tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_favicon_credentials.js (2429B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 const ROOT_DIR = getRootDirectory(gTestPath);
      5 
      6 const EXAMPLE_NET_ROOT = ROOT_DIR.replace(
      7  "chrome://mochitests/content/",
      8  "https://example.net/"
      9 );
     10 
     11 const EXAMPLE_COM_ROOT = ROOT_DIR.replace(
     12  "chrome://mochitests/content/",
     13  "https://example.com/"
     14 );
     15 
     16 const FAVICON_URL = EXAMPLE_COM_ROOT + "credentials.png";
     17 
     18 // Bug 1746646: Make mochitests work with TCP enabled (cookieBehavior = 5)
     19 // All instances of addPermission and removePermission set up 3rd-party storage
     20 // access in a way that allows the test to proceed with TCP enabled.
     21 
     22 function run_test(url, shouldHaveCookies, description) {
     23  add_task(async () => {
     24    await SpecialPowers.addPermission(
     25      "3rdPartyStorage^https://example.com",
     26      true,
     27      url
     28    );
     29 
     30    await BrowserTestUtils.withNewTab(
     31      { gBrowser, url: "about:blank" },
     32      async browser => {
     33        const faviconPromise = waitForFaviconMessage(true, FAVICON_URL);
     34 
     35        BrowserTestUtils.startLoadingURIString(browser, url);
     36        await BrowserTestUtils.browserLoaded(browser);
     37 
     38        await faviconPromise;
     39 
     40        const seenCookie = Services.cookies
     41          .getCookiesFromHost(
     42            "example.com", // the icon's host, not the page's
     43            browser.contentPrincipal.originAttributes
     44          )
     45          .some(cookie => cookie.name == "faviconCookie2");
     46 
     47        // Clean up.
     48        Services.cookies.removeAll();
     49        Services.cache2.clear();
     50 
     51        if (shouldHaveCookies) {
     52          Assert.ok(
     53            seenCookie,
     54            `Should have seen the cookie (${description}).`
     55          );
     56        } else {
     57          Assert.ok(
     58            !seenCookie,
     59            `Should have not seen the cookie (${description}).`
     60          );
     61        }
     62      }
     63    );
     64    await SpecialPowers.removePermission(
     65      "3rdPartyStorage^https://example.com",
     66      url
     67    );
     68  });
     69 }
     70 
     71 // crossorigin="" only has credentials in the same-origin case
     72 run_test(`${EXAMPLE_NET_ROOT}credentials1.html`, false, "anonymous, remote");
     73 run_test(
     74  `${EXAMPLE_COM_ROOT}credentials1.html`,
     75  true,
     76  "anonymous, same-origin"
     77 );
     78 
     79 // crossorigin="use-credentials" always has them
     80 run_test(
     81  `${EXAMPLE_NET_ROOT}credentials2.html`,
     82  true,
     83  "use-credentials, remote"
     84 );
     85 run_test(
     86  `${EXAMPLE_COM_ROOT}credentials2.html`,
     87  true,
     88  "use-credentials, same-origin"
     89 );