tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_cookies_thirdparty.js (4890B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 // test third party cookie blocking, for the cases:
      5 // 1) with null channel
      6 // 2) with channel, but with no docshell parent
      7 
      8 "use strict";
      9 
     10 add_task(async () => {
     11  Services.prefs.setBoolPref(
     12    "network.cookieJarSettings.unblocked_for_testing",
     13    true
     14  );
     15 
     16  Services.prefs.setBoolPref("dom.security.https_first", false);
     17 
     18  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
     19  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);
     20 
     21  CookieXPCShellUtils.createServer({
     22    hosts: ["foo.com", "bar.com", "third.com"],
     23  });
     24 
     25  function createChannel(uri, principal = null) {
     26    const channel = NetUtil.newChannel({
     27      uri,
     28      loadingPrincipal:
     29        principal ||
     30        Services.scriptSecurityManager.createContentPrincipal(uri, {}),
     31      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
     32      contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
     33    });
     34 
     35    return channel.QueryInterface(Ci.nsIHttpChannelInternal);
     36  }
     37 
     38  // Create URIs and channels pointing to foo.com and bar.com.
     39  // We will use these to put foo.com into first and third party contexts.
     40  let spec1 = "http://foo.com/foo.html";
     41  let spec2 = "http://bar.com/bar.html";
     42  let uri1 = NetUtil.newURI(spec1);
     43  let uri2 = NetUtil.newURI(spec2);
     44 
     45  // test with cookies enabled
     46  {
     47    Services.prefs.setIntPref(
     48      "network.cookie.cookieBehavior",
     49      Ci.nsICookieService.BEHAVIOR_ACCEPT
     50    );
     51 
     52    let channel1 = createChannel(uri1);
     53    let channel2 = createChannel(uri2);
     54 
     55    await do_set_cookies(uri1, channel1, true, [1, 2]);
     56    Services.cookies.removeAll();
     57    await do_set_cookies(uri1, channel2, true, [1, 2]);
     58    Services.cookies.removeAll();
     59  }
     60 
     61  // test with third party cookies blocked
     62  {
     63    Services.prefs.setIntPref(
     64      "network.cookie.cookieBehavior",
     65      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
     66    );
     67 
     68    let channel1 = createChannel(uri1);
     69    let channel2 = createChannel(uri2);
     70 
     71    await do_set_cookies(uri1, channel1, true, [0, 1]);
     72    Services.cookies.removeAll();
     73    await do_set_cookies(uri1, channel2, true, [0, 0]);
     74    Services.cookies.removeAll();
     75  }
     76 
     77  // test with third party cookies blocked using system principal
     78  {
     79    Services.prefs.setIntPref(
     80      "network.cookie.cookieBehavior",
     81      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
     82    );
     83 
     84    let channel1 = createChannel(
     85      uri1,
     86      Services.scriptSecurityManager.getSystemPrincipal()
     87    );
     88    let channel2 = createChannel(
     89      uri2,
     90      Services.scriptSecurityManager.getSystemPrincipal()
     91    );
     92 
     93    await do_set_cookies(uri1, channel1, true, [0, 1]);
     94    Services.cookies.removeAll();
     95    await do_set_cookies(uri1, channel2, true, [0, 0]);
     96    Services.cookies.removeAll();
     97  }
     98 
     99  // Force the channel URI to be used when determining the originating URI of
    100  // the channel.
    101  // test with third party cookies blocked
    102 
    103  // test with cookies enabled
    104  {
    105    Services.prefs.setIntPref(
    106      "network.cookie.cookieBehavior",
    107      Ci.nsICookieService.BEHAVIOR_ACCEPT
    108    );
    109 
    110    let channel1 = createChannel(uri1);
    111    channel1.forceAllowThirdPartyCookie = true;
    112 
    113    let channel2 = createChannel(uri2);
    114    channel2.forceAllowThirdPartyCookie = true;
    115 
    116    await do_set_cookies(uri1, channel1, true, [1, 2]);
    117    Services.cookies.removeAll();
    118    await do_set_cookies(uri1, channel2, true, [1, 2]);
    119    Services.cookies.removeAll();
    120  }
    121 
    122  // test with third party cookies blocked
    123  {
    124    Services.prefs.setIntPref(
    125      "network.cookie.cookieBehavior",
    126      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
    127    );
    128 
    129    let channel1 = createChannel(uri1);
    130    channel1.forceAllowThirdPartyCookie = true;
    131 
    132    let channel2 = createChannel(uri2);
    133    channel2.forceAllowThirdPartyCookie = true;
    134 
    135    await do_set_cookies(uri1, channel1, true, [0, 1]);
    136    Services.cookies.removeAll();
    137    await do_set_cookies(uri1, channel2, true, [0, 0]);
    138    Services.cookies.removeAll();
    139  }
    140 
    141  // test with third party cookies limited
    142  {
    143    Services.prefs.setIntPref(
    144      "network.cookie.cookieBehavior",
    145      Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN
    146    );
    147 
    148    let channel1 = createChannel(uri1);
    149    channel1.forceAllowThirdPartyCookie = true;
    150 
    151    let channel2 = createChannel(uri2);
    152    channel2.forceAllowThirdPartyCookie = true;
    153 
    154    await do_set_cookies(uri1, channel1, true, [0, 1]);
    155    Services.cookies.removeAll();
    156    await do_set_cookies(uri1, channel2, true, [0, 0]);
    157    Services.cookies.removeAll();
    158    do_set_single_http_cookie(uri1, channel1, 1);
    159    await do_set_cookies(uri1, channel2, true, [1, 2]);
    160    Services.cookies.removeAll();
    161  }
    162  Services.prefs.clearUserPref("dom.security.https_first");
    163  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
    164 });