Bug 1579373 - Disabled geolocation permission for crossorigin iframe by default and add tests r=baku

Differential Revision: https://phabricator.services.mozilla.com/D45174

--HG--
extra : moz-landing-system : lando

browser/base/content/test/permissions/browser_temporary_permissions.js

@@ -67,6 +67,19 @@ add_task(async function testTempPermissionSubframes() {
       "popupshown"
     );
 
+    await new Promise(r => {
+      SpecialPowers.pushPrefEnv(
+        {
+          set: [
+            ["dom.security.featurePolicy.enabled", true],
+            ["dom.security.featurePolicy.header.enabled", true],
+            ["dom.security.featurePolicy.webidl.enabled", true],
+          ],
+        },
+        r
+      );
+    });
+
     // Request a permission.
     await ContentTask.spawn(browser, uri.host, async function(host0) {
       // FIXME(Fission): The load event fires before cross-origin iframes have

browser/base/content/test/permissions/temporary_permissions_subframe.html

@@ -5,6 +5,6 @@
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8"></meta>
 </head>
 <body>
-  <iframe id="frame" src="https://example.org/browser/browser/base/content/test/permissions/permissions.html" />
+  <iframe id="frame" src="https://example.org/browser/browser/base/content/test/permissions/permissions.html" allow="geolocation"/>
 </body>
 </html>

dom/security/featurepolicy/FeaturePolicyUtils.cpp

@@ -33,7 +33,7 @@ static FeatureMap sSupportedFeatures[] = {
     {"camera", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"encrypted-media", FeaturePolicyUtils::FeaturePolicyValue::eAll},
     {"fullscreen", FeaturePolicyUtils::FeaturePolicyValue::eAll},
-    {"geolocation", FeaturePolicyUtils::FeaturePolicyValue::eAll},
+    {"geolocation", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"microphone", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"midi", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"payment", FeaturePolicyUtils::FeaturePolicyValue::eAll},

dom/security/featurepolicy/test/mochitest/test_parser.html

@@ -75,12 +75,12 @@ function test_iframe_without_allow() {
   is(allowed.length, 1, "Only 1 entry in allowlist for camera");
   is(allowed[0], location.origin, "allowlist is 'self'");
 
-  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for all");
-  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
-  ok(ifr.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for any random URL");
+  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
+  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
+  ok(!ifr.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is not allowed for any random URL");
   allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
   is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
-  is(allowed[0], "*", "allowlist is '*'");
+  is(allowed[0], location.origin, "allowlist is '*'");
 
   ok(!ifr.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
   ok(!ifr.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
@@ -120,12 +120,12 @@ function test_iframe_with_allow() {
   let allowed = ifr.featurePolicy.getAllowlistForFeature("camera");
   is(allowed.length, 0, "Camera has an empty allowlist");
 
-  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for all");
-  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
-  ok(ifr.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for all");
+  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
+  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
+  ok(!ifr.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is not allowed for any random URL");
   allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
   is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
-  is(allowed[0], "*", "allowlist is '*'");
+  is(allowed[0], location.origin, "allowlist is '*'");
 
   ok(!ifr.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
   ok(!ifr.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
@@ -164,12 +164,12 @@ function test_iframe_contentDocument() {
     is(allowed.length, 1, "Only 1 entry in allowlist for camera");
     is(allowed[0], location.origin, "allowlist is 'self'");
 
-    ok(ifr.contentDocument.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for all");
-    ok(ifr.contentDocument.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
-    ok(ifr.contentDocument.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for any random URL");
-    allowed = ifr.contentDocument.featurePolicy.getAllowlistForFeature("geolocation");
+    ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
+    ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
+    ok(!ifr.featurePolicy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is not allowed for any random URL");
+    allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
     is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
-    is(allowed[0], "*", "allowlist is '*'");
+    is(allowed[0], location.origin, "allowlist is '*'");
 
     ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
     ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");

dom/tests/mochitest/geolocation/crossorigin_iframe.html

@@ -0,0 +1,33 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+<pre id="test">
+<script type="application/javascript">
+/**
+  Runs inside iframe in test_crossorigin_iframe.html.
+*/
+
+const BASE_GEO_URL = "http://mochi.test:8888/tests/dom/tests/mochitest/geolocation/network_geolocation.sjs";
+var pushPrefs = (...p) => SpecialPowers.pushPrefEnv({set: p});
+
+(async () => {
+  await pushPrefs(["geo.wifi.debug.requestCache.enabled", false],
+                  ["geo.prompt.testing",                   true],
+                  ["geo.prompt.testing.allow",             true],
+                  ["geo.wifi.uri",                 BASE_GEO_URL]);
+
+  navigator.geolocation.getCurrentPosition(() => {
+    navigator.geolocation.watchPosition(() => {
+      parent.postMessage("allowed", "*");
+    }, () => {
+      parent.postMessage("denied", "*");
+    });
+  }, () => {
+    parent.postMessage("denied", "*");
+  });
+
+})().catch(e => setTimeout(() => { throw e; }));
+</script>
+</pre>
+</body>
+</html>

dom/tests/mochitest/geolocation/mochitest.ini

@@ -15,6 +15,8 @@ support-files =
 [test_clearWatch.html]
 [test_clearWatchBeforeAllowing.html]
 [test_clearWatch_invalid.html]
+[test_crossorigin_iframe.html]
+support-files = crossorigin_iframe.html
 [test_errorcheck.html]
 [test_geolocation_is_undefined_when_pref_is_off.html]
 support-files = test_geolocation_is_undefined_when_pref_is_off_iframe.html

dom/tests/mochitest/geolocation/test_crossorigin_iframe.html

@@ -0,0 +1,62 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test for geolocation is disabled by default, and set
+    allow="geolocation" in iframe could enable geolcation</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+var tests = [
+  // default cross-origin permission is denied
+  [ null, "denied" ],
+  [ "geolocation", "allowed"],
+];
+
+function checkGeolocationResult(test) {
+  return new Promise(resolve => {
+    function onMessage(event) {
+      is(event.data, test[1], "Expected " + test[1] + " for " + test[0]);
+      window.removeEventListener("message", onMessage);
+      resolve();
+    }
+
+    window.addEventListener("message", onMessage);
+  });
+}
+
+async function nextTest() {
+  if (tests.length == 0) {
+    SimpleTest.finish();
+    return;
+  }
+
+  let test = tests.shift();
+
+  var iframe = document.createElement("iframe");
+  if (test[0]) {
+    iframe.allow = test[0];
+  }
+
+  let geolocationPromise = checkGeolocationResult(test);
+  iframe.src =
+    "https://example.org/tests/dom/tests/mochitest/geolocation/crossorigin_iframe.html";
+  document.body.appendChild(iframe);
+  await geolocationPromise;
+
+  document.body.removeChild(iframe);
+  SimpleTest.executeSoon(nextTest);
+}
+
+SpecialPowers.pushPrefEnv({"set": [
+  ["dom.security.featurePolicy.enabled", true],
+  ["dom.security.featurePolicy.header.enabled", true],
+  ["dom.security.featurePolicy.webidl.enabled", true],
+]}).then(nextTest);
+</script>
+</body>
+</html>