Bug 1356277 - Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan
authorMichael Layzell <michael@thelayzells.com>
Thu, 13 Apr 2017 15:23:58 -0400
changeset 353446 26376d7421da8ff04960f902ad7b7c0d015f0a5b
parent 353445 c5acd8a8058c867a6623e69b960f1760a8d3bb09
child 353447 47318b7a82c08a1e77091377a1cd1639d4725450
push id89262
push usermichael@thelayzells.com
push dateMon, 17 Apr 2017 19:15:29 +0000
treeherdermozilla-inbound@26376d7421da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan
bugs1356277
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1356277 - Part 2: Add a test for LIMIT_THIRD_PARTY permission with sessionStorage, r=ehsan MozReview-Commit-ID: 6EI2eynexN0
dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html
dom/tests/mochitest/localstorage/mochitest.ini
dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html
@@ -0,0 +1,10 @@
+<script>
+  try {
+    sessionStorage.setItem("am_i_blocked", "nope");
+    window.parent.postMessage('sessionStorage=true', '*');
+    document.body.innerHTML += 'yes';
+  } catch (ex) {
+    window.parent.postMessage('sessionStorage=false', '*');
+    document.body.innerHTML += 'no';
+  }
+</script>
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@@ -11,16 +11,17 @@ support-files =
   frameReplace.html
   frameSlaveEqual.html
   frameSlaveNotEqual.html
   interOriginFrame.js
   interOriginTest.js
   interOriginTest2.js
   localStorageCommon.js
   frameLocalStorageSessionOnly.html
+  file_tryAccessSessionStorage.html
 
 [test_brokenUTF-16.html]
 [test_bug600307-DBOps.html]
 [test_bug746272-1.html]
 [test_bug746272-2.html]
 skip-if = os == "android" # bug 962029
 [test_cookieBlock.html]
 [test_cookieSession.html]
@@ -45,8 +46,9 @@ skip-if = toolkit == 'android' #TIMED_OU
 skip-if = toolkit == 'android' #TIMED_OUT
 [test_localStorageQuotaSessionOnly2.html]
 skip-if = toolkit == 'android' #TIMED_OUT
 [test_localStorageReplace.html]
 skip-if = toolkit == 'android'
 [test_lowDeviceStorage.html]
 [test_storageConstructor.html]
 [test_localStorageSessionPrefOverride.html]
+[test_firstPartyOnlyPermission.html]
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/test_firstPartyOnlyPermission.html
@@ -0,0 +1,62 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>first party storage permission test</title>
+
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+<script type="text/javascript">
+  TRY_ACCESS_SESSION_STORAGE =
+    'http://example.com/tests/dom/tests/mochitest/localstorage/file_tryAccessSessionStorage.html';
+
+  add_task(function*() {
+    yield SpecialPowers.pushPrefEnv({
+      set: [['network.cookie.cookieBehavior', SpecialPowers.Ci.nsICookieService.BEHAVIOR_REJECT]],
+    });
+
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(false, "Shouldn't be avaliable yet");
+    } catch (ex) {
+      ok(true, "Shouldn't be avaliable yet");
+    }
+
+    yield new Promise(resolve => SpecialPowers.pushPermissions([{
+      type: 'cookie',
+      allow: SpecialPowers.Ci.nsICookiePermission.ACCESS_ALLOW_FIRST_PARTY_ONLY,
+      context: document,
+    }], resolve));
+
+    // With the permission set to ACCESS_ALLOW_FIRST_PARTY_ONLY, we should be
+    // able to run it from this iframe (as we are first party with the test
+    // runner parent document).
+    try {
+      sessionStorage.setItem("blocked", "blocked");
+      ok(true, "Should be avaliable");
+    } catch (ex) {
+      ok(false, "Should be avaliable");
+    }
+
+    // A third party iframe should not have access however.
+    yield new Promise(resolve => {
+      window.onmessage = evt => {
+        window.onmessage = null;
+        is(evt.data, "sessionStorage=false");
+        resolve();
+      };
+
+      let iframe = document.createElement('iframe');
+      iframe.setAttribute('src', TRY_ACCESS_SESSION_STORAGE);
+      document.body.appendChild(iframe);
+    });
+  });
+
+</script>
+
+</head>
+
+<body>
+
+</body>
+</html>