mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 07:13:20 +00:00
Bug 1521051 - Get rid of nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, r=johannh, r=flod
This commit is contained in:
parent
fb5e2a4f57
commit
8e0c688733
@ -131,8 +131,13 @@ var gPermissionManager = {
|
||||
this.buildPermissionsList();
|
||||
} else if (data == "changed") {
|
||||
let p = this._permissions.get(permission.principal.origin);
|
||||
p.capability = permission.capability;
|
||||
this._handleCapabilityChange(p);
|
||||
// Maybe this item has been excluded before because it had an invalid capability.
|
||||
if (p) {
|
||||
p.capability = permission.capability;
|
||||
this._handleCapabilityChange(p);
|
||||
} else {
|
||||
this._addPermissionToList(permission);
|
||||
}
|
||||
this.buildPermissionsList();
|
||||
} else if (data == "deleted") {
|
||||
this._removePermissionFromList(permission.principal.origin);
|
||||
@ -144,6 +149,12 @@ var gPermissionManager = {
|
||||
document.l10n.setAttributes(permissionlistitem.querySelector(".website-capability-value"), this._getCapabilityL10nId(perm.capability));
|
||||
},
|
||||
|
||||
_isCapabilitySupported(capability) {
|
||||
return capability == Ci.nsIPermissionManager.ALLOW_ACTION ||
|
||||
capability == Ci.nsIPermissionManager.DENY_ACTION ||
|
||||
capability == Ci.nsICookiePermission.ACCESS_SESSION;
|
||||
},
|
||||
|
||||
_getCapabilityL10nId(capability) {
|
||||
let stringKey = null;
|
||||
switch (capability) {
|
||||
@ -153,9 +164,6 @@ var gPermissionManager = {
|
||||
case Ci.nsIPermissionManager.DENY_ACTION:
|
||||
stringKey = "permissions-capabilities-listitem-block";
|
||||
break;
|
||||
case Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY:
|
||||
stringKey = "permissions-capabilities-listitem-allow-first-party";
|
||||
break;
|
||||
case Ci.nsICookiePermission.ACCESS_SESSION:
|
||||
stringKey = "permissions-capabilities-listitem-allow-session";
|
||||
break;
|
||||
@ -168,6 +176,9 @@ var gPermissionManager = {
|
||||
_addPermissionToList(perm) {
|
||||
if (perm.type !== this._type)
|
||||
return;
|
||||
if (!this._isCapabilitySupported(perm.capability))
|
||||
return;
|
||||
|
||||
let p = new Permission(perm.principal, perm.type, perm.capability);
|
||||
this._permissions.set(p.origin, p);
|
||||
},
|
||||
|
@ -60,8 +60,6 @@ permissions-capabilities-listitem-allow =
|
||||
.value = Allow
|
||||
permissions-capabilities-listitem-block =
|
||||
.value = Block
|
||||
permissions-capabilities-listitem-allow-first-party =
|
||||
.value = Allow first party only
|
||||
permissions-capabilities-listitem-allow-session =
|
||||
.value = Allow for Session
|
||||
|
||||
|
@ -799,8 +799,7 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
|
||||
// If we have the 'cookie' permission for this principal, let's return
|
||||
// immediately.
|
||||
let p = Services.perms.testPermissionFromPrincipal(principal, "cookie");
|
||||
if (p == Ci.nsICookiePermission.ACCESS_ALLOW ||
|
||||
p == Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY) {
|
||||
if (p == Ci.nsICookiePermission.ACCESS_ALLOW) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -8174,14 +8174,6 @@ void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
|
||||
case nsICookiePermission::ACCESS_SESSION:
|
||||
*aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
|
||||
break;
|
||||
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
|
||||
// NOTE: The decision was made here to override the lifetime policy to be
|
||||
// ACCEPT_NORMALLY for consistency with ACCESS_ALLOW, but this does
|
||||
// prevent us from expressing BEHAVIOR_REJECT_FOREIGN/ACCEPT_SESSION for a
|
||||
// specific domain. As BEHAVIOR_REJECT_FOREIGN isn't visible in our UI,
|
||||
// this is probably not an issue.
|
||||
*aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -50,4 +50,3 @@ skip-if = true # bug 1347690
|
||||
skip-if = toolkit == 'android'
|
||||
[test_storageConstructor.html]
|
||||
[test_localStorageSessionPrefOverride.html]
|
||||
[test_firstPartyOnlyPermission.html]
|
||||
|
@ -1,62 +0,0 @@
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>first party storage permission test</title>
|
||||
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script type="text/javascript">
|
||||
TRY_ACCESS_SESSION_STORAGE =
|
||||
'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
|
||||
|
||||
add_task(async function() {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
|
||||
});
|
||||
|
||||
try {
|
||||
sessionStorage.setItem("blocked", "blocked");
|
||||
ok(false, "Shouldn't be available yet");
|
||||
} catch (ex) {
|
||||
ok(true, "Shouldn't be available yet");
|
||||
}
|
||||
|
||||
await new Promise(resolve => SpecialPowers.pushPermissions([{
|
||||
type: 'cookie',
|
||||
allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
|
||||
context: document,
|
||||
}], resolve));
|
||||
|
||||
// With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
|
||||
// able to run it from this iframe (as we are first party with the test
|
||||
// runner parent document).
|
||||
try {
|
||||
sessionStorage.setItem("blocked", "blocked");
|
||||
ok(true, "Should be available");
|
||||
} catch (ex) {
|
||||
ok(false, "Should be available");
|
||||
}
|
||||
|
||||
// A third party iframe should not have access however.
|
||||
await new Promise(resolve => {
|
||||
window.onmessage = evt => {
|
||||
window.onmessage = null;
|
||||
is(evt.data, "sessionStorage=false");
|
||||
resolve();
|
||||
};
|
||||
|
||||
let iframe = document.createElement('iframe');
|
||||
iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
|
||||
document.body.appendChild(iframe);
|
||||
});
|
||||
});
|
||||
|
||||
</script>
|
||||
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -158,7 +158,6 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
|
||||
|
||||
uint32_t perm;
|
||||
mPermMgr->TestPermission(aURI, kPermissionType, &perm);
|
||||
bool isThirdParty = false;
|
||||
switch (perm) {
|
||||
case nsICookiePermission::ACCESS_SESSION:
|
||||
*aIsSession = true;
|
||||
@ -172,17 +171,8 @@ nsCookiePermission::CanSetCookie(nsIURI *aURI, nsIChannel *aChannel,
|
||||
*aResult = false;
|
||||
break;
|
||||
|
||||
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
|
||||
mThirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &isThirdParty);
|
||||
// If it's third party, we can't set the cookie
|
||||
if (isThirdParty) *aResult = false;
|
||||
break;
|
||||
|
||||
default:
|
||||
// the permission manager has nothing to say about this cookie -
|
||||
// so, we apply the default prefs to it.
|
||||
NS_ASSERTION(perm == nsIPermissionManager::UNKNOWN_ACTION,
|
||||
"unknown permission");
|
||||
// Here we can have any legacy permission value.
|
||||
|
||||
// now we need to figure out what type of accept policy we're dealing with
|
||||
// if we accept cookies normally, just bail and return
|
||||
|
@ -4068,18 +4068,6 @@ CookieStatus nsCookieService::CheckPrefs(
|
||||
|
||||
case nsICookiePermission::ACCESS_ALLOW:
|
||||
return STATUS_ACCEPTED;
|
||||
|
||||
case nsICookiePermission::ACCESS_ALLOW_FIRST_PARTY_ONLY:
|
||||
if (aIsForeign) {
|
||||
COOKIE_LOGFAILURE(aCookieHeader ? SET_COOKIE : GET_COOKIE, aHostURI,
|
||||
aCookieHeader,
|
||||
"third party cookies are blocked "
|
||||
"for this site");
|
||||
*aRejectedReason =
|
||||
nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION;
|
||||
return STATUS_REJECTED;
|
||||
}
|
||||
return STATUS_ACCEPTED;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -31,11 +31,11 @@ interface nsICookiePermission : nsISupports
|
||||
* any methods on this interface.
|
||||
*/
|
||||
const nsCookieAccess ACCESS_SESSION = 8;
|
||||
const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
|
||||
|
||||
/**
|
||||
* Don't use value 10! It used to be ACCESS_LIMIT_THIRD_PARTY, now removed,
|
||||
* but maybe still stored in some ancient user profiles.
|
||||
* Don't use values 9 and 10! They used to be ACCESS_ALLOW_FIRST_PARTY_ONLY
|
||||
* and ACCESS_LIMIT_THIRD_PARTY, now removed, but maybe still stored in some
|
||||
* ancient user profiles.
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -14,7 +14,6 @@ const DENY_ACTION = SpecialPowers.Ci.nsIPermissionManager.DENY_ACTION;
|
||||
const UNKNOWN_ACTION = SpecialPowers.Ci.nsIPermissionManager.UNKNOWN_ACTION;
|
||||
const PROMPT_ACTION = SpecialPowers.Ci.nsIPermissionManager.PROMPT_ACTION;
|
||||
const ACCESS_SESSION = SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION;
|
||||
const ACCESS_ALLOW_FIRST_PARTY_ONLY = SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
|
||||
|
||||
const EXPIRE_TIME = SpecialPowers.Ci.nsIPermissionManager.EXPIRE_TIME;
|
||||
// expire Setting:
|
||||
@ -36,7 +35,6 @@ function starttest(){
|
||||
SpecialPowers.addPermission("pDENY", DENY_ACTION, document);
|
||||
SpecialPowers.addPermission("pREMOVE", ALLOW_ACTION, document);
|
||||
SpecialPowers.addPermission("pSESSION", ACCESS_SESSION, document);
|
||||
SpecialPowers.addPermission("pFIRSTPARTY", ACCESS_ALLOW_FIRST_PARTY_ONLY, document);
|
||||
|
||||
setTimeout(test1, 0);
|
||||
}
|
||||
@ -59,9 +57,6 @@ function test1() {
|
||||
} else if (!SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document)) {
|
||||
dump('/**** ACCESS_SESSION not set ****/\n');
|
||||
setTimeout(test1, 0);
|
||||
} else if (!SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document)) {
|
||||
dump('/**** ACCESS_ALLOW_FIRST_PARTY_ONLY not set ****/\n');
|
||||
setTimeout(test1, 0);
|
||||
} else {
|
||||
test2();
|
||||
}
|
||||
@ -69,7 +64,14 @@ function test1() {
|
||||
|
||||
function test2() {
|
||||
ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN value should have UNKOWN permission');
|
||||
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': true, 'context': document}, {'type': 'pSESSION', 'allow': true, 'context': document}, {'type': 'pFIRSTPARTY', 'allow': true, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3);
|
||||
SpecialPowers.pushPermissions([
|
||||
{'type': 'pUNKNOWN', 'allow': true, 'context': document},
|
||||
{'type': 'pALLOW', 'allow': false, 'context': document},
|
||||
{'type': 'pDENY', 'allow': true, 'context': document},
|
||||
{'type': 'pPROMPT', 'allow': true, 'context': document},
|
||||
{'type': 'pSESSION', 'allow': true, 'context': document},
|
||||
{'type': 'pREMOVE', 'remove': true, 'context': document},
|
||||
], test3);
|
||||
}
|
||||
|
||||
function test3() {
|
||||
@ -79,15 +81,25 @@ function test3() {
|
||||
ok(SpecialPowers.testPermission('pDENY', ALLOW_ACTION, document), 'pDENY should have ALLOW permission');
|
||||
ok(SpecialPowers.testPermission('pREMOVE', UNKNOWN_ACTION, document), 'pREMOVE should have REMOVE permission');
|
||||
ok(SpecialPowers.testPermission('pSESSION', ALLOW_ACTION, document), 'pSESSION should have ALLOW permission');
|
||||
ok(SpecialPowers.testPermission('pFIRSTPARTY', ALLOW_ACTION, document), 'pFIRSTPARTY should have ALLOW permission');
|
||||
|
||||
// only pPROMPT (last one) is different, the other stuff is just to see if it doesn't cause test failures
|
||||
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': true, 'context': document}, {'type': 'pALLOW', 'allow': false, 'context': document}, {'type': 'pDENY', 'allow': true, 'context': document}, {'type': 'pPROMPT', 'allow': false, 'context': document}, {'type': 'pREMOVE', 'remove': true, 'context': document}], test3b);
|
||||
SpecialPowers.pushPermissions([
|
||||
{'type': 'pUNKNOWN', 'allow': true, 'context': document},
|
||||
{'type': 'pALLOW', 'allow': false, 'context': document},
|
||||
{'type': 'pDENY', 'allow': true, 'context': document},
|
||||
{'type': 'pPROMPT', 'allow': false, 'context': document},
|
||||
{'type': 'pREMOVE', 'remove': true, 'context': document},
|
||||
], test3b);
|
||||
}
|
||||
|
||||
function test3b() {
|
||||
ok(SpecialPowers.testPermission('pPROMPT', DENY_ACTION, document), 'pPROMPT value should have DENY permission');
|
||||
SpecialPowers.pushPermissions([{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document}, {'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document}, {'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document}], test4);
|
||||
SpecialPowers.pushPermissions([
|
||||
{'type': 'pUNKNOWN', 'allow': DENY_ACTION, 'context': document},
|
||||
{'type': 'pALLOW', 'allow': PROMPT_ACTION, 'context': document},
|
||||
{'type': 'pDENY', 'allow': PROMPT_ACTION, 'context': document},
|
||||
{'type': 'pPROMPT', 'allow': ALLOW_ACTION, 'context': document},
|
||||
], test4);
|
||||
}
|
||||
|
||||
function test4() {
|
||||
@ -99,7 +111,6 @@ function test4() {
|
||||
SpecialPowers.flushPermissions(test5);
|
||||
}
|
||||
|
||||
|
||||
function test5() {
|
||||
ok(SpecialPowers.testPermission('pUNKNOWN', UNKNOWN_ACTION, document), 'pUNKNOWN should have UNKNOWN permission');
|
||||
ok(SpecialPowers.testPermission('pALLOW', ALLOW_ACTION, document), 'pALLOW should have ALLOW permission');
|
||||
@ -107,14 +118,12 @@ function test5() {
|
||||
ok(SpecialPowers.testPermission('pPROMPT', PROMPT_ACTION, document), 'pPROMPT should have PROMPT permission');
|
||||
ok(SpecialPowers.testPermission('pREMOVE', ALLOW_ACTION, document), 'pREMOVE should have ALLOW permission');
|
||||
ok(SpecialPowers.testPermission('pSESSION', ACCESS_SESSION, document), 'pSESSION should have ACCESS_SESSION permission');
|
||||
ok(SpecialPowers.testPermission('pFIRSTPARTY', ACCESS_ALLOW_FIRST_PARTY_ONLY, document), 'pFIRSTPARTY should have ACCESS_ALLOW_FIRST_PARTY_ONLY permission');
|
||||
|
||||
SpecialPowers.removePermission("pPROMPT", document);
|
||||
SpecialPowers.removePermission("pALLOW", document);
|
||||
SpecialPowers.removePermission("pDENY", document);
|
||||
SpecialPowers.removePermission("pREMOVE", document);
|
||||
SpecialPowers.removePermission("pSESSION", document);
|
||||
SpecialPowers.removePermission("pFIRSTPARTY", document);
|
||||
|
||||
setTimeout(test6, 0);
|
||||
}
|
||||
@ -135,9 +144,6 @@ function test6() {
|
||||
} else if (!SpecialPowers.testPermission('pSESSION', UNKNOWN_ACTION, document)) {
|
||||
dump('/**** pSESSION still set ****/\n');
|
||||
setTimeout(test6, 0);
|
||||
} else if (!SpecialPowers.testPermission('pFIRSTPARTY', UNKNOWN_ACTION, document)) {
|
||||
dump('/**** pFIRSTPARTY still set ****/\n');
|
||||
setTimeout(test6, 0);
|
||||
} else {
|
||||
test7();
|
||||
}
|
||||
|
@ -802,8 +802,6 @@ SpecialPowersAPI.prototype = {
|
||||
originalValue = Ci.nsIPermissionManager.PROMPT_ACTION;
|
||||
} else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_SESSION, context)) {
|
||||
originalValue = Ci.nsICookiePermission.ACCESS_SESSION;
|
||||
} else if (this.testPermission(permission.type, Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, context)) {
|
||||
originalValue = Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY;
|
||||
}
|
||||
|
||||
let principal = this._getPrincipalFromArg(context);
|
||||
|
Loading…
Reference in New Issue
Block a user