||
cookieImage.onerror = function() {
|
||||
ok(false, "could not load image for test (" + tests[curTest].description + ")");
|
||||
}
|
||||
cookieImage.src = tests[curTest].imgSRC;
|
||||
}
|
||||
|
||||
// fire up the test
|
||||
setCookieAndInitTest();
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
@ -3469,17 +3469,6 @@ nsCookieService::CanSetCookie(nsIURI* aHostURI,
|
||||
return newCookie;
|
||||
}
|
||||
|
||||
// If the new cookie is same-site but in a cross site context,
|
||||
// browser must ignore the cookie.
|
||||
if (aCookieAttributes.sameSite != nsICookie2::SAMESITE_UNSET &&
|
||||
aThirdPartyUtil) {
|
||||
bool isThirdParty = true;
|
||||
aThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isThirdParty);
|
||||
if (isThirdParty) {
|
||||
return newCookie;
|
||||
}
|
||||
}
|
||||
|
||||
aSetCookie = true;
|
||||
return newCookie;
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@
|
||||
#include "nsIPrefService.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsContentUtils.h"
|
||||
|
||||
using mozilla::Unused;
|
||||
|
||||
@ -76,33 +75,6 @@ SetACookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSp
|
||||
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
// Custom Cookie Generator specifically for the needs of same-site cookies!
|
||||
// Hands off unless you know exactly what you are doing!
|
||||
void
|
||||
SetASameSiteCookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, const char* aCookieString, const char *aServerTime)
|
||||
{
|
||||
nsCOMPtr<nsIURI> uri1, uri2;
|
||||
NS_NewURI(getter_AddRefs(uri1), aSpec1);
|
||||
if (aSpec2)
|
||||
NS_NewURI(getter_AddRefs(uri2), aSpec2);
|
||||
|
||||
// We create a dummy channel using the aSpec1 to simulate same-siteness
|
||||
nsCOMPtr<nsIScriptSecurityManager> ssm = nsContentUtils::GetSecurityManager();
|
||||
nsCOMPtr<nsIPrincipal> spec1Principal;
|
||||
nsCString tmpString(aSpec1);
|
||||
ssm->CreateCodebasePrincipalFromOrigin(tmpString, getter_AddRefs(spec1Principal));
|
||||
|
||||
nsCOMPtr<nsIChannel> dummyChannel;
|
||||
NS_NewChannel(getter_AddRefs(dummyChannel),
|
||||
uri1,
|
||||
spec1Principal,
|
||||
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
|
||||
nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, dummyChannel);
|
||||
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
void
|
||||
SetACookieNoHttp(nsICookieService *aCookieService, const char *aSpec, const char* aCookieString)
|
||||
{
|
||||
@ -801,17 +773,17 @@ TEST(TestCookie,TestCookieMain)
|
||||
|
||||
// Set cookies with various incantations of the samesite attribute:
|
||||
// No same site attribute present
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
|
||||
// samesite attribute present but with no value
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
|
||||
// samesite attribute present but with an empty value
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
|
||||
// samesite attribute present but with an invalid value
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
|
||||
// samesite=strict
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
|
||||
// samesite=lax
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
|
||||
|
||||
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator))));
|
||||
i = 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user