mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-11-10 05:08:36 +02:00
1ca91dd7ab
Granted origins cause a third-party tracker browsing context to not get full first-party storage access after successfully calling the storage access API or a heuristic granting ephemeral access. For example, after https://tracker.example calls the storage access API successfully in the third-party context, they embed https://other-tracker.example, and that load fails because of ETP restrictions. Here what happens is that https://other-tracker.example is mistakenly considered the granted origin, and because such a permission doesn't exist, access is denied. Differential Revision: https://phabricator.services.mozilla.com/D57493 --HG-- extra : moz-landing-system : lando
189 lines
4.5 KiB
JavaScript
189 lines
4.5 KiB
JavaScript
/* Any copyright is dedicated to the Public Domain.
|
|
http://creativecommons.org/publicdomain/zero/1.0/ */
|
|
|
|
/**
|
|
* Tests for permissions
|
|
*/
|
|
|
|
"use strict";
|
|
|
|
add_task(async function test_all_permissions() {
|
|
const uri = Services.io.newURI("https://example.net");
|
|
const principal = Services.scriptSecurityManager.createContentPrincipal(
|
|
uri,
|
|
{}
|
|
);
|
|
|
|
Services.perms.addFromPrincipal(
|
|
principal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) != null
|
|
);
|
|
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteData(
|
|
Ci.nsIClearDataService.CLEAR_PERMISSIONS,
|
|
value => {
|
|
Assert.equal(value, 0);
|
|
aResolve();
|
|
}
|
|
);
|
|
});
|
|
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) == null
|
|
);
|
|
});
|
|
|
|
add_task(async function test_principal_permissions() {
|
|
const uri = Services.io.newURI("https://example.net");
|
|
const principal = Services.scriptSecurityManager.createContentPrincipal(
|
|
uri,
|
|
{}
|
|
);
|
|
|
|
const anotherUri = Services.io.newURI("https://example.com");
|
|
const anotherPrincipal = Services.scriptSecurityManager.createContentPrincipal(
|
|
anotherUri,
|
|
{}
|
|
);
|
|
|
|
Services.perms.addFromPrincipal(
|
|
principal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
anotherPrincipal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) != null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null
|
|
);
|
|
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteDataFromPrincipal(
|
|
principal,
|
|
true /* user request */,
|
|
Ci.nsIClearDataService.CLEAR_PERMISSIONS,
|
|
value => {
|
|
Assert.equal(value, 0);
|
|
aResolve();
|
|
}
|
|
);
|
|
});
|
|
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) == null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null
|
|
);
|
|
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteData(
|
|
Ci.nsIClearDataService.CLEAR_PERMISSIONS,
|
|
value => aResolve()
|
|
);
|
|
});
|
|
});
|
|
|
|
add_task(async function test_3rdpartystorage_permissions() {
|
|
const uri = Services.io.newURI("https://example.net");
|
|
const principal = Services.scriptSecurityManager.createContentPrincipal(
|
|
uri,
|
|
{}
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
principal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
|
|
const anotherUri = Services.io.newURI("https://example.com");
|
|
const anotherPrincipal = Services.scriptSecurityManager.createContentPrincipal(
|
|
anotherUri,
|
|
{}
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
anotherPrincipal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
anotherPrincipal,
|
|
"3rdPartyStorage^https://example.net",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
|
|
const oneMoreUri = Services.io.newURI("https://example.org");
|
|
const oneMorePrincipal = Services.scriptSecurityManager.createContentPrincipal(
|
|
oneMoreUri,
|
|
{}
|
|
);
|
|
Services.perms.addFromPrincipal(
|
|
oneMorePrincipal,
|
|
"cookie",
|
|
Services.perms.ALLOW_ACTION
|
|
);
|
|
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) != null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(
|
|
anotherPrincipal,
|
|
"3rdPartyStorage^https://example.net",
|
|
true
|
|
) != null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
|
|
);
|
|
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteDataFromPrincipal(
|
|
principal,
|
|
true /* user request */,
|
|
Ci.nsIClearDataService.CLEAR_PERMISSIONS,
|
|
value => {
|
|
Assert.equal(value, 0);
|
|
aResolve();
|
|
}
|
|
);
|
|
});
|
|
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(principal, "cookie", true) == null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(
|
|
anotherPrincipal,
|
|
"3rdPartyStorage^https://example.net",
|
|
true
|
|
) == null
|
|
);
|
|
Assert.ok(
|
|
Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
|
|
);
|
|
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteData(
|
|
Ci.nsIClearDataService.CLEAR_PERMISSIONS,
|
|
value => aResolve()
|
|
);
|
|
});
|
|
});
|