Bug 1279568 - Modify thumbnails tests to make sure cookies can't be set by document.cookies or xhr. r=markh
authorJonathan Hao <jhao@mozilla.com>
Sat, 09 Jul 2016 21:41:30 +0800
changeset 344427 df69a26957d3104517da062650291f77d402645e
parent 344426 a60cf1b7124aa067e96cdd751ac526008f96ff8a
child 344428 2262d40c51c633aea4bfe5fdb152184fbcb20006
push id6389
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:38:22 +0000
treeherdermozilla-beta@01d67bfe6c81 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmarkh
bugs1279568
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1279568 - Modify thumbnails tests to make sure cookies can't be set by document.cookies or xhr. r=markh
toolkit/components/thumbnails/test/browser_thumbnails_bg_no_cookies_stored.js
toolkit/components/thumbnails/test/thumbnails_background.sjs
--- a/toolkit/components/thumbnails/test/browser_thumbnails_bg_no_cookies_stored.js
+++ b/toolkit/components/thumbnails/test/browser_thumbnails_bg_no_cookies_stored.js
@@ -1,15 +1,19 @@
 /* Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/ */
 
 // check that if a page captured in the background attempts to set a cookie,
 // that cookie is not saved for subsequent requests.
 function* runTests() {
-  let url = bgTestPageURL({ setRedCookie: true });
+  let url = bgTestPageURL({
+    setRedCookie: true,
+    iframe: bgTestPageURL({ setRedCookie: true}),
+    xhr: bgTestPageURL({ setRedCookie: true})
+  });
   ok(!thumbnailExists(url), "Thumbnail file should not exist before capture.");
   yield bgCapture(url);
   ok(thumbnailExists(url), "Thumbnail file should exist after capture.");
   removeThumbnail(url);
   // now load it up in a browser - it should *not* be red, otherwise the
   // cookie above was saved.
   let tab = gBrowser.loadOneTab(url, { inBackground: false });
   let browser = tab.linkedBrowser;
--- a/toolkit/components/thumbnails/test/thumbnails_background.sjs
+++ b/toolkit/components/thumbnails/test/thumbnails_background.sjs
@@ -12,32 +12,51 @@ function handleRequest(req, resp) {
   resp.setHeader("Content-Type", "text/html;charset=utf-8", false);
 
   let opts = {};
   try {
     opts = JSON.parse(decodeURIComponent(req.queryString));
   }
   catch (err) {}
 
-  if (opts.setRedCookie)
+  let setCookieScript = "";
+  if (opts.setRedCookie) {
     resp.setHeader("Set-Cookie", "red", false);
+    setCookieScript = '<script>document.cookie="red";</script>';
+  }
+
+  if (opts.setGreenCookie) {
+    resp.setHeader("Set-Cookie", "green", false);
+    setCookieScript = '<script>document.cookie="green";</script>';
+  }
 
-  if (opts.setGreenCookie)
-    resp.setHeader("Set-Cookie", "green", false);
+  if (opts.iframe) {
+    setCookieScript += '<iframe src="' + opts.iframe + '" />';
+  }
+
+  if (opts.xhr) {
+    setCookieScript += `
+      <script>
+         var req = new XMLHttpRequest();
+         req.open("GET", "${opts.xhr}", true);
+         req.send();
+      </script>
+    `;
+  }
 
   if (req.hasHeader("Cookie") &&
       req.getHeader("Cookie").split(";").indexOf("red") >= 0) {
-    resp.write('<html style="background: #f00;"></html>');
+    resp.write('<html style="background: #f00;">' + setCookieScript + '</html>');
     resp.finish();
     return;
   }
 
   if (req.hasHeader("Cookie") &&
       req.getHeader("Cookie").split(";").indexOf("green") >= 0) {
-    resp.write('<html style="background: #0f0;"></html>');
+    resp.write('<html style="background: #0f0;">' + setCookieScript + '</html>');
     resp.finish();
     return;
   }
 
   if (opts.redirect) {
     resp.setHeader("Location", opts.redirect);
     resp.setStatusLine(null, 303, null);
     resp.finish();
@@ -50,11 +69,11 @@ function handleRequest(req, resp) {
             createInstance(Components.interfaces.nsITimer);
     timer.init(function ding() {
       resp.write("OK!");
       resp.finish();
     }, opts.wait, Components.interfaces.nsITimer.TYPE_ONE_SHOT);
     return;
   }
 
-  resp.write("<pre>" + JSON.stringify(opts, undefined, 2) + "</pre>");
+  resp.write("<pre>" + JSON.stringify(opts, undefined, 2) + "</pre>" + setCookieScript);
   resp.finish();
 }