| author | Michael Layzell <michael@thelayzells.com> |
| Thu, 13 Apr 2017 15:23:58 -0400 | |
| changeset 353865 | 10e9a5b8150c898843b44b0373b60b8e66bd17e8 |
| parent 353864 | 0a2fca8aa2e64c151f566c189e03f6dbf303e47b |
| child 353866 | 130a6cae4093c1b5ea8c060c337c958a236ae636 |
| push id | 89365 |
| push user | michael@thelayzells.com |
| push date | Wed, 19 Apr 2017 21:08:06 +0000 |
| treeherder | mozilla-inbound@130a6cae4093 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | ehsan |
| bugs | 1356277 |
| milestone | 55.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
new file mode 100644 --- /dev/null +++ b/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html @@ -0,0 +1,10 @@ +<script> + try { + sessionStorage.setItem("am_i_blocked", "nope"); + window.parent.postMessage('sessionStorage=true', '*'); + document.body.innerHTML += 'yes'; + } catch (ex) { + window.parent.postMessage('sessionStorage=false', '*'); + document.body.innerHTML += 'no'; + } +</script>
--- a/dom/tests/mochitest/localstorage/mochitest.ini +++ b/dom/tests/mochitest/localstorage/mochitest.ini @@ -11,16 +11,17 @@ support-files = frameReplace.html frameSlaveEqual.html frameSlaveNotEqual.html interOriginFrame.js interOriginTest.js interOriginTest2.js localStorageCommon.js frameLocalStorageSessionOnly.html + file_tryAccessSessionStorage.html [test_brokenUTF-16.html] [test_bug600307-DBOps.html] [test_bug746272-1.html] [test_bug746272-2.html] skip-if = os == "android" # bug 962029 [test_cookieBlock.html] [test_cookieSession.html] @@ -45,8 +46,9 @@ skip-if = toolkit == 'android' #TIMED_OU skip-if = toolkit == 'android' #TIMED_OUT [test_localStorageQuotaSessionOnly2.html] skip-if = toolkit == 'android' #TIMED_OUT [test_localStorageReplace.html] skip-if = toolkit == 'android' [test_lowDeviceStorage.html] [test_storageConstructor.html] [test_localStorageSessionPrefOverride.html] +[test_firstPartyOnlyPermission.html]
new file mode 100644 --- /dev/null +++ b/dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html @@ -0,0 +1,62 @@ +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>first party storage permission test</title> + +<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> +<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script> +<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> + +<script type="text/javascript"> + TRY_ACCESS_SESSION_STORAGE = + 'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html'; + + add_task(function*() { + yield SpecialPowers.pushPrefEnv({ + set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]], + }); + + try { + sessionStorage.setItem("blocked", "blocked"); + ok(false, "Shouldn't be avaliable yet"); + } catch (ex) { + ok(true, "Shouldn't be avaliable yet"); + } + + yield new Promise(resolve => SpecialPowers.pushPermissions([{ + type: 'cookie', + allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY, + context: document, + }], resolve)); + + // With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be + // able to run it from this iframe (as we are first party with the test + // runner parent document). + try { + sessionStorage.setItem("blocked", "blocked"); + ok(true, "Should be avaliable"); + } catch (ex) { + ok(false, "Should be avaliable"); + } + + // A third party iframe should not have access however. + yield new Promise(resolve => { + window.onmessage = evt => { + window.onmessage = null; + is(evt.data, "sessionStorage=false"); + resolve(); + }; + + let iframe = document.createElement('iframe'); + iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE); + document.body.appendChild(iframe); + }); + }); + +</script> + +</head> + +<body> + +</body> +</html>