firefox-main/toolkit/components/url-classifier/tests/browser/browser_third_party_only_annotations.js (file symbol)

Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
let { UrlClassifierTestUtils } = ChromeUtils.importESModule(
);
const ANTIFRAUD_DOMAIN = "https://anti-fraud.example.org/";
const ANTIFRAUD_IMAGE = ANTIFRAUD_DOMAIN + TEST_PATH + "raptor.jpg";
const ANTIFRAUD_PAGE = ANTIFRAUD_DOMAIN + TEST_PATH + "page.html";
const CONSENTMANAGER_DOMAIN = "https://consent-manager.example.org/";
const CONSENTMANAGER_IMAGE = CONSENTMANAGER_DOMAIN + TEST_PATH + "raptor.jpg";
const CONSENTMANAGER_PAGE = CONSENTMANAGER_DOMAIN + TEST_PATH + "page.html";
function captureFlagsForRequest(expectedURLPrePath) {
let flags = null;
let observer = subject => {
let httpChannel = subject.QueryInterface(Ci.nsIHttpChannel);
if (!httpChannel.URI.spec.startsWith(expectedURLPrePath)) {
return;
}
flags = subject.QueryInterface(Ci.nsIClassifiedChannel).classificationFlags;
};
Services.obs.addObserver(observer, "http-on-stop-request");
return {
get() {
return flags;
},
cleanup() {
try {
Services.obs.removeObserver(observer, "http-on-stop-request");
} catch (e) {
// already removed
}
},
};
}
add_setup(async function () {
await UrlClassifierTestUtils.addTestTrackers();
registerCleanupFunction(function () {
UrlClassifierTestUtils.cleanupTestTrackers();
});
await SpecialPowers.pushPrefEnv({
set: [
[
"urlclassifier.features.antifraud.annotate.blocklistTables",
"mochitest7-track-simple",
],
[
"urlclassifier.features.consentmanager.annotate.blocklistTables",
"mochitest6-track-simple",
],
// ConsentManager and AntiFraud annotation features both require ETP to
// be enabled. We rely on the skip prefs (set below) to prevent actual
// blocking by tracking protection so we can observe the annotation flag.
["privacy.trackingprotection.enabled", true],
// AntiFraud annotation also requires fingerprinting protection to be on.
["privacy.trackingprotection.fingerprinting.enabled", true],
["privacy.trackingprotection.cryptomining.enabled", false],
["privacy.trackingprotection.emailtracking.enabled", false],
["privacy.trackingprotection.socialtracking.enabled", false],
["privacy.trackingprotection.annotate_channels", true],
["privacy.trackingprotection.antifraud.annotate_channels", true],
["privacy.trackingprotection.consentmanager.annotate_channels", true],
["privacy.trackingprotection.antifraud.skip.enabled", true],
["privacy.trackingprotection.antifraud.skip.pbmode.enabled", true],
["privacy.trackingprotection.consentmanager.skip.enabled", true],
["privacy.trackingprotection.consentmanager.skip.pbmode.enabled", true],
],
});
});
add_task(async function test_antifraud_first_party_no_annotation() {
// Top-level navigation to the AntiFraud-listed domain, then load a
// same-origin subresource. Because part 3 short-circuits MaybeCreate when
// the request is not third-party-to-top, no AntiFraud feature should be
// attached to the channel and the flag must NOT be set.
const tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
ANTIFRAUD_PAGE
);
let capture = captureFlagsForRequest(ANTIFRAUD_IMAGE);
let loaded = await loadImage(tab.linkedBrowser, ANTIFRAUD_IMAGE);
ok(loaded, "First-party AntiFraud image loads");
isnot(capture.get(), null, "Captured flags for first-party request");
is(
capture.get() & Ci.nsIClassifiedChannel.CLASSIFIED_ANTIFRAUD,
0,
"First-party request is NOT classified as AntiFraud"
);
capture.cleanup();
await BrowserTestUtils.removeTab(tab);
});
add_task(async function test_antifraud_third_party_annotation() {
// Same image, but loaded as a third-party subresource. The AntiFraud
// annotation flag must be set.
const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_PAGE);
let capture = captureFlagsForRequest(ANTIFRAUD_IMAGE);
let loaded = await loadImage(tab.linkedBrowser, ANTIFRAUD_IMAGE);
ok(loaded, "Third-party AntiFraud image loads (skip pref enabled)");
isnot(capture.get(), null, "Captured flags for third-party request");
ok(
capture.get() & Ci.nsIClassifiedChannel.CLASSIFIED_ANTIFRAUD,
"Third-party request IS classified as AntiFraud"
);
capture.cleanup();
await BrowserTestUtils.removeTab(tab);
});
add_task(async function test_consentmanager_first_party_no_annotation() {
const tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
CONSENTMANAGER_PAGE
);
let capture = captureFlagsForRequest(CONSENTMANAGER_IMAGE);
let loaded = await loadImage(tab.linkedBrowser, CONSENTMANAGER_IMAGE);
ok(loaded, "First-party ConsentManager image loads");
isnot(capture.get(), null, "Captured flags for first-party request");
is(
capture.get() & Ci.nsIClassifiedChannel.CLASSIFIED_CONSENTMANAGER,
0,
"First-party request is NOT classified as ConsentManager"
);
capture.cleanup();
await BrowserTestUtils.removeTab(tab);
});
add_task(async function test_consentmanager_third_party_annotation() {
const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_PAGE);
let capture = captureFlagsForRequest(CONSENTMANAGER_IMAGE);
let loaded = await loadImage(tab.linkedBrowser, CONSENTMANAGER_IMAGE);
ok(loaded, "Third-party ConsentManager image loads (skip pref enabled)");
isnot(capture.get(), null, "Captured flags for third-party request");
ok(
capture.get() & Ci.nsIClassifiedChannel.CLASSIFIED_CONSENTMANAGER,
"Third-party request IS classified as ConsentManager"
);
capture.cleanup();
await BrowserTestUtils.removeTab(tab);
});