Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
authorYoshi Huang <allstars.chh@mozilla.com>
Mon, 07 Nov 2016 14:59:05 +0800
changeset 324972 66d8dfee23cacdfa28154cdd5be3bacf030d07f5
parent 324971 c1f5a73d1a471b581276f29a4aea0b7f62ec5f58
child 324973 d4b9373141c6a50c3db80891f5b0727c04dc5a46
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewerssmaug
bugs1315602
milestone53.0a1
Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
browser/components/originattributes/test/browser/browser.ini
browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
browser/components/originattributes/test/browser/test_form.html
browser/components/originattributes/test/browser/window2.html
browser/components/originattributes/test/browser/window3.html
browser/components/originattributes/test/browser/window_redirect.html
netwerk/protocol/http/HttpBaseChannel.cpp
--- a/browser/components/originattributes/test/browser/browser.ini
+++ b/browser/components/originattributes/test/browser/browser.ini
@@ -39,19 +39,25 @@ support-files =
   test2.html
   test2.js
   test2.js^headers^
   test_firstParty.html
   test_firstParty_cookie.html
   test_firstParty_html_redirect.html
   test_firstParty_http_redirect.html
   test_firstParty_http_redirect.html^headers^
+  test_firstParty_http_redirect_to_same_domain.html
+  test_firstParty_http_redirect_to_same_domain.html^headers^
   test_firstParty_iframe_http_redirect.html
   test_firstParty_postMessage.html
+  test_form.html
   window.html
+  window2.html
+  window3.html
+  window_redirect.html
   worker_blobify.js
   worker_deblobify.js
 
 [browser_broadcastChannel.js]
 [browser_cache.js]
 [browser_cookieIsolation.js]
 [browser_favicon_firstParty.js]
 [browser_favicon_userContextId.js]
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
@@ -167,8 +167,113 @@ add_task(function* openWindow_test() {
     Assert.equal(iframe.contentDocument.nodePrincipal.originAttributes.firstPartyDomain,
                  attrs.firstPartyDomain, "iframe should have firstPartyDomain");
   });
 
   gBrowser.removeTab(tab);
   yield BrowserTestUtils.closeWindow(win);
 });
 
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will have firstPartyDomain set.
+ */
+add_task(function* window_open_redirect_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window_redirect.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 attrs.firstPartyDomain, "The document should have firstPartyDomain");
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will inherit the firstPartyDomain attribute.
+ * However the top-level document will override the firstPartyDomain if the
+ * document is from another domain.
+ */
+add_task(function* window_open_iframe_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window2.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+
+    // The document is http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html
+    // so the firstPartyDomain will be overriden to 'example.com'.
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "The document should have firstPartyDomain");
+
+    let iframe = content.document.getElementById("iframe1");
+    Assert.equal(iframe.frameLoader.docShell.getOriginAttributes().firstPartyDomain,
+                 "example.com", "iframe's docshell should have firstPartyDomain");
+    Assert.equal(iframe.contentDocument.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "iframe should have firstPartyDomain");
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * Test for the loadInfo->TriggeringPrincipal is the document itself.
+ */
+add_task(function* form_test() {
+  let tab = gBrowser.addTab(BASE_URL + "test_form.html");
+  yield BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+  yield ContentTask.spawn(tab.linkedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 attrs.firstPartyDomain, "The document should have firstPartyDomain");
+
+    let submit = content.document.getElementById("submit");
+    submit.click();
+  });
+
+  gBrowser.removeTab(tab);
+});
+
+/**
+ * Another test for loadInfo->TriggeringPrincipal in the window.open case.
+ */
+add_task(function* window_open_form_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window3.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "The document should have firstPartyDomain");
+
+    let submit = content.document.getElementById("submit");
+    submit.click();
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8"/>
+  <title>Test for Bug 1260931</title>
+</head>
+<body>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
@@ -0,0 +1,2 @@
+HTTP 302 Found
+Location: http://mochi.test:8888/browser/browser/components/originattributes/test/browser/dummy.html
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_form.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1260931</title>
+</head>
+<body>
+<form action="test_firstParty_http_redirect_to_same_domain.html" method="POST">
+   First name: <input type="text" name="fname"><br>
+   Last name: <input type="text" name="lname"><br>
+   <input type="submit" id="submit" value="Submit">
+</form>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window2.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html", "test");
+    </script>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window3.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_form.html", "test");
+    </script>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window_redirect.html
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open('test_firstParty_http_redirect_to_same_domain.html', "test");
+    </script>
+  </body>
+</html>
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2945,18 +2945,16 @@ HttpBaseChannel::SetupReplacementChannel
 
     if (isTopLevelDoc) {
       nsCOMPtr<nsILoadContext> loadContext;
       NS_QueryNotificationCallbacks(this, loadContext);
       DocShellOriginAttributes docShellAttrs;
       if (loadContext) {
         loadContext->GetOriginAttributes(docShellAttrs);
       }
-      MOZ_ASSERT(docShellAttrs.mFirstPartyDomain.IsEmpty(),
-                 "top-level docshell shouldn't have firstPartyDomain attribute.");
 
       NeckoOriginAttributes attrs = newLoadInfo->GetOriginAttributes();
 
       MOZ_ASSERT(docShellAttrs.mUserContextId == attrs.mUserContextId,
                 "docshell and necko should have the same userContextId attribute.");
       MOZ_ASSERT(docShellAttrs.mInIsolatedMozBrowser == attrs.mInIsolatedMozBrowser,
                 "docshell and necko should have the same inIsolatedMozBrowser attribute.");
       MOZ_ASSERT(docShellAttrs.mPrivateBrowsingId == attrs.mPrivateBrowsingId,