Bug 1510860 - Ensure that the cookie service checks the content blocking allow list even for first-party cookies since that's required when we're blocking all cookies; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Thu, 20 Dec 2018 11:09:15 -0500
changeset 451718 e94a166a769c05e9ea0a9dd7ab1c5c2a6246a1aa
parent 451717 2b9466c27a2185685742ea4d5ee21898b9f31168
child 451719 af1ebb7097ec2941910ac78a6d75573589c29866
push id35252
push userccoroiu@mozilla.com
push dateFri, 21 Dec 2018 21:56:22 +0000
treeherdermozilla-central@b23630094b9c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1510860
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1510860 - Ensure that the cookie service checks the content blocking allow list even for first-party cookies since that's required when we're blocking all cookies; r=baku Differential Revision: https://phabricator.services.mozilla.com/D15109
netwerk/cookie/nsCookieService.cpp
toolkit/components/antitracking/test/browser/browser.ini
toolkit/components/antitracking/test/browser/browser_firstPartyCookieRejectionHonoursAllowList.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -1993,18 +1993,18 @@ nsresult nsCookieService::GetCookieStrin
   bool firstPartyStorageAccessGranted = false;
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
   if (httpChannel) {
     isTrackingResource = httpChannel->GetIsTrackingResource();
 
     // Check first-party storage access even for non-tracking resources, since
     // we will need the result when computing the access rights for the reject
     // foreign cookie behavior mode.
-    if (isForeign && AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-                         httpChannel, aHostURI, nullptr)) {
+    if (AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+            httpChannel, aHostURI, nullptr)) {
       firstPartyStorageAccessGranted = true;
     }
   }
 
   OriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
@@ -2094,18 +2094,18 @@ nsresult nsCookieService::SetCookieStrin
   bool firstPartyStorageAccessGranted = false;
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
   if (httpChannel) {
     isTrackingResource = httpChannel->GetIsTrackingResource();
 
     // Check first-party storage access even for non-tracking resources, since
     // we will need the result when computing the access rights for the reject
     // foreign cookie behavior mode.
-    if (isForeign && AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-                         httpChannel, aHostURI, nullptr)) {
+    if (AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+            httpChannel, aHostURI, nullptr)) {
       firstPartyStorageAccessGranted = true;
     }
   }
 
   OriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
--- a/toolkit/components/antitracking/test/browser/browser.ini
+++ b/toolkit/components/antitracking/test/browser/browser.ini
@@ -36,16 +36,17 @@ skip-if = serviceworker_e10s
 [browser_blockingServiceWorkers.js]
 skip-if = (os == "win" && os_version == "6.1" && bits == 32 && !debug) # Bug 1491937
 [browser_blockingSharedWorkers.js]
 skip-if = (os == "win" && os_version == "6.1" && bits == 32 && !debug) # Bug 1491937
 [browser_blockingMessaging.js]
 [browser_blockingNoOpener.js]
 [browser_doublyNestedTracker.js]
 [browser_existingCookiesForSubresources.js]
+[browser_firstPartyCookieRejectionHonoursAllowList.js]
 [browser_imageCache4.js]
 [browser_imageCache4-1.js]
 [browser_imageCache4-2.js]
 [browser_imageCache8.js]
 [browser_onBeforeRequestNotificationForTrackingResources.js]
 [browser_onModifyRequestNotificationForTrackingResources.js]
 [browser_permissionInNormalWindows.js]
 skip-if = serviceworker_e10s
new file mode 100644
--- /dev/null
+++ b/toolkit/components/antitracking/test/browser/browser_firstPartyCookieRejectionHonoursAllowList.js
@@ -0,0 +1,69 @@
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+add_task(async function() {
+  info("Starting subResources test");
+
+  await SpecialPowers.flushPrefEnv();
+  await SpecialPowers.pushPrefEnv({"set": [
+    ["browser.contentblocking.allowlist.annotations.enabled", true],
+    ["browser.contentblocking.allowlist.storage.enabled", true],
+    ["network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT],
+    ["privacy.trackingprotection.enabled", false],
+    ["privacy.trackingprotection.pbmode.enabled", false],
+    ["privacy.trackingprotection.annotate_channels", true],
+  ]});
+
+  let tab = BrowserTestUtils.addTab(gBrowser, TEST_TOP_PAGE);
+  gBrowser.selectedTab = tab;
+
+  let browser = gBrowser.getBrowserForTab(tab);
+  await BrowserTestUtils.browserLoaded(browser);
+
+  info("Disabling content blocking for this page");
+  ContentBlocking.disableForCurrentPage();
+
+  // The previous function reloads the browser, so wait for it to load again!
+  await BrowserTestUtils.browserLoaded(browser);
+
+  await ContentTask.spawn(browser, {},
+                          async function(obj) {
+    await new content.Promise(async resolve => {
+      let document = content.document;
+      let window = document.defaultView;
+
+      is(document.cookie, "", "No cookies for me");
+
+      await window.fetch("server.sjs").then(r => r.text()).then(text => {
+        is(text, "cookie-not-present", "We should not have cookies");
+      });
+
+      document.cookie = "name=value";
+      ok(document.cookie.includes("name=value"), "Some cookies for me");
+      ok(document.cookie.includes("foopy=1"), "Some cookies for me");
+
+      await window.fetch("server.sjs").then(r => r.text()).then(text => {
+        is(text, "cookie-present", "We should have cookies");
+      });
+
+      ok(document.cookie.length, "Some Cookies for me");
+
+      resolve();
+    });
+  });
+
+  info("Enabling content blocking for this page");
+  ContentBlocking.enableForCurrentPage();
+
+  // The previous function reloads the browser, so wait for it to load again!
+  await BrowserTestUtils.browserLoaded(browser);
+
+  BrowserTestUtils.removeTab(tab);
+});
+
+add_task(async function() {
+  info("Cleaning up.");
+  await new Promise(resolve => {
+    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve());
+  });
+});
+