Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute

RESOLVED FIXED in Firefox 53

Status

()

Core
DOM: Security
P2
normal
RESOLVED FIXED
a year ago
11 months ago

People

(Reporter: timhuang, Assigned: jhao)

Tracking

(Blocks: 2 bugs)

unspecified
mozilla53
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox53 fixed)

Details

(Whiteboard: [OA-testing][userContextId][domsecurity-backlog2][tor-testing])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

a year ago
We need a mochitest to make sure that all containers share the same site permissions.

Updated

a year ago
Priority: -- → P2
Priority: P2 → P3
Whiteboard: [OA-testing][userContextId][domsecurity-backlog] → [OA-testing][userContextId][domsecurity-backlog2]

Updated

a year ago
Priority: P3 → P2

Updated

a year ago
Summary: Add a test case to test site permissions are universal across containers → Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute
Whiteboard: [OA-testing][userContextId][domsecurity-backlog2] → [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
Jonathan already wrote xpcshell tests for permissions in bug 1301617. We are going to implement mochitest in this bug.
See Also: → bug 1301617
Blocks: 1299996
See Also: → bug 1308607
Jonathan, when you have spare cycle, please take a look to see if you can provide a mochitest here.
Assignee: nobody → jhao
(Assignee)

Comment 3

a year ago
Created attachment 8816416 [details] [diff] [review]
Test if site permissions are universal across origin attributes.
Attachment #8816416 - Flags: review?(tanvi)

Comment 4

a year ago
Hi Jonathan,

This test looks like it is about cookie settings rather than permission settings.  Is this the wrong test, or am I missing something - i.e. are permissions stored internally in a cookie?
(Assignee)

Comment 5

a year ago
(In reply to Tanvi Vyas [:tanvi] from comment #4)
> Hi Jonathan,
> 
> This test looks like it is about cookie settings rather than permission
> settings.  Is this the wrong test, or am I missing something - i.e. are
> permissions stored internally in a cookie?

Hi Tanvi,

Services.perms.add is actually just an nsIPermissionManager.add().  Or is it not the kind of test you had in mind?
(Assignee)

Updated

11 months ago
Flags: needinfo?(tanvi)

Comment 6

11 months ago
Comment on attachment 8816416 [details] [diff] [review]
Test if site permissions are universal across origin attributes.

>+++ b/browser/components/originattributes/test/browser/browser_permissions.js
>@@ -0,0 +1,45 @@
>+const TEST_PAGE = "http://example.net";
>+const uri = Services.io.newURI(TEST_PAGE, null, null);
>+

Add a comment indicating that this test is testing the cookie "permission" for a specific URI.

>+function disableCookies() {
>+  Services.cookies.removeAll();
>+  Services.perms.add(uri, "cookie", Services.perms.DENY_ACTION);
>+}
>+
>+function ensureCookieNotSet(aBrowser) {
>+  dump("JONATHAN: " + Services.perms.testPermission(uri, "cookie") + "\n");
Remove dump

>+  ContentTask.spawn(aBrowser, null, function*() {
>+    content.document.cookie = "key=value";
>+    is(content.document.cookie, "",
>+       "Cookies should be disabled for all origin attributes");
Change to something like this:
"Setting/reading cookies should be disabled for this domain for all origin attribute combinations."
>+  });
>+}
>+
>+IsolationTestTools.runTests(TEST_PAGE, ensureCookieNotSet, () => true,
>+                            disableCookies);
>+
>+add_task(function* () {
>+  Services.cookies.removeAll();
>+  Services.perms.add(uri, "cookie", Services.perms.ALLOW_ACTION);
>+  dump("JONATHAN: task done\n");
>+});
What is this task for?  Just to clean up before the next test?  enableCookies() does the same thing though.
Please remove the dump.

>+
>+function enableCookies() {
>+  Services.cookies.removeAll();
>+  Services.perms.add(uri, "cookie", Services.perms.ALLOW_ACTION);
>+}
>+
>+function ensureCookieSet(aBrowser) {
>+  ContentTask.spawn(aBrowser, null, function() {
>+    content.document.cookie = "key=value";
>+    is(content.document.cookie, "key=value",
>+       "Cookies should be enabled for all origin attributes");
"Setting/reading cookies should be enabled for this domain for all origin attribute combinations."

>+  });
>+}
>+
>+IsolationTestTools.runTests(TEST_PAGE, ensureCookieSet, () => true,
>+                            enableCookies);
>+
>+registerCleanupFunction(() => {
>+    Services.cookies.removeAll();
>+});
>
Flags: needinfo?(tanvi)
Attachment #8816416 - Flags: review?(tanvi) → review+
(Assignee)

Comment 7

11 months ago
Created attachment 8821969 [details] [diff] [review]
Test if site permissions are universal across origin attributes.

Thanks, Tanvi.
Attachment #8821969 - Flags: review+
(Assignee)

Updated

11 months ago
Attachment #8816416 - Attachment is obsolete: true
(Assignee)

Updated

11 months ago
Keywords: checkin-needed
Status: NEW → ASSIGNED

Comment 8

11 months ago
Pushed by ihsiao@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/330262e55c87
Test if site permissions are universal across origin attributes. r=tanvi
Keywords: checkin-needed

Comment 9

11 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/330262e55c87
Status: ASSIGNED → RESOLVED
Last Resolved: 11 months ago
status-firefox53: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.