| author | Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com> |
| Thu, 19 Apr 2018 20:00:52 +0200 | |
| changeset 414585 | 5524e587eff281b0f397d17ccd38c8bb26fb221e |
| parent 414584 | 4bf15cbc8ffb33e15a3bde7b88e779cac721a813 |
| child 414586 | bc062fa71ca7c868d5219b1ddcbe5d9afa86bff3 |
| push id | 33871 |
| push user | csabou@mozilla.com |
| push date | Thu, 19 Apr 2018 22:30:08 +0000 |
| treeherder | mozilla-central@5d73549d363f [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | jkt |
| bugs | 1454914 |
| milestone | 61.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
new file mode 100644 --- /dev/null +++ b/toolkit/components/extensions/test/mochitest/file_same_site_cookies_webextension.sjs @@ -0,0 +1,40 @@ +// Custom *.sjs file specifically for the needs of Bug 1454914 + +const WIN = `<html><body>dummy page setting a same-site cookie</body></html>`; +const FRAME = `<html><body>dummy frame getting a same-site cookie</body></html>`; + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString === "loadWin") { + response.write(WIN); + return; + } + + // using startsWith and discard the math random + if (request.queryString.startsWith("loadImage")) { + response.setHeader("Set-Cookie", "myKey=mySameSiteExtensionCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString === "loadXHR") { + let cookie = "noCookie"; + if (request.hasHeader("Cookie")) { + cookie = request.getHeader("Cookie"); + } + response.write(cookie); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +}
--- a/toolkit/components/extensions/test/mochitest/mochitest-common.ini +++ b/toolkit/components/extensions/test/mochitest/mochitest-common.ini @@ -46,16 +46,17 @@ support-files = redirect_auto.sjs redirection.sjs return_headers.sjs slow_response.sjs webrequest_worker.js !/dom/tests/mochitest/geolocation/network_geolocation.sjs !/toolkit/components/passwordmgr/test/authenticate.sjs file_redirect_data_uri.html + file_same_site_cookies_webextension.sjs prefs = security.mixed_content.upgrade_display_content=false [test_ext_background_canvas.html] [test_ext_background_page.html] skip-if = (toolkit == 'android') # android doesn't have devtools [test_ext_clipboard.html] [test_ext_clipboard_image.html] @@ -127,8 +128,9 @@ skip-if = os == 'android' && debug # bug [test_ext_webrequest_frameId.html] [test_ext_webrequest_hsts.html] skip-if = os == 'android' || os == 'linux' # linux, bug 1398120 [test_ext_webrequest_upgrade.html] [test_ext_webrequest_upload.html] skip-if = os == 'android' # Currently fails in emulator tests [test_ext_webrequest_redirect_data_uri.html] [test_ext_window_postMessage.html] +[test_same_site_cookies_webextension.html]
new file mode 100644 --- /dev/null +++ b/toolkit/components/extensions/test/mochitest/test_same_site_cookies_webextension.html @@ -0,0 +1,88 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1454914: Exempt web-extensions from same-site cookie policy</title> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script> + <script type="text/javascript" src="/tests/SimpleTest/ExtensionTestUtils.js"></script> + <script type="text/javascript" src="head.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> +</head> +<body> + +<script type="text/javascript"> +"use strict"; + +/* Description of the test: + * (1) We load an image from mochi.test which sets a same site cookie + * (2) We have the web extension perform an XHR request to mochi.test + * (3) We verify the web-extension can access the same-site cookie + */ + +add_task(async function test_webRequest_same_site_cookie_access() { + let extension = ExtensionTestUtils.loadExtension({ + manifest: { + permissions: [ + "http://example.com/*", + ], + content_scripts: [{ + matches: ["http://example.com/*"], + run_at: "document_start", + js: ["content_script.js"], + }], + }, + + background() { + browser.test.onMessage.addListener(msg => { + if (msg === "verify-same-site-cookie-moz-extension") { + let xhr = new XMLHttpRequest(); + try { + xhr.open("GET", "http://example.com/tests/toolkit/components/extensions/test/mochitest/file_same_site_cookies_webextension.sjs?loadXHR", true); + xhr.onload = function() { + browser.test.assertEq("myKey=mySameSiteExtensionCookie", xhr.responseText, + "cookie should be accessible from moz-extension context"); + browser.test.sendMessage("same-site-cookie-test-done"); + }; + xhr.onerror = function() { + browser.test.fail("xhr onerror"); + browser.test.sendMessage("same-site-cookie-test-done"); + }; + } catch (e) { + browser.test.fail("xhr failure: " + e); + } + xhr.send(); + } + }); + }, + + files: { + "content_script.js": function() { + let myImage = document.createElement("img"); + // Set the src via wrappedJSObject so the load is triggered with the + // content page's principal rather than ours. + myImage.wrappedJSObject.setAttribute("src", "http://example.com/tests/toolkit/components/extensions/test/mochitest/file_same_site_cookies_webextension.sjs?loadImage" + Math.random()); + myImage.onload = function() { + browser.test.log("image onload"); + browser.test.sendMessage("image-loaded-and-same-site-cookie-set"); + }; + myImage.onerror = function() { + browser.test.log("image onerror"); + }; + document.body.appendChild(myImage); + }, + }, + }); + + await extension.startup(); + let win = window.open("http://example.com/tests/toolkit/components/extensions/test/mochitest/file_same_site_cookies_webextension.sjs?loadWin"); + await extension.awaitMessage("image-loaded-and-same-site-cookie-set"); + extension.sendMessage("verify-same-site-cookie-moz-extension"); + await extension.awaitMessage("same-site-cookie-test-done"); + win.close(); + await extension.unload(); +}); + +</script> + +</body> +</html>