browser_storageAccess_TopLevel_CrossOriginSameSite.js

Enable keyboard shortcuts

This test gets skipped with pattern: os == 'linux' && os_version == '18.04' && asan OR os == 'linux' && os_version == '18.04' && tsan OR debug
Manifest: toolkit/components/antitracking/test/browser/browser.toml

add_task(async function testIntermediatePreferenceReadSameSite() {

  await SpecialPowers.pushPrefEnv({

    set: [

      ["dom.storage_access.enabled", true],

      ["dom.storage_access.forward_declared.enabled", true],

        "network.cookie.cookieBehavior",

        BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN,

],

      ["dom.storage_access.auto_grants", false],

      ["dom.storage_access.max_concurrent_auto_grants", 1],

],

});

  let tab = await BrowserTestUtils.openNewForegroundTab({

    gBrowser,

    url: TEST_DOMAIN_7,

});

  let browser = tab.linkedBrowser;

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {

    SpecialPowers.wrap(content.document).notifyUserGestureActivation();

    var p = content.document.completeStorageAccessRequestFromSite(tp);

    try {

      await p;

      ok(false, "Must not resolve.");

    } catch {

      ok(true, "Must reject because we don't have the initial request.");

});

  await SpecialPowers.pushPermissions([

      type: "AllowStorageAccessRequest^https://example.com",

      allow: 1,

      context: TEST_DOMAIN_7,

},

]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {

    SpecialPowers.wrap(content.document).notifyUserGestureActivation();

    var p = content.document.completeStorageAccessRequestFromSite(tp);

    try {

      await p;

      ok(false, "Must not resolve.");

    } catch {

      ok(true, "Must reject because the permission is cross site.");

});

  await SpecialPowers.pushPermissions([

      type: "AllowStorageAccessRequest^https://example.org",

      allow: 1,

      context: TEST_DOMAIN_7,

},

]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {

    SpecialPowers.wrap(content.document).notifyUserGestureActivation();

    var p = content.document.completeStorageAccessRequestFromSite(tp);

    try {

      await p;

ok(

        true,

        "Must resolve now that we have the permission from the embedee."

);

    } catch {

      ok(false, "Must not reject.");

});

  await SpecialPowers.pushPermissions([

      type: "AllowStorageAccessRequest^https://example.org",

      allow: 1,

      context: TEST_DOMAIN_8,

},

]);

  await SpecialPowers.spawn(browser, [TEST_3RD_PARTY_DOMAIN], async tp => {

    SpecialPowers.wrap(content.document).notifyUserGestureActivation();

    var p = content.document.completeStorageAccessRequestFromSite(tp);

    try {

      await p;

ok(

        true,

        "Must resolve now that we have the permission from the embedee."

);

    } catch {

      ok(false, "Must not reject.");

});

  await BrowserTestUtils.removeTab(tab);

});

// Note: TEST_DOMAIN_7 and TEST_DOMAIN_8 are Same-Site

add_task(async function testIntermediatePreferenceWriteCrossOrigin() {

  await SpecialPowers.pushPrefEnv({

    set: [

      ["dom.storage_access.enabled", true],

      ["dom.storage_access.forward_declared.enabled", true],

        "network.cookie.cookieBehavior",

        BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN,

],

      ["dom.storage_access.auto_grants", false],

      ["dom.storage_access.max_concurrent_auto_grants", 1],

],

});

  let tab = await BrowserTestUtils.openNewForegroundTab({

    gBrowser,

    url: TEST_3RD_PARTY_PAGE,

});

  let browser = tab.linkedBrowser;

  await SpecialPowers.spawn(browser, [TEST_DOMAIN_8], async tp => {

    SpecialPowers.wrap(content.document).notifyUserGestureActivation();

    var p = content.document.requestStorageAccessUnderSite(tp);

    try {

      await p;

ok(

        true,

        "Must resolve- no funny business here, we just want to set the intermediate pref"

);

    } catch {

      ok(false, "Must not reject.");

});

  let principal =

    Services.scriptSecurityManager.createContentPrincipalFromOrigin(

      TEST_DOMAIN_8

);

  // Important to note that this is the site but not origin of TEST_3RD_PARTY_PAGE

  var permission = Services.perms.testPermissionFromPrincipal(

    principal,

    "AllowStorageAccessRequest^https://example.org"

);

  ok(permission == Services.perms.ALLOW_ACTION);

  // Test that checking the permission across site works

  principal =

    Services.scriptSecurityManager.createContentPrincipalFromOrigin(

      TEST_DOMAIN_7

);

  // Important to note that this is the site but not origin of TEST_3RD_PARTY_PAGE

  permission = Services.perms.testPermissionFromPrincipal(

    principal,

    "AllowStorageAccessRequest^https://example.org"

);

  ok(permission == Services.perms.ALLOW_ACTION);

  await BrowserTestUtils.removeTab(tab);

});

add_task(async () => {

  Services.perms.removeAll();

  await new Promise(resolve => {

    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, () =>

      resolve()

);

});

});