Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: os == 'win' && socketprocess_networking && fission OR os == 'mac' && socketprocess_networking && fission OR os == 'mac' && debug OR os == 'linux' && socketprocess_networking OR os == 'android' OR win11_2009
- Manifest: toolkit/components/extensions/test/xpcshell/xpcshell-remote.toml includes toolkit/components/extensions/test/xpcshell/xpcshell-common.toml
- Manifest: toolkit/components/extensions/test/xpcshell/xpcshell.toml includes toolkit/components/extensions/test/xpcshell/xpcshell-common.toml
/* -*- Mode: indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* vim: set sts=2 sw=2 et tw=80: */
"use strict";
const { UrlClassifierTestUtils } = ChromeUtils.importESModule(
);
// Value for network.cookie.cookieBehavior to reject all third-party cookies.
const { BEHAVIOR_REJECT_FOREIGN } = Ci.nsICookieService;
const server = createHttpServer({ hosts: ["example.net", "itisatracker.org"] });
server.registerPathHandler("/setcookies", (request, response) => {
response.setHeader("Content-Type", "text/html; charset=utf-8", false);
response.setHeader("Set-Cookie", "c_none=1; sameSite=none", true);
response.setHeader("Set-Cookie", "c_lax=1; sameSite=lax", true);
response.setHeader("Set-Cookie", "c_strict=1; sameSite=strict", true);
});
server.registerPathHandler("/download", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
let cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : "";
// Assign the result through the MIME-type, to make it easier to read the
// result via the downloads API.
response.setHeader("Content-Type", `dummy/${encodeURIComponent(cookies)}`);
// Response of length 7.
response.write("1234567");
});
server.registerPathHandler("/redirect", (request, response) => {
response.setStatusLine(request.httpVersion, 302, "Found");
response.setHeader("Location", "/download");
});
function createDownloadTestExtension(extraPermissions = []) {
return ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["downloads", ...extraPermissions],
},
incognitoOverride: "spanning",
background() {
async function getCookiesForDownload(url) {
let donePromise = new Promise(resolve => {
browser.downloads.onChanged.addListener(async delta => {
if (delta.state?.current === "complete") {
resolve(delta.id);
}
});
});
const incognito = browser.extension.inIncognitoContext;
let downloadId = await browser.downloads.download({ url, incognito });
browser.test.assertEq(await donePromise, downloadId, "got download");
let [download] = await browser.downloads.search({ id: downloadId });
browser.test.log(`Download results: ${JSON.stringify(download)}`);
// Delete the file since we aren't interested in it.
await browser.downloads.removeFile(download.id);
// Sanity check to verify that we got the result from /download.
browser.test.assertEq(7, download.fileSize, "download succeeded");
// The "/download" endpoint mirrors received cookies via Content-Type.
let cookies = decodeURIComponent(download.mime.replace("dummy/", ""));
return cookies;
}
browser.test.onMessage.addListener(async url => {
browser.test.sendMessage("result", await getCookiesForDownload(url));
});
},
});
}
async function downloadAndGetCookies(extension, url) {
extension.sendMessage(url);
return extension.awaitMessage("result");
}
add_task(async function setup() {
const nsIFile = Ci.nsIFile;
const downloadDir = FileUtils.getDir("TmpD", ["downloads"]);
downloadDir.createUnique(nsIFile.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY);
Services.prefs.setIntPref("browser.download.folderList", 2);
Services.prefs.setComplexValue("browser.download.dir", nsIFile, downloadDir);
// Support sameSite=none despite the server using http instead of https.
Services.prefs.setBoolPref(
"network.cookie.sameSite.noneRequiresSecure",
false
);
async function loadAndClose(url) {
let contentPage = await ExtensionTestUtils.loadContentPage(url);
await contentPage.close();
}
// Generate cookies for use in this test.
await UrlClassifierTestUtils.addTestTrackers();
registerCleanupFunction(() => {
UrlClassifierTestUtils.cleanupTestTrackers();
Services.cookies.removeAll();
Services.prefs.clearUserPref("browser.download.folderList");
Services.prefs.clearUserPref("browser.download.dir");
downloadDir.remove(false);
});
});
// Checks that (sameSite) cookies are included in download requests.
add_task(async function download_cookies_basic() {
let extension = createDownloadTestExtension(["*://example.net/*"]);
await extension.startup();
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download with sameSite cookies"
);
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download with redirect"
);
await runWithPrefs(
[["network.cookie.cookieBehavior", BEHAVIOR_REJECT_FOREIGN]],
async () => {
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download with all third-party cookies disabled"
);
}
);
await extension.unload();
});
// Checks that (sameSite) cookies are included even when tracking protection
// would block cookies from third-party requests.
add_task(async function download_cookies_from_tracker_url() {
let extension = createDownloadTestExtension(["*://itisatracker.org/*"]);
await extension.startup();
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download of itisatracker.org"
);
await extension.unload();
});
// Checks that (sameSite) cookies are included even without host permissions.
add_task(async function download_cookies_without_host_permissions() {
let extension = createDownloadTestExtension();
await extension.startup();
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download without host permissions"
);
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download of itisatracker.org"
);
await runWithPrefs(
[["network.cookie.cookieBehavior", BEHAVIOR_REJECT_FOREIGN]],
async () => {
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download with all third-party cookies disabled"
);
}
);
await extension.unload();
});
// Checks that (sameSite) cookies from private browsing are included.
add_task(async function download_cookies_in_perma_private_browsing() {
Services.prefs.setBoolPref("browser.privatebrowsing.autostart", true);
Services.prefs.setBoolPref("dom.security.https_first_pbm", false);
let extension = createDownloadTestExtension(["*://example.net/*"]);
await extension.startup();
equal(
"",
"Initially no cookies in permanent private browsing mode"
);
let contentPage = await ExtensionTestUtils.loadContentPage(
{ privateBrowsing: true }
);
equal(
"c_none=1; c_lax=1; c_strict=1",
"Cookies for downloads.download in perma-private-browsing mode"
);
await extension.unload();
await contentPage.close();
Services.prefs.clearUserPref("browser.privatebrowsing.autostart");
Services.prefs.clearUserPref("dom.security.https_first_pbm");
});