toolkit/components/extensions/test/mochitest/test_ext_cookies_permissions_bad.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

<!DOCTYPE HTML>
<html>
<head>
  <title>WebExtension test</title>
  <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SpawnTask.js"></script>
  <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/ExtensionTestUtils.js"></script>
  <script type="text/javascript" src="chrome_head.js"></script>
  <script type="text/javascript" src="head.js"></script>
  <script type="text/javascript" src="head_cookies.js"></script>
  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
</head>
<body>

<script type="text/javascript">
"use strict";

add_task(function* init() {
  // We need to trigger a cookie eviction in order to test our batch delete
  // observer.
  SpecialPowers.setIntPref("network.cookie.maxPerHost", 3);
  SimpleTest.registerCleanupFunction(() => {
    SpecialPowers.clearUserPref("network.cookie.maxPerHost");
  });
});

add_task(function* test_bad_cookie_permissions() {
  info("Test non-matching, non-secure domain with non-secure cookie");
  yield testCookies({
    permissions: ["http://example.com/", "cookies"],
    url: "http://example.net/",
    domain: "example.net",
    secure: false,
    shouldPass: false,
    shouldWrite: false,
  });

  info("Test non-matching, secure domain with non-secure cookie");
  yield testCookies({
    permissions: ["https://example.com/", "cookies"],
    url: "https://example.net/",
    domain: "example.net",
    secure: false,
    shouldPass: false,
    shouldWrite: false,
  });

  info("Test non-matching, secure domain with secure cookie");
  yield testCookies({
    permissions: ["https://example.com/", "cookies"],
    url: "https://example.net/",
    domain: "example.net",
    secure: false,
    shouldPass: false,
    shouldWrite: false,
  });

  info("Test matching subdomain with superdomain privileges, secure cookie (http)");
  yield testCookies({
    permissions: ["http://foo.bar.example.com/", "cookies"],
    url: "http://foo.bar.example.com/",
    domain: ".example.com",
    secure: true,
    shouldPass: false,
    shouldWrite: true,
  });

  info("Test matching, non-secure domain with secure cookie");
  yield testCookies({
    permissions: ["http://example.com/", "cookies"],
    url: "http://example.com/",
    domain: "example.com",
    secure: true,
    shouldPass: false,
    shouldWrite: true,
  });

  info("Test matching, non-secure host, secure URL");
  yield testCookies({
    permissions: ["http://example.com/", "cookies"],
    url: "https://example.com/",
    domain: "example.com",
    secure: true,
    shouldPass: false,
    shouldWrite: false,
  });

  info("Test non-matching domain");
  yield testCookies({
    permissions: ["http://example.com/", "cookies"],
    url: "http://example.com/",
    domain: "example.net",
    secure: false,
    shouldPass: false,
    shouldWrite: false,
  });

  info("Test invalid scheme");
  yield testCookies({
    permissions: ["ftp://example.com/", "cookies"],
    url: "ftp://example.com/",
    domain: "example.com",
    secure: false,
    shouldPass: false,
    shouldWrite: false,
  });
});

</script>

</body>
</html>