Bug 1356277 - Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan
authorMichael Layzell <michael@thelayzells.com>
Thu, 13 Apr 2017 15:23:58 -0400
changeset 353865 10e9a5b8150c898843b44b0373b60b8e66bd17e8
parent 353864 0a2fca8aa2e64c151f566c189e03f6dbf303e47b
child 353866 130a6cae4093c1b5ea8c060c337c958a236ae636
push id89365
push usermichael@thelayzells.com
push dateWed, 19 Apr 2017 21:08:06 +0000
treeherdermozilla-inbound@130a6cae4093 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan
bugs1356277
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1356277 - Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan MozReview-Commit-ID: 6EI2eynexN0
dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html
dom/tests/mochitest/localstorage/mochitest.ini
dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html
@@ -0,0 +1,10 @@
+<script>
+  try {
+    sessionStorage.setItem("am_i_blocked", "nope");
+    window.parent.postMessage('sessionStorage=true', '*');
+    document.body.innerHTML += 'yes';
+  } catch (ex) {
+    window.parent.postMessage('sessionStorage=false', '*');
+    document.body.innerHTML += 'no';
+  }
+</script>
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@@ -11,16 +11,17 @@ support-files =
   frameReplace.html
   frameSlaveEqual.html
   frameSlaveNotEqual.html
   interOriginFrame.js
   interOriginTest.js
   interOriginTest2.js
   localStorageCommon.js
   frameLocalStorageSessionOnly.html
+  file_tryAccessSessionStorage.html
 
 [test_brokenUTF-16.html]
 [test_bug600307-DBOps.html]
 [test_bug746272-1.html]
 [test_bug746272-2.html]
 skip-if = os == "android" # bug 962029
 [test_cookieBlock.html]
 [test_cookieSession.html]
@@ -45,8 +46,9 @@ skip-if = toolkit == 'android' #TIMED_OU
 skip-if = toolkit == 'android' #TIMED_OUT
 [test_localStorageQuotaSessionOnly2.html]
 skip-if = toolkit == 'android' #TIMED_OUT
 [test_localStorageReplace.html]
 skip-if = toolkit == 'android'
 [test_lowDeviceStorage.html]
 [test_storageConstructor.html]
 [test_localStorageSessionPrefOverride.html]
+[test_firstPartyOnlyPermission.html]
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
@@ -0,0 +1,62 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>first party storage permission test</title>
+
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+<script type="text/javascript">
+  TRY_ACCESS_SESSION_STORAGE =
+    'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
+
+  add_task(function*() {
+    yield SpecialPowers.pushPrefEnv({
+      set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
+    });
+
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(false, "Shouldn't be avaliable yet");
+    } catch (ex) {
+      ok(true, "Shouldn't be avaliable yet");
+    }
+
+    yield new Promise(resolve => SpecialPowers.pushPermissions([{
+      type: 'cookie',
+      allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
+      context: document,
+    }], resolve));
+
+    // With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
+    // able to run it from this iframe (as we are first party with the test
+    // runner parent document).
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(true, "Should be avaliable");
+    } catch (ex) {
+      ok(false, "Should be avaliable");
+    }
+
+    // A third party iframe should not have access however.
+    yield new Promise(resolve => {
+      window.onmessage = evt => {
+        window.onmessage = null;
+        is(evt.data, "sessionStorage=false");
+        resolve();
+      };
+
+      let iframe = document.createElement('iframe');
+      iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
+      document.body.appendChild(iframe);
+    });
+  });
+
+</script>
+
+</head>
+
+<body>
+
+</body>
+</html>