Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc. r=dveditz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 18 Apr 2018 10:27:28 +0200
changeset 414277 8306e1afdb9b05a6764100999c6c33e9ff18c40d
parent 414231 42e037e0b8d1d774db5cc38ef486639c1c2889f1
child 414278 405a7e528aeb6194cac28b860e2b2cc15a7b4738
push id33863
push userdluca@mozilla.com
push dateWed, 18 Apr 2018 16:57:29 +0000
treeherdermozilla-central@6480454995da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz
bugs1454721
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc. r=dveditz
dom/security/test/general/file_same_site_cookies_about.sjs
dom/security/test/general/file_same_site_cookies_about_inclusion.html
dom/security/test/general/file_same_site_cookies_about_navigation.html
dom/security/test/general/mochitest.ini
dom/security/test/general/test_same_site_cookies_about.html
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_about.sjs
@@ -0,0 +1,61 @@
+// Custom *.sjs file specifically for the needs of Bug 1454721
+
+// small red image
+const IMG_BYTES = atob(
+  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+  "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const IFRAME_INC =
+  `<iframe src='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about_inclusion.html'></iframe>`;
+
+function handleRequest(request, response)
+{
+  // avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+
+  // using startsWith and discard the math random
+  if (request.queryString.startsWith("setSameSiteCookie")) {
+    response.setHeader("Set-Cookie", "myKey=mySameSiteAboutCookie; samesite=strict", true);
+    response.setHeader("Content-Type", "image/png");
+    response.write(IMG_BYTES);
+    return;
+  }
+
+  // navigation tests
+  if (request.queryString === "loadsrcdocframeNav") {
+    let FRAME = `
+      <iframe srcdoc="foo"
+       onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about_navigation.html'">
+      </iframe>`;
+    response.write(FRAME);
+    return;
+  }
+
+  if (request.queryString === "loadblankframeNav") {
+    let FRAME = `
+      <iframe src="about:blank"
+       onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about_navigation.html'">
+      </iframe>`;
+    response.write(FRAME);
+    return;
+  }
+
+  // inclusion tets
+  if (request.queryString === "loadsrcdocframeInc") {
+    response.write("<iframe srcdoc=\"" + IFRAME_INC + "\"></iframe>");
+    return;
+  }
+
+  if (request.queryString === "loadblankframeInc") {
+    let FRAME = `
+      <iframe id="blankframe" src="about:blank"></iframe>
+      <script>
+        document.getElementById("blankframe").contentDocument.write(\"` + IFRAME_INC +`\");
+      <\/script>`;
+    response.write(FRAME);
+    return;
+  }
+
+  // we should never get here, but just in case return something unexpected
+  response.write("D'oh");
+}
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_about_inclusion.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <script type="application/javascript">
+    window.parent.parent.parent.postMessage({result: document.cookie}, '*');
+  </script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_about_navigation.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <script type="application/javascript">
+    window.parent.postMessage({result: document.cookie}, '*');
+  </script>
+</body>
+</html>
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -13,16 +13,19 @@ support-files =
   file_same_site_cookies_cross_origin_context.sjs
   file_same_site_cookies_from_script.sjs
   file_same_site_cookies_redirect.sjs
   file_same_site_cookies_toplevel_set_cookie.sjs
   file_same_site_cookies_blob_iframe_navigation.html
   file_same_site_cookies_blob_iframe_inclusion.html
   file_same_site_cookies_iframe.html
   file_same_site_cookies_iframe.sjs
+  file_same_site_cookies_about_navigation.html
+  file_same_site_cookies_about_inclusion.html
+  file_same_site_cookies_about.sjs
 
 [test_contentpolicytype_targeted_link_iframe.html]
 [test_nosniff.html]
 [test_block_script_wrong_mime.html]
 [test_block_toplevel_data_navigation.html]
 skip-if = toolkit == 'android' || webrender # intermittent failure; bug 1424752 for webrender
 [test_block_toplevel_data_img_navigation.html]
 skip-if = toolkit == 'android' # intermittent failure
@@ -33,8 +36,9 @@ skip-if = toolkit == 'android'
 [test_block_subresource_redir_to_data.html]
 [test_same_site_cookies_subrequest.html]
 [test_same_site_cookies_toplevel_nav.html]
 [test_same_site_cookies_cross_origin_context.html]
 [test_same_site_cookies_from_script.html]
 [test_same_site_cookies_redirect.html]
 [test_same_site_cookies_toplevel_set_cookie.html]
 [test_same_site_cookies_iframe.html]
+[test_same_site_cookies_about.html]
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_about.html
@@ -0,0 +1,117 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which sets a same site cookie
+ * 2) We then load the following iframes:
+ *    (a) cross-origin iframe
+ *    (b) same-origin iframe
+ *    which both load a:
+ *     * nested about:srcdoc frame and nested about:blank frame
+ *     * navigate about:srcdoc frame and navigate about:blank frame
+ * 3) We evaluate that the same-site cookie is available in the same-origin case.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_about.sjs";
+
+let curTest = 0;
+
+var tests = [
+  // NAVIGATION TESTS
+  {
+    description: "nested same origin iframe about:srcdoc navigation [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
+    frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeNav",
+    result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+  },
+  {
+    description: "nested cross origin iframe about:srcdoc navigation [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeNav",
+    result: "", // no same-site cookie should be available
+  },
+  {
+    description: "nested same origin iframe about:blank navigation [mochi.test -> mochi.test -> about:blank -> mochi.test]",
+    frameSRC: SAME_ORIGIN + PATH + "?loadblankframeNav",
+    result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+  },
+  {
+    description: "nested cross origin iframe about:blank navigation [mochi.test -> example.com -> about:blank -> mochi.test]",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeNav",
+    result: "", // no same-site cookie should be available
+  },
+  // INCLUSION TESTS
+  {
+    description: "nested same origin iframe about:srcdoc inclusion [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
+    frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeInc",
+    result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+  },
+  {
+    description: "nested cross origin iframe about:srcdoc inclusion [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeInc",
+    result: "", // no same-site cookie should be available
+  },
+  {
+    description: "nested same origin iframe about:blank inclusion [mochi.test -> mochi.test -> about:blank -> mochi.test]",
+    frameSRC: SAME_ORIGIN + PATH + "?loadblankframeInc",
+    result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+  },
+  {
+    description: "nested cross origin iframe about:blank inclusion [mochi.test -> example.com -> about:blank -> mochi.test]",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeInc",
+    result: "", // no same-site cookie should be available
+  },
+];
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+  is(event.data.result, tests[curTest].result, tests[curTest].description);
+  curTest += 1;
+
+  // // lets see if we ran all the tests
+  if (curTest == tests.length) {
+    window.removeEventListener("message", receiveMessage);
+    SimpleTest.finish();
+    return;
+  }
+  // otherwise it's time to run the next test
+  setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+  let testframe = document.getElementById("testframe");
+  testframe.src = tests[curTest].frameSRC;
+}
+
+function setCookieAndInitTest() {
+  var cookieImage = document.getElementById("cookieImage");
+  cookieImage.onload = function() {
+    ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+    setupQueryResultAndRunTest();
+  }
+  cookieImage.onerror = function() {
+    ok(false, "could not load image for test (" + tests[curTest].description + ")");
+  }
+  // appending math.random to avoid any unexpected caching behavior
+  cookieImage.src = SAME_ORIGIN + PATH + "?setSameSiteCookie" + Math.random();
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>