test_third_party_iframes.html (7225B)
1 <!-- 2 Any copyright is dedicated to the Public Domain. 3 http://creativecommons.org/publicdomain/zero/1.0/ 4 --> 5 <!DOCTYPE HTML> 6 <html> 7 <head> 8 <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> 9 <title>Bug 1152899 - Disallow the interception of third-party iframes using service workers when the third-party cookie preference is set</title> 10 <script src="/tests/SimpleTest/SimpleTest.js"></script> 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 12 </head> 13 <body> 14 <script class="testbody" type="text/javascript"> 15 16 var chromeScript; 17 chromeScript = SpecialPowers.loadChromeScript(_ => { 18 /* eslint-env mozilla/chrome-script */ 19 Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve()); 20 }); 21 22 SimpleTest.waitForExplicitFinish(); 23 SimpleTest.requestLongerTimeout(2); 24 25 let index = 0; 26 function next() { 27 info("Step " + index); 28 if (index >= steps.length) { 29 SimpleTest.finish(); 30 return; 31 } 32 try { 33 let i = index++; 34 steps[i](); 35 } catch(ex) { 36 ok(false, "Caught exception", ex); 37 } 38 } 39 40 onload = next; 41 42 let iframe; 43 let proxyWindow; 44 let basePath = "/tests/dom/serviceworkers/test/thirdparty/"; 45 let origin = window.location.protocol + "//" + window.location.host; 46 let thirdPartyOrigin = "https://example.com"; 47 48 function loadIframe() { 49 let message = { 50 source: "parent", 51 href: origin + basePath + "iframe2.html" 52 }; 53 iframe.contentWindow.postMessage(message, "*"); 54 } 55 56 function loadThirdPartyIframe() { 57 let message = { 58 source: "parent", 59 href: thirdPartyOrigin + basePath + "iframe2.html" 60 } 61 iframe.contentWindow.postMessage(message, "*"); 62 } 63 64 function runTest(aExpectedResponses) { 65 // Let's use a proxy window to have the new cookie policy applied. 66 proxyWindow = window.open("window_party_iframes.html"); 67 proxyWindow.onload = _ => { 68 iframe = proxyWindow.document.querySelector("iframe"); 69 iframe.src = thirdPartyOrigin + basePath + "register.html"; 70 let responsesIndex = 0; 71 window.onmessage = function(e) { 72 let status = e.data.status; 73 let expected = aExpectedResponses[responsesIndex]; 74 if (status == expected.status) { 75 ok(true, "Received expected " + expected.status); 76 if (expected.next) { 77 expected.next(); 78 } 79 } else { 80 ok(false, "Expected " + expected.status + " got " + status); 81 } 82 responsesIndex++; 83 }; 84 } 85 } 86 87 // Verify that we can register and intercept a 3rd party iframe with 88 // the given cookie policy. 89 function testShouldIntercept(behavior, done) { 90 SpecialPowers.pushPrefEnv({"set": [ 91 ["network.cookie.cookieBehavior", behavior], 92 ]}, function() { 93 runTest([{ 94 status: "ok" 95 }, { 96 status: "registrationdone", 97 next() { 98 iframe.src = origin + basePath + "iframe1.html"; 99 } 100 }, { 101 status: "iframeloaded", 102 next: loadIframe 103 }, { 104 status: "networkresponse", 105 }, { 106 status: "worker-networkresponse", 107 next: loadThirdPartyIframe 108 }, { 109 status: "swresponse", 110 }, { 111 status: "worker-swresponse", 112 next() { 113 iframe.src = thirdPartyOrigin + basePath + "unregister.html"; 114 } 115 }, { 116 status: "controlled", 117 }, { 118 status: "unregistrationdone", 119 next() { 120 window.onmessage = null; 121 proxyWindow.close(); 122 ok(true, "Test finished successfully"); 123 done(); 124 } 125 }]); 126 }); 127 } 128 129 // Verify that we cannot register a service worker in a 3rd party 130 // iframe with the given cookie policy. 131 function testShouldNotRegister(behavior, done) { 132 SpecialPowers.pushPrefEnv({"set": [ 133 ["network.cookie.cookieBehavior", behavior], 134 ]}, function() { 135 runTest([{ 136 status: "registrationfailed", 137 next() { 138 iframe.src = origin + basePath + "iframe1.html"; 139 } 140 }, { 141 status: "iframeloaded", 142 next: loadIframe 143 }, { 144 status: "networkresponse", 145 }, { 146 status: "worker-networkresponse", 147 next: loadThirdPartyIframe 148 }, { 149 status: "networkresponse", 150 }, { 151 status: "worker-networkresponse", 152 next() { 153 window.onmessage = null; 154 proxyWindow.close(); 155 ok(true, "Test finished successfully"); 156 done(); 157 } 158 }]); 159 }); 160 } 161 162 // Verify that if a service worker is already registered a 3rd 163 // party iframe will still not be intercepted with the given cookie 164 // policy. 165 function testShouldNotIntercept(behavior, done) { 166 SpecialPowers.pushPrefEnv({"set": [ 167 ["network.cookie.cookieBehavior", BEHAVIOR_ACCEPT], 168 ]}, function() { 169 runTest([{ 170 status: "ok" 171 }, { 172 status: "registrationdone", 173 next() { 174 SpecialPowers.pushPrefEnv({"set": [ 175 ["network.cookie.cookieBehavior", behavior], 176 ]}, function() { 177 proxyWindow.close(); 178 proxyWindow = window.open("window_party_iframes.html"); 179 proxyWindow.onload = _ => { 180 iframe = proxyWindow.document.querySelector("iframe"); 181 iframe.src = origin + basePath + "iframe1.html"; 182 } 183 }); 184 } 185 }, { 186 status: "iframeloaded", 187 next: loadIframe 188 }, { 189 status: "networkresponse", 190 }, { 191 status: "worker-networkresponse", 192 next: loadThirdPartyIframe 193 }, { 194 status: "networkresponse", 195 }, { 196 status: "worker-networkresponse", 197 next() { 198 iframe.src = thirdPartyOrigin + basePath + "unregister.html"; 199 } 200 }, { 201 status: "uncontrolled", 202 }, { 203 status: "getregistrationfailed", 204 next() { 205 SpecialPowers.pushPrefEnv({"set": [ 206 ["network.cookie.cookieBehavior", BEHAVIOR_ACCEPT], 207 ]}, function() { 208 proxyWindow.close(); 209 proxyWindow = window.open("window_party_iframes.html"); 210 proxyWindow.onload = _ => { 211 iframe = proxyWindow.document.querySelector("iframe"); 212 iframe.src = thirdPartyOrigin + basePath + "unregister.html"; 213 } 214 }); 215 } 216 }, { 217 status: "controlled", 218 }, { 219 status: "unregistrationdone", 220 next() { 221 window.onmessage = null; 222 proxyWindow.close(); 223 ok(true, "Test finished successfully"); 224 done(); 225 } 226 }]); 227 }); 228 } 229 230 const BEHAVIOR_ACCEPT = 0; 231 const BEHAVIOR_REJECTFOREIGN = 1; 232 const BEHAVIOR_REJECT = 2; 233 const BEHAVIOR_LIMITFOREIGN = 3; 234 235 let steps = [() => { 236 SpecialPowers.pushPrefEnv({"set": [ 237 ["dom.serviceWorkers.exemptFromPerDomainMax", true], 238 ["dom.serviceWorkers.enabled", true], 239 ["dom.serviceWorkers.testing.enabled", true], 240 ["browser.dom.window.dump.enabled", true], 241 ["network.cookie.cookieBehavior", BEHAVIOR_ACCEPT], 242 ]}, next); 243 }, () => { 244 testShouldNotRegister(BEHAVIOR_REJECTFOREIGN, next); 245 }, () => { 246 testShouldNotIntercept(BEHAVIOR_REJECTFOREIGN, next); 247 }, () => { 248 testShouldNotRegister(BEHAVIOR_REJECT, next); 249 }, () => { 250 testShouldNotIntercept(BEHAVIOR_REJECT, next); 251 }, () => { 252 testShouldNotRegister(BEHAVIOR_LIMITFOREIGN, next); 253 }, () => { 254 testShouldNotIntercept(BEHAVIOR_LIMITFOREIGN, next); 255 }, () => { 256 testShouldIntercept(BEHAVIOR_ACCEPT, next); 257 }]; 258 259 260 </script> 261 </pre> 262 </body> 263 </html>