commit efd86213b996d351757498968481962eb610c06c Author: Yoshi Huang allstars.chh@mozilla.com Date: Mon Nov 7 14:59:05 2016 +0800
Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug --- .../originattributes/test/browser/browser.ini | 6 ++ .../test/browser/browser_firstPartyIsolation.js | 105 +++++++++++++++++++++ ...st_firstParty_http_redirect_to_same_domain.html | 9 ++ ...arty_http_redirect_to_same_domain.html^headers^ | 2 + .../originattributes/test/browser/test_form.html | 14 +++ .../originattributes/test/browser/window2.html | 11 +++ .../originattributes/test/browser/window3.html | 11 +++ .../test/browser/window_redirect.html | 12 +++ netwerk/protocol/http/HttpBaseChannel.cpp | 2 - 9 files changed, 170 insertions(+), 2 deletions(-)
diff --git a/browser/components/originattributes/test/browser/browser.ini b/browser/components/originattributes/test/browser/browser.ini index 61f6743..121dd0c 100644 --- a/browser/components/originattributes/test/browser/browser.ini +++ b/browser/components/originattributes/test/browser/browser.ini @@ -44,9 +44,15 @@ support-files = test_firstParty_html_redirect.html test_firstParty_http_redirect.html test_firstParty_http_redirect.html^headers^ + test_firstParty_http_redirect_to_same_domain.html + test_firstParty_http_redirect_to_same_domain.html^headers^ test_firstParty_iframe_http_redirect.html test_firstParty_postMessage.html + test_form.html window.html + window2.html + window3.html + window_redirect.html worker_blobify.js worker_deblobify.js
diff --git a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js index ddda6af..53fa858 100644 --- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js +++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js @@ -172,3 +172,108 @@ add_task(function* openWindow_test() { yield BrowserTestUtils.closeWindow(win); });
+/** + * When the web page calls window.open, the top-level docshell in the new + * created window will have firstPartyDomain set. + */ +add_task(function* window_open_redirect_test() { + Services.prefs.setIntPref("browser.link.open_newwindow", 2); + registerCleanupFunction(function() { + Services.prefs.clearUserPref("browser.link.open_newwindow"); + }); + + let tab = gBrowser.addTab(BASE_URL + "window_redirect.html"); + let win = yield BrowserTestUtils.waitForNewWindow(); + yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser); + + yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) { + Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain, + "window.open() should have firstPartyDomain attribute"); + Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain, + attrs.firstPartyDomain, "The document should have firstPartyDomain"); + }); + + gBrowser.removeTab(tab); + yield BrowserTestUtils.closeWindow(win); +}); + +/** + * When the web page calls window.open, the top-level docshell in the new + * created window will inherit the firstPartyDomain attribute. + * However the top-level document will override the firstPartyDomain if the + * document is from another domain. + */ +add_task(function* window_open_iframe_test() { + Services.prefs.setIntPref("browser.link.open_newwindow", 2); + registerCleanupFunction(function() { + Services.prefs.clearUserPref("browser.link.open_newwindow"); + }); + + let tab = gBrowser.addTab(BASE_URL + "window2.html"); + let win = yield BrowserTestUtils.waitForNewWindow(); + yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true); + + yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) { + Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain, + "window.open() should have firstPartyDomain attribute"); + + // The document is http://example.com/browser/browser/components/originattributes/test/browser/... + // so the firstPartyDomain will be overriden to 'example.com'. + Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain, + "example.com", "The document should have firstPartyDomain"); + + let iframe = content.document.getElementById("iframe1"); + Assert.equal(iframe.frameLoader.docShell.getOriginAttributes().firstPartyDomain, + "example.com", "iframe's docshell should have firstPartyDomain"); + Assert.equal(iframe.contentDocument.nodePrincipal.originAttributes.firstPartyDomain, + "example.com", "iframe should have firstPartyDomain"); + }); + + gBrowser.removeTab(tab); + yield BrowserTestUtils.closeWindow(win); +}); + +/** + * Test for the loadInfo->TriggeringPrincipal is the document itself. + */ +add_task(function* form_test() { + let tab = gBrowser.addTab(BASE_URL + "test_form.html"); + yield BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + yield ContentTask.spawn(tab.linkedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) { + Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain, + attrs.firstPartyDomain, "The document should have firstPartyDomain"); + + let submit = content.document.getElementById("submit"); + submit.click(); + }); + + gBrowser.removeTab(tab); +}); + +/** + * Another test for loadInfo->TriggeringPrincipal in the window.open case. + */ +add_task(function* window_open_form_test() { + Services.prefs.setIntPref("browser.link.open_newwindow", 2); + registerCleanupFunction(function() { + Services.prefs.clearUserPref("browser.link.open_newwindow"); + }); + + let tab = gBrowser.addTab(BASE_URL + "window3.html"); + let win = yield BrowserTestUtils.waitForNewWindow(); + yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true); + + yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) { + Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain, + "window.open() should have firstPartyDomain attribute"); + Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain, + "example.com", "The document should have firstPartyDomain"); + + let submit = content.document.getElementById("submit"); + submit.click(); + }); + + gBrowser.removeTab(tab); + yield BrowserTestUtils.closeWindow(win); +}); diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html new file mode 100644 index 0000000..7b794a0 --- /dev/null +++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html @@ -0,0 +1,9 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"/> + <title>Test for Bug 1260931</title> +</head> +<body> +</body> +</html> diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^ new file mode 100644 index 0000000..e4af8ed --- /dev/null +++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^ @@ -0,0 +1,2 @@ +HTTP 302 Found +Location: http://mochi.test:8888/browser/browser/components/originattributes/test/brow... diff --git a/browser/components/originattributes/test/browser/test_form.html b/browser/components/originattributes/test/browser/test_form.html new file mode 100644 index 0000000..db1b900 --- /dev/null +++ b/browser/components/originattributes/test/browser/test_form.html @@ -0,0 +1,14 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Test for Bug 1260931</title> +</head> +<body> +<form action="test_firstParty_http_redirect_to_same_domain.html" method="POST"> + First name: <input type="text" name="fname"><br> + Last name: <input type="text" name="lname"><br> + <input type="submit" id="submit" value="Submit"> +</form> +</body> +</html> diff --git a/browser/components/originattributes/test/browser/window2.html b/browser/components/originattributes/test/browser/window2.html new file mode 100644 index 0000000..3c5a7fb --- /dev/null +++ b/browser/components/originattributes/test/browser/window2.html @@ -0,0 +1,11 @@ +<html> + <head> + <meta charset="utf8"> + <title>Page creating a popup</title> + </head> + <body> + <script type="text/javascript"> + var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/...", "test"); + </script> + </body> +</html> diff --git a/browser/components/originattributes/test/browser/window3.html b/browser/components/originattributes/test/browser/window3.html new file mode 100644 index 0000000..168ced6 --- /dev/null +++ b/browser/components/originattributes/test/browser/window3.html @@ -0,0 +1,11 @@ +<html> + <head> + <meta charset="utf8"> + <title>Page creating a popup</title> + </head> + <body> + <script type="text/javascript"> + var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/...", "test"); + </script> + </body> +</html> diff --git a/browser/components/originattributes/test/browser/window_redirect.html b/browser/components/originattributes/test/browser/window_redirect.html new file mode 100644 index 0000000..b51cdf4 --- /dev/null +++ b/browser/components/originattributes/test/browser/window_redirect.html @@ -0,0 +1,12 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> +<html> + <head> + <meta charset="utf8"> + <title>Page creating a popup</title> + </head> + <body> + <script type="text/javascript"> + var w = window.open('test_firstParty_http_redirect_to_same_domain.html', "test"); + </script> + </body> +</html> diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index d2bc0cc..e0f7ede 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -3034,8 +3034,6 @@ HttpBaseChannel::SetupReplacementChannel(nsIURI *newURI, if (loadContext) { loadContext->GetOriginAttributes(docShellAttrs); } - MOZ_ASSERT(docShellAttrs.mFirstPartyDomain.IsEmpty(), - "top-level docshell shouldn't have firstPartyDomain attribute.");
NeckoOriginAttributes attrs = newLoadInfo->GetOriginAttributes();
tor-commits@lists.torproject.org