browser_temporary_permissions.js (3452B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const ORIGIN = "https://example.com"; 7 const PERMISSIONS_PAGE = 8 getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) + 9 "permissions.html"; 10 const SUBFRAME_PAGE = 11 getRootDirectory(gTestPath).replace("chrome://mochitests/content", ORIGIN) + 12 "temporary_permissions_subframe.html"; 13 14 // Test that setting temp permissions triggers a change in the identity block. 15 add_task(async function testTempPermissionChangeEvents() { 16 let principal = 17 Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN); 18 let id = "geo"; 19 20 await BrowserTestUtils.withNewTab(ORIGIN, function (browser) { 21 SitePermissions.setForPrincipal( 22 principal, 23 id, 24 SitePermissions.BLOCK, 25 SitePermissions.SCOPE_TEMPORARY, 26 browser 27 ); 28 29 Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), { 30 state: SitePermissions.BLOCK, 31 scope: SitePermissions.SCOPE_TEMPORARY, 32 }); 33 34 let geoIcon = document.querySelector( 35 ".blocked-permission-icon[data-permission-id=geo]" 36 ); 37 38 Assert.notEqual( 39 geoIcon.getBoundingClientRect().width, 40 0, 41 "geo anchor should be visible" 42 ); 43 44 SitePermissions.removeFromPrincipal(principal, id, browser); 45 46 Assert.equal( 47 geoIcon.getBoundingClientRect().width, 48 0, 49 "geo anchor should not be visible" 50 ); 51 }); 52 }); 53 54 // Test that temp blocked permissions requested by subframes (with a different URI) affect the whole page. 55 add_task(async function testTempPermissionSubframes() { 56 let uri = NetUtil.newURI(ORIGIN); 57 let principal = Services.scriptSecurityManager.createContentPrincipal( 58 uri, 59 {} 60 ); 61 let id = "geo"; 62 63 await BrowserTestUtils.withNewTab(SUBFRAME_PAGE, async function (browser) { 64 let popupshown = BrowserTestUtils.waitForEvent( 65 PopupNotifications.panel, 66 "popupshown" 67 ); 68 69 await new Promise(r => { 70 SpecialPowers.pushPrefEnv( 71 { 72 set: [ 73 ["dom.security.featurePolicy.header.enabled", true], 74 ["dom.security.featurePolicy.webidl.enabled", true], 75 ], 76 }, 77 r 78 ); 79 }); 80 81 // Request a permission. 82 await SpecialPowers.spawn(browser, [uri.host], async function (host0) { 83 let frame = content.document.getElementById("frame"); 84 85 await content.SpecialPowers.spawn(frame, [host0], async function (host) { 86 const { E10SUtils } = ChromeUtils.importESModule( 87 "resource://gre/modules/E10SUtils.sys.mjs" 88 ); 89 90 E10SUtils.wrapHandlingUserInput(this.content, true, function () { 91 let frameDoc = this.content.document; 92 93 // Make sure that the origin of our test page is different. 94 Assert.notEqual(frameDoc.location.host, host); 95 96 frameDoc.getElementById("geo").click(); 97 }); 98 }); 99 }); 100 101 await popupshown; 102 103 let popuphidden = BrowserTestUtils.waitForEvent( 104 PopupNotifications.panel, 105 "popuphidden" 106 ); 107 108 let notification = PopupNotifications.panel.firstElementChild; 109 EventUtils.synthesizeMouseAtCenter(notification.secondaryButton, {}); 110 111 await popuphidden; 112 113 Assert.deepEqual(SitePermissions.getForPrincipal(principal, id, browser), { 114 state: SitePermissions.BLOCK, 115 scope: SitePermissions.SCOPE_TEMPORARY, 116 }); 117 }); 118 });