Bug 1510860 - Ensure that the cookie service checks the content blocking allow list even for first-party cookies since that's required when we're blocking all cookies. r=baku, a=RyanVM
authorEhsan Akhgari <ehsan@mozilla.com>
Thu, 20 Dec 2018 11:09:15 -0500
changeset 509146 dd9715b4ca42bbcf6d2de6338fff3c598ebdc6d3
parent 509145 be15ceade8ab5990345f4e60163386082f99962b
child 509147 da9b699d146d3663421b3276b63a4ca59b373303
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, RyanVM
bugs1510860
milestone65.0
Bug 1510860 - Ensure that the cookie service checks the content blocking allow list even for first-party cookies since that's required when we're blocking all cookies. r=baku, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D15109
netwerk/cookie/nsCookieService.cpp
toolkit/components/antitracking/test/browser/browser.ini
toolkit/components/antitracking/test/browser/browser_firstPartyCookieRejectionHonoursAllowList.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -1993,18 +1993,18 @@ nsresult nsCookieService::GetCookieStrin
   bool firstPartyStorageAccessGranted = false;
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
   if (httpChannel) {
     isTrackingResource = httpChannel->GetIsTrackingResource();
 
     // Check first-party storage access even for non-tracking resources, since
     // we will need the result when computing the access rights for the reject
     // foreign cookie behavior mode.
-    if (isForeign && AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-                         httpChannel, aHostURI, nullptr)) {
+    if (AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+            httpChannel, aHostURI, nullptr)) {
       firstPartyStorageAccessGranted = true;
     }
   }
 
   OriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
@@ -2094,18 +2094,18 @@ nsresult nsCookieService::SetCookieStrin
   bool firstPartyStorageAccessGranted = false;
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
   if (httpChannel) {
     isTrackingResource = httpChannel->GetIsTrackingResource();
 
     // Check first-party storage access even for non-tracking resources, since
     // we will need the result when computing the access rights for the reject
     // foreign cookie behavior mode.
-    if (isForeign && AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-                         httpChannel, aHostURI, nullptr)) {
+    if (AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+            httpChannel, aHostURI, nullptr)) {
       firstPartyStorageAccessGranted = true;
     }
   }
 
   OriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
--- a/toolkit/components/antitracking/test/browser/browser.ini
+++ b/toolkit/components/antitracking/test/browser/browser.ini
@@ -35,16 +35,17 @@ skip-if = serviceworker_e10s
 [browser_blockingServiceWorkers.js]
 skip-if = (os == "win" && os_version == "6.1" && bits == 32 && !debug) # Bug 1491937
 [browser_blockingSharedWorkers.js]
 skip-if = (os == "win" && os_version == "6.1" && bits == 32 && !debug) # Bug 1491937
 [browser_blockingMessaging.js]
 [browser_blockingNoOpener.js]
 [browser_doublyNestedTracker.js]
 [browser_existingCookiesForSubresources.js]
+[browser_firstPartyCookieRejectionHonoursAllowList.js]
 [browser_imageCache4.js]
 [browser_imageCache4-1.js]
 [browser_imageCache4-2.js]
 [browser_imageCache8.js]
 [browser_onBeforeRequestNotificationForTrackingResources.js]
 [browser_onModifyRequestNotificationForTrackingResources.js]
 [browser_permissionInNormalWindows.js]
 skip-if = serviceworker_e10s
new file mode 100644
--- /dev/null
+++ b/toolkit/components/antitracking/test/browser/browser_firstPartyCookieRejectionHonoursAllowList.js
@@ -0,0 +1,69 @@
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+add_task(async function() {
+  info("Starting subResources test");
+
+  await SpecialPowers.flushPrefEnv();
+  await SpecialPowers.pushPrefEnv({"set": [
+    ["browser.contentblocking.allowlist.annotations.enabled", true],
+    ["browser.contentblocking.allowlist.storage.enabled", true],
+    ["network.cookie.cookieBehavior", Ci.nsICookieService.BEHAVIOR_REJECT],
+    ["privacy.trackingprotection.enabled", false],
+    ["privacy.trackingprotection.pbmode.enabled", false],
+    ["privacy.trackingprotection.annotate_channels", true],
+  ]});
+
+  let tab = BrowserTestUtils.addTab(gBrowser, TEST_TOP_PAGE);
+  gBrowser.selectedTab = tab;
+
+  let browser = gBrowser.getBrowserForTab(tab);
+  await BrowserTestUtils.browserLoaded(browser);
+
+  info("Disabling content blocking for this page");
+  ContentBlocking.disableForCurrentPage();
+
+  // The previous function reloads the browser, so wait for it to load again!
+  await BrowserTestUtils.browserLoaded(browser);
+
+  await ContentTask.spawn(browser, {},
+                          async function(obj) {
+    await new content.Promise(async resolve => {
+      let document = content.document;
+      let window = document.defaultView;
+
+      is(document.cookie, "", "No cookies for me");
+
+      await window.fetch("server.sjs").then(r => r.text()).then(text => {
+        is(text, "cookie-not-present", "We should not have cookies");
+      });
+
+      document.cookie = "name=value";
+      ok(document.cookie.includes("name=value"), "Some cookies for me");
+      ok(document.cookie.includes("foopy=1"), "Some cookies for me");
+
+      await window.fetch("server.sjs").then(r => r.text()).then(text => {
+        is(text, "cookie-present", "We should have cookies");
+      });
+
+      ok(document.cookie.length, "Some Cookies for me");
+
+      resolve();
+    });
+  });
+
+  info("Enabling content blocking for this page");
+  ContentBlocking.enableForCurrentPage();
+
+  // The previous function reloads the browser, so wait for it to load again!
+  await BrowserTestUtils.browserLoaded(browser);
+
+  BrowserTestUtils.removeTab(tab);
+});
+
+add_task(async function() {
+  info("Cleaning up.");
+  await new Promise(resolve => {
+    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve());
+  });
+});
+