browser_permmgr_sync.js (14296B)
1 function addPerm(aOrigin, aName) { 2 let principal = 3 Services.scriptSecurityManager.createContentPrincipalFromOrigin(aOrigin); 4 Services.perms.addFromPrincipal( 5 principal, 6 aName, 7 Services.perms.ALLOW_ACTION 8 ); 9 } 10 11 add_task(async function () { 12 // Make sure that we get a new process for the tab which we create. This is 13 // important, because we want to assert information about the initial state 14 // of the local permissions cache. 15 16 addPerm("http://example.com", "perm1"); 17 addPerm("http://foo.bar.example.com", "perm2"); 18 addPerm("about:home", "perm3"); 19 addPerm("https://example.com", "perm4"); 20 // NOTE: This permission is a preload permission, so it should be available in 21 // the content process from startup. 22 addPerm("https://somerandomwebsite.com", "cookie"); 23 24 await BrowserTestUtils.withNewTab( 25 { gBrowser, url: "about:blank", forceNewProcess: true }, 26 async function (aBrowser) { 27 await SpecialPowers.spawn(aBrowser, [], async function () { 28 // Before the load http URIs shouldn't have been sent down yet 29 is( 30 Services.perms.testPermissionFromPrincipal( 31 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 32 "http://example.com" 33 ), 34 "perm1" 35 ), 36 Services.perms.UNKNOWN_ACTION, 37 "perm1-1" 38 ); 39 is( 40 Services.perms.testPermissionFromPrincipal( 41 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 42 "http://foo.bar.example.com" 43 ), 44 "perm2" 45 ), 46 Services.perms.UNKNOWN_ACTION, 47 "perm2-1" 48 ); 49 is( 50 Services.perms.testPermissionFromPrincipal( 51 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 52 "about:home" 53 ), 54 "perm3" 55 ), 56 Services.perms.ALLOW_ACTION, 57 "perm3-1" 58 ); 59 is( 60 Services.perms.testPermissionFromPrincipal( 61 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 62 "https://example.com" 63 ), 64 "perm4" 65 ), 66 Services.perms.UNKNOWN_ACTION, 67 "perm4-1" 68 ); 69 is( 70 Services.perms.testPermissionFromPrincipal( 71 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 72 "https://somerandomwebsite.com" 73 ), 74 "cookie" 75 ), 76 Services.perms.ALLOW_ACTION, 77 "cookie-1" 78 ); 79 80 let iframe = content.document.createElement("iframe"); 81 82 // Perform a load of example.com 83 await new Promise(resolve => { 84 iframe.setAttribute("src", "http://example.com"); 85 iframe.onload = resolve; 86 content.document.body.appendChild(iframe); 87 }); 88 89 // After the load finishes, the iframe process should know about example.com, but not foo.bar.example.com 90 await content.SpecialPowers.spawn(iframe, [], async function () { 91 is( 92 Services.perms.testPermissionFromPrincipal( 93 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 94 "http://example.com" 95 ), 96 "perm1" 97 ), 98 Services.perms.ALLOW_ACTION, 99 "perm1-2" 100 ); 101 102 is( 103 Services.perms.testPermissionFromPrincipal( 104 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 105 "http://foo.bar.example.com" 106 ), 107 "perm2" 108 ), 109 Services.perms.UNKNOWN_ACTION, 110 "perm2-2" 111 ); 112 113 is( 114 Services.perms.testPermissionFromPrincipal( 115 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 116 "about:home" 117 ), 118 "perm3" 119 ), 120 Services.perms.ALLOW_ACTION, 121 "perm3-2" 122 ); 123 124 is( 125 Services.perms.testPermissionFromPrincipal( 126 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 127 "https://example.com" 128 ), 129 "perm4" 130 ), 131 Services.perms.UNKNOWN_ACTION, 132 "perm4-2" 133 ); 134 135 is( 136 Services.perms.testPermissionFromPrincipal( 137 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 138 "https://somerandomwebsite.com" 139 ), 140 "cookie" 141 ), 142 Services.perms.ALLOW_ACTION, 143 "cookie-2" 144 ); 145 }); 146 147 // In Fission only, the parent process should have no knowledge about the child 148 // process permissions 149 is( 150 Services.perms.testPermissionFromPrincipal( 151 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 152 "http://example.com" 153 ), 154 "perm1" 155 ), 156 SpecialPowers.useRemoteSubframes 157 ? Services.perms.UNKNOWN_ACTION 158 : Services.perms.ALLOW_ACTION, 159 "perm1-3" 160 ); 161 162 is( 163 Services.perms.testPermissionFromPrincipal( 164 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 165 "http://foo.bar.example.com" 166 ), 167 "perm2" 168 ), 169 Services.perms.UNKNOWN_ACTION, 170 "perm2-3" 171 ); 172 173 is( 174 Services.perms.testPermissionFromPrincipal( 175 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 176 "https://example.com" 177 ), 178 "perm4" 179 ), 180 Services.perms.UNKNOWN_ACTION, 181 "perm4-3" 182 ); 183 }); 184 185 addPerm("http://example.com", "newperm1"); 186 addPerm("http://foo.bar.example.com", "newperm2"); 187 addPerm("about:home", "newperm3"); 188 addPerm("https://example.com", "newperm4"); 189 addPerm("https://someotherrandomwebsite.com", "cookie"); 190 191 await SpecialPowers.spawn(aBrowser, [], async function () { 192 // The new permissions should be available, but only for 193 // http://example.com (without Fission), and about:home. 194 is( 195 Services.perms.testPermissionFromPrincipal( 196 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 197 "http://example.com" 198 ), 199 "perm1" 200 ), 201 SpecialPowers.useRemoteSubframes 202 ? Services.perms.UNKNOWN_ACTION 203 : Services.perms.ALLOW_ACTION, 204 "perm1-4" 205 ); 206 is( 207 Services.perms.testPermissionFromPrincipal( 208 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 209 "http://example.com" 210 ), 211 "newperm1" 212 ), 213 SpecialPowers.useRemoteSubframes 214 ? Services.perms.UNKNOWN_ACTION 215 : Services.perms.ALLOW_ACTION, 216 "newperm1-1" 217 ); 218 is( 219 Services.perms.testPermissionFromPrincipal( 220 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 221 "http://foo.bar.example.com" 222 ), 223 "perm2" 224 ), 225 Services.perms.UNKNOWN_ACTION, 226 "perm2-4" 227 ); 228 is( 229 Services.perms.testPermissionFromPrincipal( 230 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 231 "http://foo.bar.example.com" 232 ), 233 "newperm2" 234 ), 235 Services.perms.UNKNOWN_ACTION, 236 "newperm2-1" 237 ); 238 is( 239 Services.perms.testPermissionFromPrincipal( 240 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 241 "about:home" 242 ), 243 "perm3" 244 ), 245 Services.perms.ALLOW_ACTION, 246 "perm3-3" 247 ); 248 is( 249 Services.perms.testPermissionFromPrincipal( 250 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 251 "about:home" 252 ), 253 "newperm3" 254 ), 255 Services.perms.ALLOW_ACTION, 256 "newperm3-1" 257 ); 258 is( 259 Services.perms.testPermissionFromPrincipal( 260 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 261 "https://example.com" 262 ), 263 "perm4" 264 ), 265 Services.perms.UNKNOWN_ACTION, 266 "perm4-4" 267 ); 268 is( 269 Services.perms.testPermissionFromPrincipal( 270 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 271 "https://example.com" 272 ), 273 "newperm4" 274 ), 275 Services.perms.UNKNOWN_ACTION, 276 "newperm4-1" 277 ); 278 is( 279 Services.perms.testPermissionFromPrincipal( 280 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 281 "https://somerandomwebsite.com" 282 ), 283 "cookie" 284 ), 285 Services.perms.ALLOW_ACTION, 286 "cookie-3" 287 ); 288 is( 289 Services.perms.testPermissionFromPrincipal( 290 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 291 "https://someotherrandomwebsite.com" 292 ), 293 "cookie" 294 ), 295 Services.perms.ALLOW_ACTION, 296 "othercookie-3" 297 ); 298 299 let iframe = content.document.createElement("iframe"); 300 // Loading a subdomain now, on https 301 await new Promise(resolve => { 302 iframe.setAttribute("src", "https://sub1.test1.example.com"); 303 iframe.onload = resolve; 304 content.document.body.appendChild(iframe); 305 }); 306 307 // After the load finishes, the iframe process should not know about 308 // the permissions of its base domain. 309 await content.SpecialPowers.spawn(iframe, [], async function () { 310 is( 311 Services.perms.testPermissionFromPrincipal( 312 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 313 "https://example.com" 314 ), 315 "perm4" 316 ), 317 Services.perms.ALLOW_ACTION, 318 "perm4-5" 319 ); 320 321 // In Fission not across schemes, though. 322 is( 323 Services.perms.testPermissionFromPrincipal( 324 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 325 "http://example.com" 326 ), 327 "perm1" 328 ), 329 SpecialPowers.useRemoteSubframes 330 ? Services.perms.UNKNOWN_ACTION 331 : Services.perms.ALLOW_ACTION, 332 "perm1-5" 333 ); 334 is( 335 Services.perms.testPermissionFromPrincipal( 336 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 337 "http://example.com" 338 ), 339 "newperm1" 340 ), 341 SpecialPowers.useRemoteSubframes 342 ? Services.perms.UNKNOWN_ACTION 343 : Services.perms.ALLOW_ACTION, 344 "newperm1-2" 345 ); 346 }); 347 348 // The parent process should still have no permission under Fission. 349 is( 350 Services.perms.testPermissionFromPrincipal( 351 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 352 "http://example.com" 353 ), 354 "perm1" 355 ), 356 SpecialPowers.useRemoteSubframes 357 ? Services.perms.UNKNOWN_ACTION 358 : Services.perms.ALLOW_ACTION, 359 "perm1-4" 360 ); 361 is( 362 Services.perms.testPermissionFromPrincipal( 363 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 364 "http://example.com" 365 ), 366 "newperm1" 367 ), 368 SpecialPowers.useRemoteSubframes 369 ? Services.perms.UNKNOWN_ACTION 370 : Services.perms.ALLOW_ACTION, 371 "newperm1-3" 372 ); 373 is( 374 Services.perms.testPermissionFromPrincipal( 375 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 376 "https://example.com" 377 ), 378 "perm4" 379 ), 380 SpecialPowers.useRemoteSubframes 381 ? Services.perms.UNKNOWN_ACTION 382 : Services.perms.ALLOW_ACTION, 383 "perm4-6" 384 ); 385 is( 386 Services.perms.testPermissionFromPrincipal( 387 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 388 "http://foo.bar.example.com" 389 ), 390 "perm2" 391 ), 392 Services.perms.UNKNOWN_ACTION, 393 "perm2-5" 394 ); 395 is( 396 Services.perms.testPermissionFromPrincipal( 397 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 398 "http://foo.bar.example.com" 399 ), 400 "newperm2" 401 ), 402 Services.perms.UNKNOWN_ACTION, 403 "newperm2-2" 404 ); 405 is( 406 Services.perms.testPermissionFromPrincipal( 407 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 408 "about:home" 409 ), 410 "perm3" 411 ), 412 Services.perms.ALLOW_ACTION, 413 "perm3-4" 414 ); 415 is( 416 Services.perms.testPermissionFromPrincipal( 417 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 418 "about:home" 419 ), 420 "newperm3" 421 ), 422 Services.perms.ALLOW_ACTION, 423 "newperm3-2" 424 ); 425 is( 426 Services.perms.testPermissionFromPrincipal( 427 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 428 "https://somerandomwebsite.com" 429 ), 430 "cookie" 431 ), 432 Services.perms.ALLOW_ACTION, 433 "cookie-4" 434 ); 435 is( 436 Services.perms.testPermissionFromPrincipal( 437 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 438 "https://someotherrandomwebsite.com" 439 ), 440 "cookie" 441 ), 442 Services.perms.ALLOW_ACTION, 443 "othercookie-4" 444 ); 445 }); 446 } 447 ); 448 });