Closed Bug 1264577 Opened 9 years ago Closed 8 years ago

Tests for first-party isolation of cache (Tor 13749)

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox52 --- fixed

People

(Reporter: jhao, Assigned: timhuang)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10])

Attachments

(1 file, 1 obsolete file)

Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749).
58 bytes, text/x-review-board-request
arthur
: review+
mayhemer
: review+
Details
Attached patch Tor Browser WIP patch. (obsolete) — Splinter Review
Tor Browser tests for first-party isolation of cache. https://torpat.ch/13749
Whiteboard: [tor][OA] → [tor][OA][domsecurity-backlog]
Depends on: containers_testing
Blocks: containers_testing
No longer depends on: containers_testing
Whiteboard: [tor][OA][domsecurity-backlog] → [tor][OA-testing][domsecurity-backlog]
Whiteboard: [tor][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog]
Priority: -- → P1
Assignee: nobody → tihuang
Status: NEW → ASSIGNED
Just for reference, there is a unit test for http cache isolation (by origin attributes). http://searchfox.org/mozilla-central/source/netwerk/test/unit/test_cache_jar.js
Depends on: 1289319
Priority: P1 → P3
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog1]
Priority: P3 → P1
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1] → [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
Priority: P1 → P2
Tim, I'm looking for something to pick up, so I think I'll take this one if you don't mind. --dave
Assignee: tihuang → huseby
Assignee: huseby → nobody
Status: ASSIGNED → NEW
Assignee: nobody → tihuang
Priority: P2 → P1
Status: NEW → ASSIGNED
Something we justed added in Tor Browser is an extra patch and test to ensure that SharedWorker scripts are requested and cached with the correct first-party: patch: https://gitweb.torproject.org/tor-browser.git/patch/?id=22e6c33 test: https://gitweb.torproject.org/tor-browser.git/patch/?id=cb2bd1d
See Also: → 1311271
Comment on attachment 8803753 [details] Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749). https://reviewboard.mozilla.org/r/87890/#review87182 See minor nits, but otherwise looks good to me. Thanks, Tim! ::: browser/components/originattributes/test/browser/browser_cache.js:2 (Diff revision 1) > +/* > + * Bug 1264577 - A test case for testing caches. I would add more description here, something about how it is testing container/first-party isolation of caches and correct origin attributes assigned to network requests. ::: browser/components/originattributes/test/browser/browser_cache.js:117 (Diff revision 1) > +let stopObservingChannels; > + > +// The init function, which clears image and network caches, and generates > +// the random value for isolating video and audio elements across different > +// test runs. > +function* doInit(aMode) { This function definition has a lot of empty lines. Maybe remove them? ::: browser/components/originattributes/test/browser/browser_cache.js:138 (Diff revision 1) > +// In the test function, we dynamically generate the video and audio element, > +// and assign a random suffix to their URL to isolate them across different > +// test runs. > +function* doTest(aBrowser) { > + > + let argObj = { Is this necessary? It seems like you should be able to pass the randomSuffix and urlPrefix in to the following spawned task as closures without an argObj. ::: browser/components/originattributes/test/browser/browser_cache.js:205 (Diff revision 1) > + > + for (let suffix of suffixes) { > + let foundEntryCount = countMatchingCacheEntries(data, "example.net", suffix); > + let result = (suffix.startsWith("video") || suffix.startsWith("audio")) ? > + // Video and audio elements aren't always cached, so > + // tolerate fewer cached copies. Is this still true? If not, maybe remove this special case?
Attachment #8803753 - Flags: review?(arthuredelstein) → review+
(In reply to Arthur Edelstein [:arthuredelstein] from comment #5) > > + let argObj = { > > Is this necessary? It seems like you should be able to pass the randomSuffix > and urlPrefix in to the following spawned task as closures without an argObj. I see now that a closure doesn't work here, so this comment was wrong.
Comment on attachment 8803753 [details] Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749). https://reviewboard.mozilla.org/r/87890/#review87754 very nice!
Attachment #8803753 - Flags: review?(honzab.moz) → review+
Depends on: 1304219
Attachment #8741299 - Attachment is obsolete: true
Try looks good.
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/4128e57e39bd Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749). r=mayhemer, r=arthuredelstein
Keywords: checkin-needed
Depends on: 1315579
https://hg.mozilla.org/mozilla-central/rev/4128e57e39bd
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: