corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1345474 - Check incognito access for webRequest api r=kmag

Browse Source 
Depends on D4112

Differential Revision: https://phabricator.services.mozilla.com/D5571
This commit is contained in:
Shane Caraveo
2018-12-10 21:30:43 +00:00
parent 71a0ac5c62
commit 2f83f81de1
3 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
toolkit/components/extensions/test/xpcshell/test_ext_webRequest_incognito.js Normal file
View File

@@ -0,0 +1,30 @@
"use strict";
const server = createHttpServer({hosts: ["example.com"]});
server.registerPathHandler("/dummy", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Content-Type", "text/html", false);
response.write("<!DOCTYPE html><html></html>");
});
add_task(async function test_incognito_webrequest_access() {
// This extension will fail if it gets a request
let extension = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["webRequest", "webRequestBlocking", "<all_urls>"],
},
incognitoOverride: "not_allowed",
background() {
browser.webRequest.onBeforeRequest.addListener(async (details) => {
browser.test.fail("webrequest received incognito request");
}, {urls: ["<all_urls>"]}, ["blocking"]);
},
});
await extension.startup();
let contentPage = await ExtensionTestUtils.loadContentPage("http://example.com/dummy", {privateBrowsing: true});
await extension.unload();
await contentPage.close();
});

2
toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
View File

@@ -136,6 +136,8 @@ skip-if = true # Too frequent intermittent failures
skip-if = os == "android" && debug
[test_ext_webRequest_filterResponseData.js]
skip-if = os == "android" && debug
[test_ext_webRequest_incognito.js]
skip-if = os == "android" && debug
[test_ext_webRequest_permission.js]
skip-if = os == "android" && debug
[test_ext_webRequest_responseBody.js]

8
toolkit/components/extensions/webrequest/ChannelWrapper.cpp
View File

@@ -522,6 +522,14 @@ bool ChannelWrapper::Matches(
}
if (aExtension) {
// Verify extension access to private requests
if (!aExtension->PrivateBrowsingAllowed()) {
nsCOMPtr<nsILoadInfo> loadInfo = GetLoadInfo();
if (loadInfo && loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0) {
return false;
}
}
bool isProxy =
aOptions.mIsProxy && aExtension->HasPermission(nsGkAtoms::proxy);
// Proxies are allowed access to all urls, including restricted urls.