[tbb-commits] [tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug

gk at torproject.org gk at torproject.org
Thu Apr 27 10:52:22 UTC 2017


commit efd86213b996d351757498968481962eb610c06c
Author: Yoshi Huang <allstars.chh at mozilla.com>
Date:   Mon Nov 7 14:59:05 2016 +0800

    Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
---
 .../originattributes/test/browser/browser.ini      |   6 ++
 .../test/browser/browser_firstPartyIsolation.js    | 105 +++++++++++++++++++++
 ...st_firstParty_http_redirect_to_same_domain.html |   9 ++
 ...arty_http_redirect_to_same_domain.html^headers^ |   2 +
 .../originattributes/test/browser/test_form.html   |  14 +++
 .../originattributes/test/browser/window2.html     |  11 +++
 .../originattributes/test/browser/window3.html     |  11 +++
 .../test/browser/window_redirect.html              |  12 +++
 netwerk/protocol/http/HttpBaseChannel.cpp          |   2 -
 9 files changed, 170 insertions(+), 2 deletions(-)

diff --git a/browser/components/originattributes/test/browser/browser.ini b/browser/components/originattributes/test/browser/browser.ini
index 61f6743..121dd0c 100644
--- a/browser/components/originattributes/test/browser/browser.ini
+++ b/browser/components/originattributes/test/browser/browser.ini
@@ -44,9 +44,15 @@ support-files =
   test_firstParty_html_redirect.html
   test_firstParty_http_redirect.html
   test_firstParty_http_redirect.html^headers^
+  test_firstParty_http_redirect_to_same_domain.html
+  test_firstParty_http_redirect_to_same_domain.html^headers^
   test_firstParty_iframe_http_redirect.html
   test_firstParty_postMessage.html
+  test_form.html
   window.html
+  window2.html
+  window3.html
+  window_redirect.html
   worker_blobify.js
   worker_deblobify.js
 
diff --git a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
index ddda6af..53fa858 100644
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation.js
@@ -172,3 +172,108 @@ add_task(function* openWindow_test() {
   yield BrowserTestUtils.closeWindow(win);
 });
 
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will have firstPartyDomain set.
+ */
+add_task(function* window_open_redirect_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window_redirect.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 attrs.firstPartyDomain, "The document should have firstPartyDomain");
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * When the web page calls window.open, the top-level docshell in the new
+ * created window will inherit the firstPartyDomain attribute.
+ * However the top-level document will override the firstPartyDomain if the
+ * document is from another domain.
+ */
+add_task(function* window_open_iframe_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window2.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+
+    // The document is http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html
+    // so the firstPartyDomain will be overriden to 'example.com'.
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "The document should have firstPartyDomain");
+
+    let iframe = content.document.getElementById("iframe1");
+    Assert.equal(iframe.frameLoader.docShell.getOriginAttributes().firstPartyDomain,
+                 "example.com", "iframe's docshell should have firstPartyDomain");
+    Assert.equal(iframe.contentDocument.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "iframe should have firstPartyDomain");
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * Test for the loadInfo->TriggeringPrincipal is the document itself.
+ */
+add_task(function* form_test() {
+  let tab = gBrowser.addTab(BASE_URL + "test_form.html");
+  yield BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+  yield ContentTask.spawn(tab.linkedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 attrs.firstPartyDomain, "The document should have firstPartyDomain");
+
+    let submit = content.document.getElementById("submit");
+    submit.click();
+  });
+
+  gBrowser.removeTab(tab);
+});
+
+/**
+ * Another test for loadInfo->TriggeringPrincipal in the window.open case.
+ */
+add_task(function* window_open_form_test() {
+  Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+  registerCleanupFunction(function() {
+    Services.prefs.clearUserPref("browser.link.open_newwindow");
+  });
+
+  let tab = gBrowser.addTab(BASE_URL + "window3.html");
+  let win = yield BrowserTestUtils.waitForNewWindow();
+  yield BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser, true);
+
+  yield ContentTask.spawn(win.gBrowser.selectedBrowser, { firstPartyDomain: "mochi.test" }, function* (attrs) {
+    Assert.equal(docShell.getOriginAttributes().firstPartyDomain, attrs.firstPartyDomain,
+                 "window.open() should have firstPartyDomain attribute");
+    Assert.equal(content.document.nodePrincipal.originAttributes.firstPartyDomain,
+                 "example.com", "The document should have firstPartyDomain");
+
+    let submit = content.document.getElementById("submit");
+    submit.click();
+  });
+
+  gBrowser.removeTab(tab);
+  yield BrowserTestUtils.closeWindow(win);
+});
diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
new file mode 100644
index 0000000..7b794a0
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8"/>
+  <title>Test for Bug 1260931</title>
+</head>
+<body>
+</body>
+</html>
diff --git a/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
new file mode 100644
index 0000000..e4af8ed
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_firstParty_http_redirect_to_same_domain.html^headers^
@@ -0,0 +1,2 @@
+HTTP 302 Found
+Location: http://mochi.test:8888/browser/browser/components/originattributes/test/browser/dummy.html
diff --git a/browser/components/originattributes/test/browser/test_form.html b/browser/components/originattributes/test/browser/test_form.html
new file mode 100644
index 0000000..db1b900
--- /dev/null
+++ b/browser/components/originattributes/test/browser/test_form.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1260931</title>
+</head>
+<body>
+<form action="test_firstParty_http_redirect_to_same_domain.html" method="POST">
+   First name: <input type="text" name="fname"><br>
+   Last name: <input type="text" name="lname"><br>
+   <input type="submit" id="submit" value="Submit">
+</form>
+</body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window2.html b/browser/components/originattributes/test/browser/window2.html
new file mode 100644
index 0000000..3c5a7fb
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window2.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_firstParty.html", "test");
+    </script>
+  </body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window3.html b/browser/components/originattributes/test/browser/window3.html
new file mode 100644
index 0000000..168ced6
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window3.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open("http://example.com/browser/browser/components/originattributes/test/browser/test_form.html", "test");
+    </script>
+  </body>
+</html>
diff --git a/browser/components/originattributes/test/browser/window_redirect.html b/browser/components/originattributes/test/browser/window_redirect.html
new file mode 100644
index 0000000..b51cdf4
--- /dev/null
+++ b/browser/components/originattributes/test/browser/window_redirect.html
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Page creating a popup</title>
+  </head>
+  <body>
+    <script type="text/javascript">
+       var w = window.open('test_firstParty_http_redirect_to_same_domain.html', "test");
+    </script>
+  </body>
+</html>
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index d2bc0cc..e0f7ede 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -3034,8 +3034,6 @@ HttpBaseChannel::SetupReplacementChannel(nsIURI       *newURI,
       if (loadContext) {
         loadContext->GetOriginAttributes(docShellAttrs);
       }
-      MOZ_ASSERT(docShellAttrs.mFirstPartyDomain.IsEmpty(),
-                 "top-level docshell shouldn't have firstPartyDomain attribute.");
 
       NeckoOriginAttributes attrs = newLoadInfo->GetOriginAttributes();
 





More information about the tbb-commits mailing list