Closed
Bug 1282655
Opened 8 years ago
Closed 8 years ago
Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute
Categories
(Core :: DOM: Security, defect, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla53
Tracking | Status | |
---|---|---|
firefox53 | --- | fixed |
People
(Reporter: timhuang, Assigned: jhao)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [OA-testing][userContextId][domsecurity-backlog2][tor-testing])
Attachments
(1 file, 1 obsolete file)
2.46 KB,
patch
|
jhao
:
review+
|
Details | Diff | Splinter Review |
We need a mochitest to make sure that all containers share the same site permissions.
Updated•8 years ago
|
Priority: -- → P2
Updated•8 years ago
|
Priority: P2 → P3
Whiteboard: [OA-testing][userContextId][domsecurity-backlog] → [OA-testing][userContextId][domsecurity-backlog2]
Updated•8 years ago
|
Priority: P3 → P2
Updated•8 years ago
|
Summary: Add a test case to test site permissions are universal across containers → Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute
Updated•8 years ago
|
Whiteboard: [OA-testing][userContextId][domsecurity-backlog2] → [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
Comment 1•8 years ago
|
||
Jonathan already wrote xpcshell tests for permissions in bug 1301617. We are going to implement mochitest in this bug.
See Also: → 1301617
Updated•8 years ago
|
Blocks: FirstPartyIsolation
Comment 2•8 years ago
|
||
Jonathan, when you have spare cycle, please take a look to see if you can provide a mochitest here.
Assignee: nobody → jhao
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8816416 -
Flags: review?(tanvi)
Comment 4•8 years ago
|
||
Hi Jonathan,
This test looks like it is about cookie settings rather than permission settings. Is this the wrong test, or am I missing something - i.e. are permissions stored internally in a cookie?
Assignee | ||
Comment 5•8 years ago
|
||
(In reply to Tanvi Vyas [:tanvi] from comment #4)
> Hi Jonathan,
>
> This test looks like it is about cookie settings rather than permission
> settings. Is this the wrong test, or am I missing something - i.e. are
> permissions stored internally in a cookie?
Hi Tanvi,
Services.perms.add is actually just an nsIPermissionManager.add(). Or is it not the kind of test you had in mind?
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(tanvi)
Comment 6•8 years ago
|
||
Comment on attachment 8816416 [details] [diff] [review]
Test if site permissions are universal across origin attributes.
>+++ b/browser/components/originattributes/test/browser/browser_permissions.js
>@@ -0,0 +1,45 @@
>+const TEST_PAGE = "http://example.net";
>+const uri = Services.io.newURI(TEST_PAGE, null, null);
>+
Add a comment indicating that this test is testing the cookie "permission" for a specific URI.
>+function disableCookies() {
>+ Services.cookies.removeAll();
>+ Services.perms.add(uri, "cookie", Services.perms.DENY_ACTION);
>+}
>+
>+function ensureCookieNotSet(aBrowser) {
>+ dump("JONATHAN: " + Services.perms.testPermission(uri, "cookie") + "\n");
Remove dump
>+ ContentTask.spawn(aBrowser, null, function*() {
>+ content.document.cookie = "key=value";
>+ is(content.document.cookie, "",
>+ "Cookies should be disabled for all origin attributes");
Change to something like this:
"Setting/reading cookies should be disabled for this domain for all origin attribute combinations."
>+ });
>+}
>+
>+IsolationTestTools.runTests(TEST_PAGE, ensureCookieNotSet, () => true,
>+ disableCookies);
>+
>+add_task(function* () {
>+ Services.cookies.removeAll();
>+ Services.perms.add(uri, "cookie", Services.perms.ALLOW_ACTION);
>+ dump("JONATHAN: task done\n");
>+});
What is this task for? Just to clean up before the next test? enableCookies() does the same thing though.
Please remove the dump.
>+
>+function enableCookies() {
>+ Services.cookies.removeAll();
>+ Services.perms.add(uri, "cookie", Services.perms.ALLOW_ACTION);
>+}
>+
>+function ensureCookieSet(aBrowser) {
>+ ContentTask.spawn(aBrowser, null, function() {
>+ content.document.cookie = "key=value";
>+ is(content.document.cookie, "key=value",
>+ "Cookies should be enabled for all origin attributes");
"Setting/reading cookies should be enabled for this domain for all origin attribute combinations."
>+ });
>+}
>+
>+IsolationTestTools.runTests(TEST_PAGE, ensureCookieSet, () => true,
>+ enableCookies);
>+
>+registerCleanupFunction(() => {
>+ Services.cookies.removeAll();
>+});
>
Flags: needinfo?(tanvi)
Attachment #8816416 -
Flags: review?(tanvi) → review+
Assignee | ||
Updated•8 years ago
|
Attachment #8816416 -
Attachment is obsolete: true
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Updated•8 years ago
|
Status: NEW → ASSIGNED
Pushed by ihsiao@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/330262e55c87
Test if site permissions are universal across origin attributes. r=tanvi
Keywords: checkin-needed
Comment 9•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in
before you can comment on or make changes to this bug.
Description
•