test_ext_cookies_permissions_bad.html

Enable keyboard shortcuts

<!DOCTYPE HTML>

<html>

<head>

  <title>WebExtension test</title>

  <script src="/tests/SimpleTest/SimpleTest.js"></script>

  <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>

  <script type="text/javascript" src="head.js"></script>

  <script type="text/javascript" src="head_cookies.js"></script>

  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

</head>

<body>

<script type="text/javascript">

"use strict";

add_task(async function init() {

  // We need to trigger a cookie eviction in order to test our batch delete

  // observer.

  // Set quotaPerHost to maxPerHost - 1, so there is only one cookie

  // will be evicted everytime.

  SpecialPowers.setIntPref("network.cookie.quotaPerHost", 2);

  SpecialPowers.setIntPref("network.cookie.maxPerHost", 3);

  SimpleTest.registerCleanupFunction(() => {

    SpecialPowers.clearUserPref("network.cookie.quotaPerHost");

    SpecialPowers.clearUserPref("network.cookie.maxPerHost");

});

});

add_task(async function test_bad_cookie_permissions() {

  info("Test non-matching, non-secure domain with non-secure cookie");

  await testCookies({

    permissions: ["http://example.com/", "cookies"],

    url: "http://example.net/",

    domain: "example.net",

    secure: false,

    shouldPass: false,

    shouldWrite: false,

});

  info("Test non-matching, secure domain with non-secure cookie");

  await testCookies({

    permissions: ["https://example.com/", "cookies"],

    url: "https://example.net/",

    domain: "example.net",

    secure: false,

    shouldPass: false,

    shouldWrite: false,

});

  info("Test non-matching, secure domain with secure cookie");

  await testCookies({

    permissions: ["https://example.com/", "cookies"],

    url: "https://example.net/",

    domain: "example.net",

    secure: false,

    shouldPass: false,

    shouldWrite: false,

});

  info("Test matching subdomain with superdomain privileges, secure cookie (http)");

  await testCookies({

    permissions: ["http://foo.bar.example.com/", "cookies"],

    url: "http://foo.bar.example.com/",

    domain: ".example.com",

    secure: true,

    shouldPass: false,

    shouldWrite: true,

});

  info("Test matching, non-secure domain with secure cookie");

  await testCookies({

    permissions: ["http://example.com/", "cookies"],

    url: "http://example.com/",

    domain: "example.com",

    secure: true,

    shouldPass: false,

    shouldWrite: true,

});

  info("Test matching, non-secure host, secure URL");

  await testCookies({

    permissions: ["http://example.com/", "cookies"],

    url: "https://example.com/",

    domain: "example.com",

    secure: true,

    shouldPass: false,

    shouldWrite: false,

});

  info("Test non-matching domain");

  await testCookies({

    permissions: ["http://example.com/", "cookies"],

    url: "http://example.com/",

    domain: "example.net",

    secure: false,

    shouldPass: false,

    shouldWrite: false,

});

  info("Test invalid scheme");

  await testCookies({

    permissions: ["ftp://example.com/", "cookies"],

    url: "ftp://example.com/",

    domain: "example.com",

    secure: false,

    shouldPass: false,

    shouldWrite: false,

});

});

</script>

</body>

</html>