Bug 1741204 - Consolidate cookie policy into one Behavior policy. r=pbz a=pascalc
authorMike Kaply <mozilla@kaply.com>
Wed, 24 Nov 2021 16:03:02 -0600
changeset 666941 dcbd9ffedd9ef5ea18cc78ccced0a379ffdcf31a
parent 666940 0d548a8b193a9f8b0551c4e425c0e80d4d954852
child 666942 b4588bb55ef72513ab9b22e0ed023aa384c84fb4
push id16097
push userpchevrel@mozilla.com
push dateThu, 25 Nov 2021 10:13:15 +0000
treeherdermozilla-beta@dcbd9ffedd9e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspbz, pascalc
bugs1741204
milestone95.0
Bug 1741204 - Consolidate cookie policy into one Behavior policy. r=pbz a=pascalc
browser/components/enterprisepolicies/Policies.jsm
browser/components/enterprisepolicies/schemas/policies-schema.json
browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -418,68 +418,90 @@ var Policies = {
             Services.cookies.removeCookiesWithOriginAttributes(
               "{}",
               blocked.hostname
             );
           }
         });
       }
 
-      if (
-        param.Default !== undefined ||
-        param.AcceptThirdParty !== undefined ||
-        param.RejectTracker !== undefined ||
-        param.Locked
-      ) {
-        const ACCEPT_COOKIES = 0;
-        const REJECT_THIRD_PARTY_COOKIES = 1;
-        const REJECT_ALL_COOKIES = 2;
-        const REJECT_UNVISITED_THIRD_PARTY = 3;
-        const REJECT_TRACKER = 4;
-
-        let newCookieBehavior = ACCEPT_COOKIES;
-        if (param.Default !== undefined && !param.Default) {
-          newCookieBehavior = REJECT_ALL_COOKIES;
-        } else if (param.AcceptThirdParty) {
-          if (param.AcceptThirdParty == "never") {
-            newCookieBehavior = REJECT_THIRD_PARTY_COOKIES;
-          } else if (param.AcceptThirdParty == "from-visited") {
-            newCookieBehavior = REJECT_UNVISITED_THIRD_PARTY;
-          }
-        } else if (param.RejectTracker !== undefined && param.RejectTracker) {
-          newCookieBehavior = REJECT_TRACKER;
-        }
-
-        setDefaultPref(
-          "network.cookie.cookieBehavior",
-          newCookieBehavior,
-          param.Locked
-        );
-        setDefaultPref(
-          "network.cookie.cookieBehavior.pbmode",
-          newCookieBehavior,
-          param.Locked
-        );
-      }
-
-      const KEEP_COOKIES_UNTIL_EXPIRATION = 0;
-      const KEEP_COOKIES_UNTIL_END_OF_SESSION = 2;
-
       if (param.ExpireAtSessionEnd !== undefined || param.Locked) {
-        let newLifetimePolicy = KEEP_COOKIES_UNTIL_EXPIRATION;
+        let newLifetimePolicy = Ci.nsICookieService.ACCEPT_NORMALLY;
         if (param.ExpireAtSessionEnd) {
-          newLifetimePolicy = KEEP_COOKIES_UNTIL_END_OF_SESSION;
+          newLifetimePolicy = Ci.nsICookieService.ACCEPT_SESSION;
         }
 
         setDefaultPref(
           "network.cookie.lifetimePolicy",
           newLifetimePolicy,
           param.Locked
         );
       }
+
+      // New Cookie Behavior option takes precendence
+      let defaultPref = Services.prefs.getDefaultBranch("");
+      let newCookieBehavior = defaultPref.getIntPref(
+        "network.cookie.cookieBehavior"
+      );
+      let newCookieBehaviorPB = defaultPref.getIntPref(
+        "network.cookie.cookieBehavior.pbmode"
+      );
+      if ("Behavior" in param || "BehaviorPrivateBrowsing" in param) {
+        let behaviors = {
+          accept: Ci.nsICookieService.BEHAVIOR_ACCEPT,
+          "reject-foreign": Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN,
+          reject: Ci.nsICookieService.BEHAVIOR_REJECT,
+          "limit-foreign": Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN,
+          "reject-tracker": Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER,
+          "reject-tracker-and-partition-foreign":
+            Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN,
+        };
+        if ("Behavior" in param) {
+          newCookieBehavior = behaviors[param.Behavior];
+        }
+        if ("BehaviorPrivateBrowsing" in param) {
+          newCookieBehaviorPB = behaviors[param.BehaviorPrivateBrowsing];
+        }
+      } else {
+        // Default, AcceptThirdParty, and RejectTracker are being
+        // deprecated in favor of Behavior. They will continue
+        // to be supported, though.
+        if (
+          param.Default !== undefined ||
+          param.AcceptThirdParty !== undefined ||
+          param.RejectTracker !== undefined ||
+          param.Locked
+        ) {
+          newCookieBehavior = Ci.nsICookieService.BEHAVIOR_ACCEPT;
+          if (param.Default !== undefined && !param.Default) {
+            newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT;
+          } else if (param.AcceptThirdParty) {
+            if (param.AcceptThirdParty == "never") {
+              newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
+            } else if (param.AcceptThirdParty == "from-visited") {
+              newCookieBehavior = Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
+            }
+          } else if (param.RejectTracker) {
+            newCookieBehavior = Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
+          }
+        }
+        // With the old cookie policy, we made private browsing the same.
+        newCookieBehaviorPB = newCookieBehavior;
+      }
+      // We set the values no matter what just in case the policy was only used to lock.
+      setDefaultPref(
+        "network.cookie.cookieBehavior",
+        newCookieBehavior,
+        param.Locked
+      );
+      setDefaultPref(
+        "network.cookie.cookieBehavior.pbmode",
+        newCookieBehaviorPB,
+        param.Locked
+      );
     },
   },
 
   DefaultDownloadDirectory: {
     onBeforeAddons(manager, param) {
       setDefaultPref("browser.download.dir", replacePathVariables(param));
       // If a custom download directory is being used, just lock folder list to 2.
       setAndLockPref("browser.download.folderList", 2);
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -212,17 +212,28 @@
         },
 
         "ExpireAtSessionEnd": {
           "type": "boolean"
         },
 
         "Locked": {
           "type": "boolean"
+        },
+
+        "Behavior": {
+          "type": "string",
+          "enum": ["accept", "reject-foreign", "reject", "limit-foreign", "reject-tracker", "reject-tracker-and-partition-foreign"]
+        },
+
+        "BehaviorPrivateBrowsing": {
+          "type": "string",
+          "enum": ["accept", "reject-foreign", "reject", "limit-foreign", "reject-tracker", "reject-tracker-and-partition-foreign"]
         }
+
       }
     },
 
     "DefaultDownloadDirectory": {
       "type": "string"
     },
 
     "DisableAppUpdate": {
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
@@ -812,16 +812,100 @@ const POLICIES_TESTS = [
   {
     policies: {
       WindowsSSO: true,
     },
     lockedPrefs: {
       "network.http.windows-sso.enabled": true,
     },
   },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "accept",
+        BehaviorPrivateBrowsing: "reject-foreign",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 0,
+      "network.cookie.cookieBehavior.pbmode": 1,
+    },
+  },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "reject-foreign",
+        BehaviorPrivateBrowsing: "reject",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 1,
+      "network.cookie.cookieBehavior.pbmode": 2,
+    },
+  },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "reject",
+        BehaviorPrivateBrowsing: "limit-foreign",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 2,
+      "network.cookie.cookieBehavior.pbmode": 3,
+    },
+  },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "limit-foreign",
+        BehaviorPrivateBrowsing: "reject-tracker",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 3,
+      "network.cookie.cookieBehavior.pbmode": 4,
+    },
+  },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "reject-tracker",
+        BehaviorPrivateBrowsing: "reject-tracker-and-partition-foreign",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 4,
+      "network.cookie.cookieBehavior.pbmode": 5,
+    },
+  },
+
+  {
+    policies: {
+      Cookies: {
+        Behavior: "reject-tracker-and-partition-foreign",
+        BehaviorPrivateBrowsing: "accept",
+        Locked: true,
+      },
+    },
+    lockedPrefs: {
+      "network.cookie.cookieBehavior": 5,
+      "network.cookie.cookieBehavior.pbmode": 0,
+    },
+  },
 ];
 
 add_task(async function test_policy_simple_prefs() {
   for (let test of POLICIES_TESTS) {
     await setupPolicyEngineWithJson({
       policies: test.policies,
     });