[tor-commits] [tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
gk at torproject.org
gk at torproject.org
Thu Apr 27 10:52:22 UTC 2017
commit efd86213b996d351757498968481962eb610c06c
Author: Yoshi Huang <allstars.chh at mozilla.com>
Date: Mon Nov 7 14:59:05 2016 +0800
Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
---
.../originattributes/test/browser/browser.ini | 6 ++
.../test/browser/browser_firstPartyIsolation.js | 105 +++++++++++++++++++++
...st_firstParty_http_redirect_to_same_domain.html | 9 ++
...arty_http_redirect_to_same_domain.html^headers^ | 2 +
.../originattributes/test/browser/test_form.html | 14 +++
.../originattributes/test/browser/window2.html | 11 +++
.../originattributes/test/browser/window3.html | 11 +++
.../test/browser/window_redirect.html | 12 +++
netwerk/protocol/http/HttpBaseChannel.cpp | 2 -
9 files changed, 170 insertions(+), 2 deletions(-)
diff --git a/browser/components/originattributes/test/browser/browser.ini b/browser/components/originattributes/test/browser/browser.ini
index 61f6743..121dd0c 100644
--- a/browser/components/originattributes/test/browser/browser.ini
+++ b/browser/components/originattributes/test/browser/browser.ini
@@ -44,9 +44,15 @@ support-files =
test_firstParty_html_redirect.html
test_firstParty_http_redirect.html
test_firstParty_http_redirect.html^headers^
+ test_firstParty_http_redirect_to_same_domain.html
+ test_firstParty_http_redirect_to_same_domain.html^headers^
test_firstParty_iframe_http_redirect.html
test_firstParty_postMessage.html
+ test_form.html
window.html
+ window2.html
+ window3.html
+ window_redirect.html
worker_blobify.js
worker_deblobify.js
diff --git a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
index ddda6af..53fa858 100644
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
@@ -172,3 +172,108 @@ add_task(function* openWindow_test() {
yield BrowserTestUtils.closeWindow(win);
});
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will have firstPartyDomain set.
+ */
+add_task(function* window_open_redirect_test() {
+ Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+ registerCleanupFunction(function() {
+ Services.prefs.clearUserPref("browser.link.open_newwindow");
+ });
+
+ let tab = gBrowser.addTab(BASE_URL + "window_redirect.html");
+ let win = yield BrowserTestUtils.waitForNewWindow();
+ yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser);
+
+ yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+ Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+ "window.open() should have firstPartyDomain attribute");
+ Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+ attrs.firstPartyDomain, "The document should have firstPartyDomain");
+ });
+
+ gBrowser.removeTab(tab);
+ yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will inherit the firstPartyDomain attribute.
+ * However the top-level document will override the firstPartyDomain if the
+ * document is from another domain.
+ */
+add_task(function* window_open_iframe_test() {
+ Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+ registerCleanupFunction(function() {
+ Services.prefs.clearUserPref("browser.link.open_newwindow");
+ });
+
+ let tab = gBrowser.addTab(BASE_URL + "window2.html");
+ let win = yield BrowserTestUtils.waitForNewWindow();
+ yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+ yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+ Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+ "window.open() should have firstPartyDomain attribute");
+
+ // The document is http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html
+ // so the firstPartyDomain will be overriden to 'example.com'.
+ Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+ "example.com", "The document should have firstPartyDomain");
+
+ let iframe = content.document.getElementById("iframe1");
+ Assert.equal(iframe.frameLoader.docShell.getOriginAttributes().firstPartyDomain,
+ "example.com", "iframe's docshell should have firstPartyDomain");
+ Assert.equal(iframe.contentDocument.nodePrincipal.originAttributes.firstPartyDomain,
+ "example.com", "iframe should have firstPartyDomain");
+ });
+
+ gBrowser.removeTab(tab);
+ yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * Test for the loadInfo->TriggeringPrincipal is the document itself.
+ */
+add_task(function* form_test() {
+ let tab = gBrowser.addTab(BASE_URL + "test_form.html");
+ yield BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+ yield ContentTask.spawn(tab.linkedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+ Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+ attrs.firstPartyDomain, "The document should have firstPartyDomain");
+
+ let submit = content.document.getElementById("submit");
+ submit.click();
+ });
+
+ gBrowser.removeTab(tab);
+});
+
+/**
+ * Another test for loadInfo->TriggeringPrincipal in the window.open case.
+ */
+add_task(function* window_open_form_test() {
+ Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+ registerCleanupFunction(function() {
+ Services.prefs.clearUserPref("browser.link.open_newwindow");
+ });
+
+ let tab = gBrowser.addTab(BASE_URL + "window3.html");
+ let win = yield BrowserTestUtils.waitForNewWindow();
+ yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+ yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+ Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+ "window.open() should have firstPartyDomain attribute");
+ Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+ "example.com", "The document should have firstPartyDomain");
+
+ let submit = content.document.getElementById("submit");
+ submit.click();
+ });
+
+ gBrowser.removeTab(tab);
+ yield BrowserTestUtils.closeWindow(win);
+});
diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
new file mode 100644
index 0000000..7b794a0
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8"/>
+ <title>Test for Bug 1260931</title>
+</head>
+<body>
+</body>
+</html>
diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
new file mode 100644
index 0000000..e4af8ed
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
@@ -0,0 +1,2 @@
+HTTP 302 Found
+Location: http://mochi.test:8888/browser/browser/components/originattributes/test/browser/dummy.html
diff --git a/browser/components/originattributes/test/browser/test_form.html b/browser/components/originattributes/test/browser/test_form.html
new file mode 100644
index 0000000..db1b900
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_form.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Test for Bug 1260931</title>
+</head>
+<body>
+<form action="test_firstParty_http_redirect_to_same_domain.html" method="POST">
+ First name: <input type="text" name="fname"><br>
+ Last name: <input type="text" name="lname"><br>
+ <input type="submit" id="submit" value="Submit">
+</form>
+</body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window2.html b/browser/components/originattributes/test/browser/window2.html
new file mode 100644
index 0000000..3c5a7fb
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window2.html
@@ -0,0 +1,11 @@
+<html>
+ <head>
+ <meta charset="utf8">
+ <title>Page creating a popup</title>
+ </head>
+ <body>
+ <script type="text/javascript">
+ var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html", "test");
+ </script>
+ </body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window3.html b/browser/components/originattributes/test/browser/window3.html
new file mode 100644
index 0000000..168ced6
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window3.html
@@ -0,0 +1,11 @@
+<html>
+ <head>
+ <meta charset="utf8">
+ <title>Page creating a popup</title>
+ </head>
+ <body>
+ <script type="text/javascript">
+ var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_form.html", "test");
+ </script>
+ </body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window_redirect.html b/browser/components/originattributes/test/browser/window_redirect.html
new file mode 100644
index 0000000..b51cdf4
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window_redirect.html
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html>
+ <head>
+ <meta charset="utf8">
+ <title>Page creating a popup</title>
+ </head>
+ <body>
+ <script type="text/javascript">
+ var w = window.open('test_firstParty_http_redirect_to_same_domain.html', "test");
+ </script>
+ </body>
+</html>
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index d2bc0cc..e0f7ede 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -3034,8 +3034,6 @@ HttpBaseChannel::SetupReplacementChannel(nsIURI *newURI,
if (loadContext) {
loadContext->GetOriginAttributes(docShellAttrs);
}
- MOZ_ASSERT(docShellAttrs.mFirstPartyDomain.IsEmpty(),
- "top-level docshell shouldn't have firstPartyDomain attribute.");
NeckoOriginAttributes attrs = newLoadInfo->GetOriginAttributes();
More information about the tor-commits
mailing list