browser_cookies_privacy.js (3810B)
1 "use strict"; 2 3 // MAX_EXPIRY should be 2^63-1, but JavaScript can't handle that precision. 4 const MAX_EXPIRY = Math.pow(2, 62); 5 6 function addCookie(scheme, secure = false) { 7 let cookie = createTestCookie(scheme, secure); 8 const cv = Services.cookies.add( 9 cookie.host, 10 cookie.path, 11 cookie.name, 12 cookie.value, 13 cookie.secure, 14 /* isHttpOnly = */ false, 15 /* isSession = */ true, 16 MAX_EXPIRY, 17 /* originAttributes = */ {}, 18 Ci.nsICookie.SAMESITE_UNSET, 19 Ci.nsICookie.SCHEME_HTTPS 20 ); 21 is(cv.result, Ci.nsICookieValidation.eOK, "Valid cookie"); 22 return cookie; 23 } 24 25 function createTestCookie(scheme, secure = false) { 26 let r = Math.round(Math.random() * 100000); 27 28 let cookie = { 29 host: `${scheme}://example.com`, 30 path: "/", 31 name: `name${r}`, 32 value: `value${r}`, 33 secure, 34 }; 35 36 return cookie; 37 } 38 39 function getCookie() { 40 let state = JSON.parse(ss.getBrowserState()); 41 let cookies = state.cookies || []; 42 return cookies[0]; 43 } 44 45 function compareCookies(a) { 46 let b = getCookie(); 47 return a.host == b.host && a.name == b.name && a.value == b.value; 48 } 49 50 // Setup and cleanup. 51 add_task(async function test_setup() { 52 Services.prefs.clearUserPref("browser.sessionstore.privacy_level"); 53 54 registerCleanupFunction(() => { 55 Services.prefs.clearUserPref("browser.sessionstore.privacy_level"); 56 Services.cookies.removeAll(); 57 }); 58 }); 59 60 // Test privacy_level=none (default). We store all session cookies. 61 add_task(async function test_level_none() { 62 Services.cookies.removeAll(); 63 64 // Set level=none, store all cookies. 65 Services.prefs.setIntPref("browser.sessionstore.privacy_level", 0); 66 67 // With the default privacy level we collect all cookies. 68 ok(compareCookies(addCookie("http")), "non-secure http cookie stored"); 69 Services.cookies.removeAll(); 70 71 // With the default privacy level we collect all cookies. 72 ok(compareCookies(addCookie("https")), "non-secure https cookie stored"); 73 Services.cookies.removeAll(); 74 75 // With the default privacy level we collect all cookies. 76 ok(compareCookies(addCookie("https", true)), "secure https cookie stored"); 77 Services.cookies.removeAll(); 78 }); 79 80 // Test privacy_level=encrypted. We store all non-secure session cookies. 81 add_task(async function test_level_encrypted() { 82 Services.cookies.removeAll(); 83 84 // Set level=encrypted, don't store any secure cookies. 85 Services.prefs.setIntPref("browser.sessionstore.privacy_level", 1); 86 87 // With level=encrypted, non-secure cookies will be stored. 88 ok(compareCookies(addCookie("http")), "non-secure http cookie stored"); 89 Services.cookies.removeAll(); 90 91 // With level=encrypted, non-secure cookies will be stored, 92 // even if sent by an HTTPS site. 93 ok(compareCookies(addCookie("https")), "non-secure https cookie stored"); 94 Services.cookies.removeAll(); 95 96 // With level=encrypted, non-secure cookies will be stored, 97 // even if sent by an HTTPS site. 98 ok( 99 addCookie("https", true) && !getCookie(), 100 "secure https cookie not stored" 101 ); 102 Services.cookies.removeAll(); 103 }); 104 105 // Test privacy_level=full. We store no session cookies. 106 add_task(async function test_level_full() { 107 Services.cookies.removeAll(); 108 109 // Set level=full, don't store any cookies. 110 Services.prefs.setIntPref("browser.sessionstore.privacy_level", 2); 111 112 // With level=full we must not store any cookies. 113 ok(addCookie("http") && !getCookie(), "non-secure http cookie not stored"); 114 Services.cookies.removeAll(); 115 116 // With level=full we must not store any cookies. 117 ok(addCookie("https") && !getCookie(), "non-secure https cookie not stored"); 118 Services.cookies.removeAll(); 119 120 // With level=full we must not store any cookies. 121 ok( 122 addCookie("https", true) && !getCookie(), 123 "secure https cookie not stored" 124 ); 125 Services.cookies.removeAll(); 126 });