Bug 219157 - Test that cookies are set only when domain has permission. r=mcmanus
authorValentin Gosu <valentin.gosu@gmail.com>
Fri, 20 May 2016 02:40:50 +0200
changeset 337978 c18023d517ed93d0e506f410c28ddfa60a2e6eee
parent 337977 f8cb3324570e9479124a7f5ef1cb4a23b6b1465f
child 337979 6647b13a6ad92410d6a71298eded13ca655edbbe
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus
bugs219157
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 219157 - Test that cookies are set only when domain has permission. r=mcmanus MozReview-Commit-ID: 4TGEpvbJxUd
netwerk/test/mochitests/file_cookie_access.html
netwerk/test/mochitests/mochitest.ini
netwerk/test/mochitests/test_cookie_access.html
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/file_cookie_access.html
@@ -0,0 +1,24 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="UTF-8">
+</head>
+<body>
+
+<pre id="test">
+<script type="application/javascript">
+  var old_cookie = document.cookie;
+  document.cookie = location.search.substring(1);
+  var new_cookie = document.cookie;
+  // Post back the previous cookie, and the newly set cookie.
+  window.opener.postMessage(old_cookie+"-"+new_cookie, "http://mochi.test:8888");
+</script>
+</pre>
+
+</body>
+</html>
--- a/netwerk/test/mochitests/mochitest.ini
+++ b/netwerk/test/mochitests/mochitest.ini
@@ -9,24 +9,26 @@ support-files =
   user_agent_update.sjs
   web_packaged_app.sjs
   file_loadinfo_redirectchain.sjs
   redirect_idn.html^headers^
   redirect_idn.html
   empty.html
   redirect.sjs
   !/dom/apps/tests/file_app.sjs
+  file_cookie_access.html
 
 [test_arraybufferinputstream.html]
 [test_partially_cached_content.html]
 [test_rel_preconnect.html]
 [test_uri_scheme.html]
 [test_user_agent_overrides.html]
 [test_user_agent_updates.html]
 [test_user_agent_updates_reset.html]
 [test_viewsource_unlinkable.html]
 [test_xhr_method_case.html]
 [test_web_packaged_app.html]
 skip-if = buildapp != 'mulet'
 [test_loadinfo_redirectchain.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_idn_redirect.html]
 [test_redirect_ref.html]
+[test_cookie_access.html]
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/test_cookie_access.html
@@ -0,0 +1,96 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=219157
+-->
+<head>
+  <meta charset="UTF-8">
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<pre id="test">
+<script type="application/javascript">
+
+SimpleTest.waitForExplicitFinish();
+var URI = "http://sub1.test1.example.com/tests/netwerk/test/mochitests/file_cookie_access.html";
+
+const chromeScript = SpecialPowers.loadChromeScript(_ => {
+  Components.utils.import("resource://gre/modules/Services.jsm");
+  var URI = "http://sub1.test1.example.com/tests/netwerk/test/mochitests/file_cookie_access.html";
+  var cp = Components.classes["@mozilla.org/cookie/permission;1"]
+                     .getService(Components.interfaces.nsICookiePermission);
+  var uriObj = Services.io.newURI(URI, null, null);
+
+  addMessageListener("setAccess", function(allow) { cp.setAccess(uriObj, allow ? cp.ACCESS_ALLOW : cp.ACCESS_DENY); });
+});
+
+var set_cookie = [undefined,     // step 0: there is no step 0
+                  "",            // step 1: set the cookie to ""
+                  "?c00k1e_2",   // step 2: will never be set. Even steps don' have access.
+                  "?c00k1e_3" ,  // step 3: set the cookie to this
+                  "?c00k1e_4" ,  // step 4: will never be set. Even steps don' have access.
+                  "?c00k1e_5" ,  // step 5: set the cookie to this
+                  "?c00k1e_6" ,  // step 6: will never be set. Even steps don' have access.
+                  "",            // step 7: set the cookie to "" - as a cleanup.
+                  ""];           // step 8: will never be set. Even steps don' have access.
+var step = 1;
+function start() {
+  chromeScript.sendSyncMessage("setAccess", step % 2 == 1);
+  var url = URI+set_cookie[step];
+  subwindow = window.open(url);
+}
+
+window.addEventListener("message", receiveMessage, false);
+
+start();
+
+function receiveMessage(event) {
+    switch (step) {
+      // Before: cookie="_WHAT_EVER_". After: cookie="". CAN SET COOKIE
+      case 1: is(event.data.substring(event.data.indexOf('-')),
+                 /* any coookie + */"-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="c00k1e_2". CAN'T SET COOKIE
+      case 2: is(event.data, "-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="c00k1e_3". CAN SET COOKIE
+      case 3: is(event.data, "-c00k1e_3", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_3". After: cookie="c00k1e_3". CAN'T SET COOKIE
+      case 4: is(event.data, "c00k1e_3-c00k1e_3", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_3". After: cookie="c00k1e_5". CAN SET COOKIE
+      case 5: is(event.data, "c00k1e_3-c00k1e_5", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_5". After: cookie="c00k1e_5". CAN'T SET COOKIE
+      case 6: is(event.data, "c00k1e_5-c00k1e_5", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="c00k1e_5". After: cookie="". CAN SET COOKIE
+      case 7: is(event.data, "c00k1e_5-", "Step "+step+" - Got expected cookie"); break;
+
+      // Before: cookie="". After: cookie="". CAN'T SET COOKIE
+      case 8: is(event.data, "-", "Step "+step+" - Got expected cookie"); break;
+
+      default: ok(false, "should not reach this step");
+    }
+    subwindow.close();
+    step++;
+    if (step == 9) {
+      SimpleTest.finish();
+      return;
+    }
+    start();
+}
+
+</script>
+</pre>
+
+</body>
+</html>