Bug 1515343 - Emit the correct rejection code from the anti-tracking backend when a dynamic storage check fails with a doubly nested iframe. r=baku, a=RyanVM DEVEDITION_65_0b6_BUILD1 DEVEDITION_65_0b6_RELEASE FIREFOX_65_0b6_BUILD1 FIREFOX_65_0b6_RELEASE
authorEhsan Akhgari <ehsan@mozilla.com>
Thu, 20 Dec 2018 13:40:24 +0000
changeset 509118 4f9b811b0f2aa917536f1a0419c5e9a2dcd801e9
parent 509117 fef8ee3bdc39ed3171fc133f9d4215dd7228540f
child 509119 87b3bf32c7badb0ab441a7d2ae68f1efb2cfbeac
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, RyanVM
bugs1515343
milestone65.0
Bug 1515343 - Emit the correct rejection code from the anti-tracking backend when a dynamic storage check fails with a doubly nested iframe. r=baku, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D14993
browser/base/content/test/trackingUI/browser.ini
browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
browser/base/content/test/trackingUI/containerPage.html
browser/base/content/test/trackingUI/cookieSetterPage.html
browser/base/content/test/trackingUI/embeddedPage.html
toolkit/components/antitracking/AntiTrackingCommon.cpp
--- a/browser/base/content/test/trackingUI/browser.ini
+++ b/browser/base/content/test/trackingUI/browser.ini
@@ -1,15 +1,18 @@
 [DEFAULT]
 tags = trackingprotection
 support-files =
   head.js
   benignPage.html
+  containerPage.html
   cookiePage.html
+  cookieSetterPage.html
   cookieServer.sjs
+  embeddedPage.html
   trackingAPI.js
   trackingPage.html
 
 [browser_trackingUI_3.js]
 [browser_trackingUI_animation.js]
 [browser_trackingUI_animation_2.js]
 [browser_trackingUI_appMenu.js]
 [browser_trackingUI_categories.js]
--- a/browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
+++ b/browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
@@ -1,16 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/ */
 
 /* eslint-disable mozilla/no-arbitrary-setTimeout */
 
 "use strict";
 
 const COOKIE_PAGE = "http://not-tracking.example.com/browser/browser/base/content/test/trackingUI/cookiePage.html";
+const CONTAINER_PAGE = "http://not-tracking.example.com/browser/browser/base/content/test/trackingUI/containerPage.html";
 
 const TPC_PREF = "network.cookie.cookieBehavior";
 
 add_task(async function setup() {
   // Avoid the content blocking tour interfering with our tests by popping up.
   await SpecialPowers.pushPrefEnv({set: [[ContentBlocking.prefIntroCount, ContentBlocking.MAX_INTROS]]});
   await UrlClassifierTestUtils.addTestTrackers();
 
@@ -237,8 +238,40 @@ add_task(async function testCookiesSubVi
 
     await ContentTask.spawn(browser, {}, function() {
       content.postMessage("window-close", "*");
     });
   });
 
   Services.prefs.clearUserPref(TPC_PREF);
 });
+
+add_task(async function testCookiesSubViewBlockedDoublyNested() {
+  Services.prefs.setIntPref(TPC_PREF, Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER);
+
+  await BrowserTestUtils.withNewTab(CONTAINER_PAGE, async function(browser) {
+    await openIdentityPopup();
+
+    let categoryItem =
+      document.getElementById("identity-popup-content-blocking-category-cookies");
+    ok(BrowserTestUtils.is_visible(categoryItem), "TP category item is visible");
+    let cookiesView = document.getElementById("identity-popup-cookiesView");
+    let viewShown = BrowserTestUtils.waitForEvent(cookiesView, "ViewShown");
+    categoryItem.click();
+    await viewShown;
+
+    ok(true, "Cookies view was shown");
+
+    let listItems = cookiesView.querySelectorAll(".identity-popup-content-blocking-list-item");
+    is(listItems.length, 1, "We have 1 cookie in the list");
+
+    let listItem = listItems[0];
+    let label = listItem.querySelector(".identity-popup-content-blocking-list-host-label");
+    is(label.value, "http://trackertest.org", "Has an item for trackertest.org");
+    ok(BrowserTestUtils.is_visible(listItem), "List item is visible");
+    ok(!listItem.classList.contains("allowed"), "Indicates whether the cookie was blocked or allowed");
+
+    let button = listItem.querySelector(".identity-popup-permission-remove-button");
+    ok(!button, "Permission remove button doesn't exist");
+  });
+
+  Services.prefs.clearUserPref(TPC_PREF);
+});
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/trackingUI/containerPage.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <iframe src="http://not-tracking.example.com/browser/browser/base/content/test/trackingUI/embeddedPage.html"></iframe>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/trackingUI/cookieSetterPage.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <script> document.cookie = "foo=bar"; </script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/trackingUI/embeddedPage.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <iframe src="http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieSetterPage.html"></iframe>
+</body>
+</html>
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@@ -931,16 +931,17 @@ bool AntiTrackingCommon::IsFirstPartySto
   nsCOMPtr<nsIPrincipal> parentPrincipal;
   nsCOMPtr<nsIURI> parentPrincipalURI;
   nsCOMPtr<nsIURI> trackingURI;
   nsAutoCString trackingOrigin;
   if (!GetParentPrincipalAndTrackingOrigin(
           nsGlobalWindowInner::Cast(aWindow), getter_AddRefs(parentPrincipal),
           trackingOrigin, getter_AddRefs(trackingURI), nullptr)) {
     LOG(("Failed to obtain the parent principal and the tracking origin"));
+    *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER;
     return false;
   }
   Unused << parentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
 
   if (CompareBaseDomains(trackingURI, parentPrincipalURI)) {
     LOG(
         ("Grant access across the same eTLD+1 because same domain trackers "
          "are considered part of the same organization"));
@@ -1177,16 +1178,17 @@ bool AntiTrackingCommon::IsFirstPartySto
   nsIPrincipal* parentPrincipal = loadInfo->GetTopLevelStorageAreaPrincipal();
   if (!parentPrincipal) {
     LOG(("No top-level storage area principal at hand"));
 
     // parentPrincipal can be null if the parent window is not the top-level
     // window.
     if (loadInfo->GetTopLevelPrincipal()) {
       LOG(("Parent window is the top-level window, bail out early"));
+      *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER;
       return false;
     }
 
     parentPrincipal = toplevelPrincipal;
     if (NS_WARN_IF(!parentPrincipal)) {
       LOG(
           ("No triggering principal, this shouldn't be happening! Bail out "
            "early"));