corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out 8 changesets (bug 1915355) for causing xpcshell failures.

Browse Source 
Backed out changeset d292c3a2592d (bug 1915355)
Backed out changeset 3386ee00459e (bug 1915355)
Backed out changeset 98848e63dfbf (bug 1915355)
Backed out changeset b668d0c685e8 (bug 1915355)
Backed out changeset 08acd8256071 (bug 1915355)
Backed out changeset 3ae9463ee988 (bug 1915355)
Backed out changeset 2dd416f1b847 (bug 1915355)
Backed out changeset 17107bbcf8c8 (bug 1915355)
This commit is contained in:
Stanca Serban
2025-01-08 23:36:08 +02:00
parent 5209cca4e4
commit 3eac2f1354
47 changed files with 128 additions and 1655 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
caps/OriginAttributes.cpp
View File

@@ -61,7 +61,7 @@ static void PopulateTopLevelInfoFromURI(const bool aIsTopLevelDocument,
bool aForeignByAncestorContext,
bool aIsFirstPartyEnabled, bool aForced,
bool aUseSite,
nsString OriginAttributes::* aTarget,
nsString OriginAttributes::*aTarget,
OriginAttributes& aOriginAttributes) {
nsresult rv;
@@ -514,23 +514,4 @@ bool OriginAttributes::ParsePartitionKey(const nsAString& aPartitionKey,
return fieldIndex > 1;
}
/* static */
bool OriginAttributes::ExtractSiteFromPartitionKey(
const nsAString& aPartitionKey, nsAString& aOutSite) {
nsAutoString scheme, host;
int32_t port;
bool unused;
if (!ParsePartitionKey(aPartitionKey, scheme, host, port, unused)) {
return false;
}
if (port == -1) {
aOutSite.Assign(scheme + u"://"_ns + host);
} else {
aOutSite.Assign(scheme + u"://"_ns + host + u":"_ns);
aOutSite.AppendInt(port);
}
return true;
}
} // namespace mozilla

5
caps/OriginAttributes.h
View File

@@ -141,11 +141,6 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
nsAString& outScheme, nsAString& outBaseDomain,
int32_t& outPort,
bool& outForeignByAncestorContext);
// Parse a partitionKey and extract the site from it. Returns false if the
// partitionKey cannot be parsed because the format is invalid.
static bool ExtractSiteFromPartitionKey(const nsAString& aPartitionKey,
nsAString& aOutSite);
};
class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {

31
dom/base/Document.cpp
View File

@@ -6661,10 +6661,6 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
return;
}
nsCOMPtr<nsILoadInfo> loadInfo =
GetChannel() ? GetChannel()->LoadInfo() : nullptr;
bool on3pcbException = loadInfo && loadInfo->GetIsOn3PCBExceptionList();
for (auto& principal : principals) {
nsAutoCString baseDomain;
nsresult rv = CookieCommons::GetBaseDomain(principal, baseDomain);
@@ -6709,10 +6705,9 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
continue;
}
if (thirdParty &&
!CookieCommons::ShouldIncludeCrossSiteCookie(
cookie, CookieJarSettings()->GetPartitionForeign(),
IsInPrivateBrowsing(), UsingStorageAccess(), on3pcbException)) {
if (thirdParty && !CookieCommons::ShouldIncludeCrossSiteCookie(
cookie, CookieJarSettings()->GetPartitionForeign(),
IsInPrivateBrowsing(), UsingStorageAccess())) {
continue;
}
@@ -6847,14 +6842,9 @@ void Document::SetCookie(const nsAString& aCookieString, ErrorResult& aRv) {
nullptr, &thirdParty);
}
nsCOMPtr<nsILoadInfo> loadInfo =
GetChannel() ? GetChannel()->LoadInfo() : nullptr;
bool on3pcbException = loadInfo && loadInfo->GetIsOn3PCBExceptionList();
if (thirdParty &&
!CookieCommons::ShouldIncludeCrossSiteCookie(
cookie, CookieJarSettings()->GetPartitionForeign(),
IsInPrivateBrowsing(), UsingStorageAccess(), on3pcbException)) {
if (thirdParty && !CookieCommons::ShouldIncludeCrossSiteCookie(
cookie, CookieJarSettings()->GetPartitionForeign(),
IsInPrivateBrowsing(), UsingStorageAccess())) {
return;
}
@@ -19398,15 +19388,6 @@ bool Document::UsingStorageAccess() {
return loadInfo->GetStoragePermission() != nsILoadInfo::NoStoragePermission;
}
bool Document::IsOn3PCBExceptionList() const {
if (!mChannel) {
return false;
}
nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo();
return loadInfo->GetIsOn3PCBExceptionList();
}
bool Document::HasStorageAccessPermissionGrantedByAllowList() {
// We only care about if the document gets the storage permission via the
// allow list here. So we don't check the storage access cache in the inner

15
dom/base/Document.h
View File

@@ -337,8 +337,12 @@ class EarlyHintConnectArgs;
} // namespace mozilla::net
// Must be kept in sync with xpcom/rust/xpcom/src/interfaces/nonidl.rs
#define NS_IDOCUMENT_IID \
{0xce1f7627, 0x7109, 0x4977, {0xba, 0x77, 0x49, 0x0f, 0xfd, 0xe0, 0x7a, 0xaa}}
#define NS_IDOCUMENT_IID \
{ \
0xce1f7627, 0x7109, 0x4977, { \
0xba, 0x77, 0x49, 0x0f, 0xfd, 0xe0, 0x7a, 0xaa \
} \
}
namespace mozilla::dom {
@@ -496,8 +500,8 @@ class ExternalResourceMap {
} \
NS_DECL_ISUPPORTS \
NS_FORWARD_NSIINTERFACEREQUESTOR(mIfReq->) \
NS_FORWARD_##_allcaps(mRealPtr->) private \
: nsCOMPtr<nsIInterfaceRequestor> mIfReq; \
NS_FORWARD_##_allcaps(mRealPtr->) private \
: nsCOMPtr<nsIInterfaceRequestor> mIfReq; \
nsCOMPtr<_i> mRealPtr; \
};
@@ -1405,9 +1409,6 @@ class Document : public nsINode,
// Returns whether this document is using unpartitioned cookies
bool UsingStorageAccess();
// Returns whether the document is on the 3PCB exception list.
bool IsOn3PCBExceptionList() const;
// Returns whether the storage access permission of the document is granted by
// the allow list.
bool HasStorageAccessPermissionGrantedByAllowList();

30
dom/cookiestore/CookieStore.cpp
View File

@@ -196,12 +196,11 @@ void ResolvePromiseAsync(Promise* aPromise) {
bool GetContextAttributes(CookieStore* aCookieStore, bool* aThirdPartyContext,
bool* aPartitionForeign, bool* aUsingStorageAccess,
bool* aIsOn3PCBExceptionList, Promise* aPromise) {
Promise* aPromise) {
MOZ_ASSERT(aCookieStore);
MOZ_ASSERT(aThirdPartyContext);
MOZ_ASSERT(aPartitionForeign);
MOZ_ASSERT(aUsingStorageAccess);
MOZ_ASSERT(aIsOn3PCBExceptionList);
MOZ_ASSERT(aPromise);
if (NS_IsMainThread()) {
@@ -225,7 +224,6 @@ bool GetContextAttributes(CookieStore* aCookieStore, bool* aThirdPartyContext,
*aPartitionForeign = document->CookieJarSettings()->GetPartitionForeign();
*aUsingStorageAccess = document->UsingStorageAccess();
*aIsOn3PCBExceptionList = document->IsOn3PCBExceptionList();
return true;
}
@@ -236,7 +234,6 @@ bool GetContextAttributes(CookieStore* aCookieStore, bool* aThirdPartyContext,
*aPartitionForeign =
workerPrivate->CookieJarSettings()->GetPartitionForeign();
*aUsingStorageAccess = workerPrivate->UsingStorageAccess();
*aIsOn3PCBExceptionList = workerPrivate->IsOn3PCBExceptionList();
return true;
}
@@ -379,11 +376,9 @@ already_AddRefed<Promise> CookieStore::Set(const CookieInit& aOptions,
bool thirdPartyContext = true;
bool partitionForeign = true;
bool usingStorageAccess = false;
bool isOn3PCBExceptionList = false;
if (!GetContextAttributes(self, &thirdPartyContext, &partitionForeign,
&usingStorageAccess, &isOn3PCBExceptionList,
promise)) {
&usingStorageAccess, promise)) {
return;
}
@@ -412,8 +407,8 @@ already_AddRefed<Promise> CookieStore::Set(const CookieInit& aOptions,
aOptions.mDomain.IsEmpty() ? nsString(baseDomain)
: nsString(aOptions.mDomain),
cookiePrincipal->OriginAttributesRef(), thirdPartyContext,
partitionForeign, usingStorageAccess, isOn3PCBExceptionList,
nsString(aOptions.mName), nsString(aOptions.mValue),
partitionForeign, usingStorageAccess, nsString(aOptions.mName),
nsString(aOptions.mValue),
// If expires is not set, it's a session cookie.
aOptions.mExpires.IsNull(),
aOptions.mExpires.IsNull()
@@ -504,11 +499,9 @@ already_AddRefed<Promise> CookieStore::Delete(
bool thirdPartyContext = true;
bool partitionForeign = true;
bool usingStorageAccess = false;
bool isOn3PCBExceptionList = false;
if (!GetContextAttributes(self, &thirdPartyContext, &partitionForeign,
&usingStorageAccess, &isOn3PCBExceptionList,
promise)) {
&usingStorageAccess, promise)) {
return;
}
@@ -537,9 +530,8 @@ already_AddRefed<Promise> CookieStore::Delete(
aOptions.mDomain.IsEmpty() ? nsString(baseDomain)
: nsString(aOptions.mDomain),
cookiePrincipal->OriginAttributesRef(), thirdPartyContext,
partitionForeign, usingStorageAccess, isOn3PCBExceptionList,
nsString(aOptions.mName), path, aOptions.mPartitioned,
operationID);
partitionForeign, usingStorageAccess, nsString(aOptions.mName),
path, aOptions.mPartitioned, operationID);
if (NS_WARN_IF(!ipcPromise)) {
promise->MaybeResolveWithUndefined();
return;
@@ -713,11 +705,9 @@ already_AddRefed<Promise> CookieStore::GetInternal(
bool thirdPartyContext = true;
bool partitionForeign = true;
bool usingStorageAccess = false;
bool isOn3PCBExceptionList = false;
if (!GetContextAttributes(self, &thirdPartyContext, &partitionForeign,
&usingStorageAccess, &isOn3PCBExceptionList,
promise)) {
&usingStorageAccess, promise)) {
return;
}
@@ -741,8 +731,8 @@ already_AddRefed<Promise> CookieStore::GetInternal(
? Some(partitionedCookiePrincipal->OriginAttributesRef())
: Nothing(),
thirdPartyContext, partitionForeign, usingStorageAccess,
isOn3PCBExceptionList, aOptions.mName.WasPassed(),
nsString(name), path, aOnlyTheFirstMatch);
aOptions.mName.WasPassed(), nsString(name), path,
aOnlyTheFirstMatch);
if (NS_WARN_IF(!ipcPromise)) {
promise->MaybeResolveWithUndefined();
return;

104
dom/cookiestore/CookieStoreParent.cpp
View File

@@ -71,25 +71,24 @@ mozilla::ipc::IPCResult CookieStoreParent::RecvGetRequest(
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const Maybe<OriginAttributes>& aPartitionedOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const bool& aMatchName, const nsString& aName, const nsCString& aPath,
const bool& aOnlyFirstMatch, GetRequestResolver&& aResolver) {
const bool& aUsingStorageAccess, const bool& aMatchName,
const nsString& aName, const nsCString& aPath, const bool& aOnlyFirstMatch,
GetRequestResolver&& aResolver) {
AssertIsOnBackgroundThread();
InvokeAsync(GetMainThreadSerialEventTarget(), __func__,
[self = RefPtr(this), aDomain, aOriginAttributes,
aPartitionedOriginAttributes, aThirdPartyContext,
aPartitionForeign, aUsingStorageAccess, aIsOn3PCBExceptionList,
aMatchName, aName, aPath, aOnlyFirstMatch]() {
CopyableTArray<CookieData> results;
self->GetRequestOnMainThread(
aDomain, aOriginAttributes, aPartitionedOriginAttributes,
aThirdPartyContext, aPartitionForeign, aUsingStorageAccess,
aIsOn3PCBExceptionList, aMatchName, aName, aPath,
aOnlyFirstMatch, results);
return GetRequestPromise::CreateAndResolve(std::move(results),
__func__);
})
InvokeAsync(
GetMainThreadSerialEventTarget(), __func__,
[self = RefPtr(this), aDomain, aOriginAttributes,
aPartitionedOriginAttributes, aThirdPartyContext, aPartitionForeign,
aUsingStorageAccess, aMatchName, aName, aPath, aOnlyFirstMatch]() {
CopyableTArray<CookieData> results;
self->GetRequestOnMainThread(
aDomain, aOriginAttributes, aPartitionedOriginAttributes,
aThirdPartyContext, aPartitionForeign, aUsingStorageAccess,
aMatchName, aName, aPath, aOnlyFirstMatch, results);
return GetRequestPromise::CreateAndResolve(std::move(results),
__func__);
})
->Then(GetCurrentSerialEventTarget(), __func__,
[aResolver = std::move(aResolver)](
const GetRequestPromise::ResolveOrRejectValue& aResult) {
@@ -103,30 +102,28 @@ mozilla::ipc::IPCResult CookieStoreParent::RecvGetRequest(
mozilla::ipc::IPCResult CookieStoreParent::RecvSetRequest(
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const nsString& aName, const nsString& aValue, const bool& aSession,
const int64_t& aExpires, const nsString& aPath, const int32_t& aSameSite,
const bool& aPartitioned, const nsID& aOperationID,
SetRequestResolver&& aResolver) {
const bool& aUsingStorageAccess, const nsString& aName,
const nsString& aValue, const bool& aSession, const int64_t& aExpires,
const nsString& aPath, const int32_t& aSameSite, const bool& aPartitioned,
const nsID& aOperationID, SetRequestResolver&& aResolver) {
AssertIsOnBackgroundThread();
RefPtr<ThreadsafeContentParentHandle> parent =
BackgroundParent::GetContentParentHandle(Manager());
InvokeAsync(
GetMainThreadSerialEventTarget(), __func__,
[self = RefPtr(this), parent = RefPtr(parent), aDomain, aOriginAttributes,
aThirdPartyContext, aPartitionForeign, aUsingStorageAccess,
aIsOn3PCBExceptionList, aName, aValue, aSession, aExpires, aPath,
aSameSite, aPartitioned, aOperationID]() {
bool waitForNotification = self->SetRequestOnMainThread(
parent, aDomain, aOriginAttributes, aThirdPartyContext,
aPartitionForeign, aUsingStorageAccess, aIsOn3PCBExceptionList,
aName, aValue, aSession, aExpires, aPath, aSameSite, aPartitioned,
aOperationID);
return SetDeleteRequestPromise::CreateAndResolve(waitForNotification,
__func__);
})
InvokeAsync(GetMainThreadSerialEventTarget(), __func__,
[self = RefPtr(this), parent = RefPtr(parent), aDomain,
aOriginAttributes, aThirdPartyContext, aPartitionForeign,
aUsingStorageAccess, aName, aValue, aSession, aExpires, aPath,
aSameSite, aPartitioned, aOperationID]() {
bool waitForNotification = self->SetRequestOnMainThread(
parent, aDomain, aOriginAttributes, aThirdPartyContext,
aPartitionForeign, aUsingStorageAccess, aName, aValue,
aSession, aExpires, aPath, aSameSite, aPartitioned,
aOperationID);
return SetDeleteRequestPromise::CreateAndResolve(
waitForNotification, __func__);
})
->Then(GetCurrentSerialEventTarget(), __func__,
[aResolver = std::move(aResolver)](
const SetDeleteRequestPromise::ResolveOrRejectValue& aResult) {
@@ -140,9 +137,9 @@ mozilla::ipc::IPCResult CookieStoreParent::RecvSetRequest(
mozilla::ipc::IPCResult CookieStoreParent::RecvDeleteRequest(
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const nsString& aName, const nsString& aPath, const bool& aPartitioned,
const nsID& aOperationID, DeleteRequestResolver&& aResolver) {
const bool& aUsingStorageAccess, const nsString& aName,
const nsString& aPath, const bool& aPartitioned, const nsID& aOperationID,
DeleteRequestResolver&& aResolver) {
AssertIsOnBackgroundThread();
RefPtr<ThreadsafeContentParentHandle> parent =
@@ -151,12 +148,12 @@ mozilla::ipc::IPCResult CookieStoreParent::RecvDeleteRequest(
InvokeAsync(
GetMainThreadSerialEventTarget(), __func__,
[self = RefPtr(this), parent = RefPtr(parent), aDomain, aOriginAttributes,
aThirdPartyContext, aPartitionForeign, aUsingStorageAccess,
aIsOn3PCBExceptionList, aName, aPath, aPartitioned, aOperationID]() {
aThirdPartyContext, aPartitionForeign, aUsingStorageAccess, aName, aPath,
aPartitioned, aOperationID]() {
bool waitForNotification = self->DeleteRequestOnMainThread(
parent, aDomain, aOriginAttributes, aThirdPartyContext,
aPartitionForeign, aUsingStorageAccess, aIsOn3PCBExceptionList,
aName, aPath, aPartitioned, aOperationID);
aPartitionForeign, aUsingStorageAccess, aName, aPath, aPartitioned,
aOperationID);
return SetDeleteRequestPromise::CreateAndResolve(waitForNotification,
__func__);
})
@@ -180,9 +177,8 @@ void CookieStoreParent::GetRequestOnMainThread(
const nsAString& aDomain, const OriginAttributes& aOriginAttributes,
const Maybe<OriginAttributes>& aPartitionedOriginAttributes,
bool aThirdPartyContext, bool aPartitionForeign, bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList, bool aMatchName, const nsAString& aName,
const nsACString& aPath, bool aOnlyFirstMatch,
nsTArray<CookieData>& aResults) {
bool aMatchName, const nsAString& aName, const nsACString& aPath,
bool aOnlyFirstMatch, nsTArray<CookieData>& aResults) {
MOZ_ASSERT(NS_IsMainThread());
nsCOMPtr<nsICookieService> service =
@@ -214,7 +210,7 @@ void CookieStoreParent::GetRequestOnMainThread(
if (aThirdPartyContext &&
!CookieCommons::ShouldIncludeCrossSiteCookie(
cookie, aPartitionForeign, attrs.IsPrivateBrowsing(),
aUsingStorageAccess, aIsOn3PCBExceptionList)) {
aUsingStorageAccess)) {
continue;
}
@@ -246,8 +242,7 @@ void CookieStoreParent::GetRequestOnMainThread(
bool CookieStoreParent::SetRequestOnMainThread(
ThreadsafeContentParentHandle* aParent, const nsAString& aDomain,
const OriginAttributes& aOriginAttributes, bool aThirdPartyContext,
bool aPartitionForeign, bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList, const nsAString& aName,
bool aPartitionForeign, bool aUsingStorageAccess, const nsAString& aName,
const nsAString& aValue, bool aSession, int64_t aExpires,
const nsAString& aPath, int32_t aSameSite, bool aPartitioned,
const nsID& aOperationID) {
@@ -263,7 +258,7 @@ bool CookieStoreParent::SetRequestOnMainThread(
!CookieCommons::ShouldIncludeCrossSiteCookie(
aSameSite, aPartitioned && !aOriginAttributes.mPartitionKey.IsEmpty(),
aPartitionForeign, aOriginAttributes.IsPrivateBrowsing(),
aUsingStorageAccess, aIsOn3PCBExceptionList)) {
aUsingStorageAccess)) {
return false;
}
@@ -304,9 +299,8 @@ bool CookieStoreParent::SetRequestOnMainThread(
bool CookieStoreParent::DeleteRequestOnMainThread(
ThreadsafeContentParentHandle* aParent, const nsAString& aDomain,
const OriginAttributes& aOriginAttributes, bool aThirdPartyContext,
bool aPartitionForeign, bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList, const nsAString& aName, const nsAString& aPath,
bool aPartitioned, const nsID& aOperationID) {
bool aPartitionForeign, bool aUsingStorageAccess, const nsAString& aName,
const nsAString& aPath, bool aPartitioned, const nsID& aOperationID) {
MOZ_ASSERT(NS_IsMainThread());
NS_ConvertUTF16toUTF8 domain(aDomain);
@@ -373,8 +367,8 @@ bool CookieStoreParent::DeleteRequestOnMainThread(
if (!CookieCommons::ShouldIncludeCrossSiteCookie(
sameSiteAttr,
isPartitioned && !aOriginAttributes.mPartitionKey.IsEmpty(),
aPartitionForeign, attrs.IsPrivateBrowsing(), aUsingStorageAccess,
aIsOn3PCBExceptionList)) {
aPartitionForeign, attrs.IsPrivateBrowsing(),
aUsingStorageAccess)) {
return false;
}
}

38
dom/cookiestore/CookieStoreParent.h
View File

@@ -34,25 +34,24 @@ class CookieStoreParent final : public PCookieStoreParent {
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const Maybe<OriginAttributes>& aPartitionedOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const bool& aMatchName, const nsString& aName, const nsCString& aPath,
const bool& aUsingStorageAccess, const bool& aMatchName,
const nsString& aName, const nsCString& aPath,
const bool& aOnlyFirstMatch, GetRequestResolver&& aResolver);
mozilla::ipc::IPCResult RecvSetRequest(
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const nsString& aName, const nsString& aValue, const bool& aSession,
const int64_t& aExpires, const nsString& aPath, const int32_t& aSameSite,
const bool& aPartitioned, const nsID& aOperationID,
SetRequestResolver&& aResolver);
const bool& aUsingStorageAccess, const nsString& aName,
const nsString& aValue, const bool& aSession, const int64_t& aExpires,
const nsString& aPath, const int32_t& aSameSite, const bool& aPartitioned,
const nsID& aOperationID, SetRequestResolver&& aResolver);
mozilla::ipc::IPCResult RecvDeleteRequest(
const nsString& aDomain, const OriginAttributes& aOriginAttributes,
const bool& aThirdPartyContext, const bool& aPartitionForeign,
const bool& aUsingStorageAccess, const bool& aIsOn3PCBExceptionList,
const nsString& aName, const nsString& aPath, const bool& aPartitioned,
const nsID& aOperationID, DeleteRequestResolver&& aResolver);
const bool& aUsingStorageAccess, const nsString& aName,
const nsString& aPath, const bool& aPartitioned, const nsID& aOperationID,
DeleteRequestResolver&& aResolver);
mozilla::ipc::IPCResult RecvClose();
@@ -60,9 +59,8 @@ class CookieStoreParent final : public PCookieStoreParent {
const nsAString& aDomain, const OriginAttributes& aOriginAttributes,
const Maybe<OriginAttributes>& aPartitionedOriginAttributes,
bool aThirdPartyContext, bool aPartitionForeign, bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList, bool aMatchName, const nsAString& aName,
const nsACString& aPath, bool aOnlyFirstMatch,
nsTArray<CookieData>& aResults);
bool aMatchName, const nsAString& aName, const nsACString& aPath,
bool aOnlyFirstMatch, nsTArray<CookieData>& aResults);
// Returns true if a cookie notification has been generated while completing
// the operation.
@@ -70,20 +68,18 @@ class CookieStoreParent final : public PCookieStoreParent {
const nsAString& aDomain,
const OriginAttributes& aOriginAttributes,
bool aThirdPartyContext, bool aPartitionForeign,
bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList,
const nsAString& aName, const nsAString& aValue,
bool aSession, int64_t aExpires,
const nsAString& aPath, int32_t aSameSite,
bool aPartitioned, const nsID& aOperationID);
bool aUsingStorageAccess, const nsAString& aName,
const nsAString& aValue, bool aSession,
int64_t aExpires, const nsAString& aPath,
int32_t aSameSite, bool aPartitioned,
const nsID& aOperationID);
// Returns true if a cookie notification has been generated while completing
// the operation.
bool DeleteRequestOnMainThread(
ThreadsafeContentParentHandle* aParent, const nsAString& aDomain,
const OriginAttributes& aOriginAttributes, bool aThirdPartyContext,
bool aPartitionForeign, bool aUsingStorageAccess,
bool aIsOn3PCBExceptionList, const nsAString& aName,
bool aPartitionForeign, bool aUsingStorageAccess, const nsAString& aName,
const nsAString& aPath, bool aPartitioned, const nsID& aOperationID);
CookieStoreNotificationWatcher* GetOrCreateNotificationWatcherOnMainThread(

3
dom/cookiestore/PCookieStore.ipdl
View File

@@ -36,7 +36,6 @@ parent:
bool thirdPartyContext,
bool partitionForeign,
bool usingStorageAccess,
bool isOn3PCBExceptionList,
bool matchName,
nsString name,
nsCString path,
@@ -47,7 +46,6 @@ parent:
bool thirdPartyContext,
bool partitionForeign,
bool usingStorageAccess,
bool isOn3PCBExceptionList,
nsString name,
nsString value,
bool session,
@@ -62,7 +60,6 @@ parent:
bool thirdPartyContext,
bool partitionForeign,
bool usingStorageAccess,
bool isOn3PCBExceptionList,
nsString name,
nsString path,
bool partitioned,

2
dom/fetch/Fetch.cpp
View File

@@ -787,8 +787,6 @@ already_AddRefed<Promise> FetchRequest(nsIGlobalObject* aGlobal,
ipcArgs.isThirdPartyContext() = worker->IsThirdPartyContext();
ipcArgs.isOn3PCBExceptionList() = worker->IsOn3PCBExceptionList();
ipcArgs.isWorkerRequest() = true;
actor->DoFetchOp(ipcArgs);

7
dom/fetch/FetchDriver.cpp
View File

@@ -350,7 +350,6 @@ FetchDriver::FetchDriver(SafeRefPtr<InternalRequest> aRequest,
mPerformanceStorage(aPerformanceStorage),
mNeedToObserveOnDataAvailable(false),
mIsTrackingFetch(aIsTrackingFetch),
mIsOn3PCBExceptionList(false),
mOnStopRequestCalled(false)
#ifdef DEBUG
,
@@ -684,12 +683,6 @@ nsresult FetchDriver::HttpFetch(
NS_ENSURE_SUCCESS(rv, rv);
}
if (mIsOn3PCBExceptionList) {
nsCOMPtr<nsILoadInfo> loadInfo = chan->LoadInfo();
rv = loadInfo->SetIsOn3PCBExceptionList(mIsOn3PCBExceptionList);
NS_ENSURE_SUCCESS(rv, rv);
}
// If the fetch is created by FetchEvent.request or NavigationPreload request,
// corresponding InterceptedHttpChannel information need to propagate to the
// channel of the fetch.

7
dom/fetch/FetchDriver.h
View File

@@ -149,10 +149,6 @@ class FetchDriver final : public nsIChannelEventSink,
mIsThirdPartyContext = aIsThirdPartyWorker;
}
void SetIsOn3PCBExceptionList(bool aIsOn3PCBExceptionList) {
mIsOn3PCBExceptionList = aIsOn3PCBExceptionList;
}
private:
nsCOMPtr<nsIPrincipal> mPrincipal;
nsCOMPtr<nsILoadGroup> mLoadGroup;
@@ -190,9 +186,6 @@ class FetchDriver final : public nsIChannelEventSink,
// Indicates whether the fetch request is from a third-party context.
Maybe<bool> mIsThirdPartyContext;
// Indicates whether the fetch request is on the 3PCB exception list.
bool mIsOn3PCBExceptionList;
RefPtr<AlternativeDataStreamListener> mAltDataListener;
bool mOnStopRequestCalled;

3
dom/fetch/FetchParent.cpp
View File

@@ -106,7 +106,6 @@ IPCResult FetchParent::RecvFetchOp(FetchOpArgs&& aArgs) {
mNeedOnDataAvailable = aArgs.needOnDataAvailable();
mHasCSPEventListener = aArgs.hasCSPEventListener();
mIsThirdPartyContext = aArgs.isThirdPartyContext();
mIsOn3PCBExceptionList = aArgs.isOn3PCBExceptionList();
if (mHasCSPEventListener) {
mCSPEventListener =
@@ -182,7 +181,7 @@ IPCResult FetchParent::RecvFetchOp(FetchOpArgs&& aArgs) {
self->mBackgroundEventTarget, self->mID,
self->mIsThirdPartyContext,
MozPromiseRequestHolder<FetchServiceResponseEndPromise>(),
self->mPromise, self->mIsOn3PCBExceptionList})));
self->mPromise})));
} else {
MOZ_ASSERT(self->mRequest->GetKeepalive());
self->mResponsePromises =

1
dom/fetch/FetchParent.h
View File

@@ -99,7 +99,6 @@ class FetchParent final : public PFetchParent {
uint64_t mAssociatedBrowsingContextID{0};
bool mIsThirdPartyContext{true};
bool mIsWorkerFetch{false};
bool mIsOn3PCBExceptionList{false};
Atomic<bool> mIsDone{false};
Atomic<bool> mActorDestroyed{false};

1
dom/fetch/FetchService.cpp
View File

@@ -277,7 +277,6 @@ RefPtr<FetchServicePromises> FetchService::FetchInstance::Fetch() {
mFetchDriver->SetAssociatedBrowsingContextID(
args.mAssociatedBrowsingContextID);
mFetchDriver->SetIsThirdPartyContext(Some(args.mIsThirdPartyContext));
mFetchDriver->SetIsOn3PCBExceptionList(args.mIsOn3PCBExceptionList);
}
if (mArgsType == FetchArgsType::MainThreadFetch) {

1
dom/fetch/FetchService.h
View File

@@ -107,7 +107,6 @@ class FetchService final : public nsIObserver {
MozPromiseRequestHolder<FetchServiceResponseEndPromise>
mResponseEndPromiseHolder;
RefPtr<GenericPromise::Private> mFetchParentPromise;
bool mIsOn3PCBExceptionList;
};
// Used for content process main thread fetch()

1
dom/fetch/PFetch.ipdl
View File

@@ -26,7 +26,6 @@ struct FetchOpArgs{
uint64_t associatedBrowsingContextID;
bool isThirdPartyContext;
bool isWorkerRequest;
bool isOn3PCBExceptionList;
};
protocol PFetch {

17
dom/serviceworkers/ServiceWorkerPrivate.cpp
View File

@@ -49,7 +49,6 @@
#include "mozilla/ipc/PBackgroundChild.h"
#include "mozilla/ipc/URIUtils.h"
#include "mozilla/net/CookieJarSettings.h"
#include "mozilla/net/CookieService.h"
#include "nsContentUtils.h"
#include "nsDebug.h"
#include "nsError.h"
@@ -557,7 +556,6 @@ nsresult ServiceWorkerPrivate::Initialize() {
Maybe<RFPTarget> overriddenFingerprintingSettings;
nsCOMPtr<nsIURI> firstPartyURI;
bool foreignByAncestorContext = false;
bool isOn3PCBExceptionList = false;
if (!principal->OriginAttributesRef().mPartitionKey.IsEmpty()) {
net::CookieJarSettings::Cast(cookieJarSettings)
->SetPartitionKey(principal->OriginAttributesRef().mPartitionKey);
@@ -585,12 +583,6 @@ nsresult ServiceWorkerPrivate::Initialize() {
overriddenFingerprintingSettingsArg.emplace(
uint64_t(overriddenFingerprintingSettings.ref()));
}
RefPtr<net::CookieService> csSingleton =
net::CookieService::GetSingleton();
isOn3PCBExceptionList =
csSingleton->ThirdPartyCookieBlockingExceptionsRef()
.CheckExceptionForURIs(firstPartyURI, uri);
}
}
} else if (!principal->OriginAttributesRef().mFirstPartyDomain.IsEmpty()) {
@@ -617,13 +609,6 @@ nsresult ServiceWorkerPrivate::Initialize() {
: nsRFPService::GetOverriddenFingerprintingSettingsForURI(
uri, nullptr);
RefPtr<net::CookieService> csSingleton =
net::CookieService::GetSingleton();
isOn3PCBExceptionList =
isThirdParty ? csSingleton->ThirdPartyCookieBlockingExceptionsRef()
.CheckExceptionForURIs(firstPartyURI, uri)
: false;
if (overriddenFingerprintingSettings.isSome()) {
overriddenFingerprintingSettingsArg.emplace(
uint64_t(overriddenFingerprintingSettings.ref()));
@@ -741,7 +726,7 @@ nsresult ServiceWorkerPrivate::Initialize() {
/* referrerInfo */ nullptr,
storageAccess, isThirdPartyContextToTopWindow, shouldResistFingerprinting,
overriddenFingerprintingSettingsArg, isOn3PCBExceptionList,
overriddenFingerprintingSettingsArg,
// Origin trials are associated to a window, so it doesn't make sense on
// service workers.
OriginTrials(), std::move(serviceWorkerData), regInfo->AgentClusterId(),

1
dom/workers/WorkerLoadInfo.h
View File

@@ -149,7 +149,6 @@ struct WorkerLoadInfoData {
Maybe<RFPTarget> mOverriddenFingerprintingSettings;
OriginAttributes mOriginAttributes;
bool mIsThirdPartyContext;
bool mIsOn3PCBExceptionList;
enum {
eNotSet,

3
dom/workers/WorkerPrivate.cpp
View File

@@ -3006,7 +3006,6 @@ nsresult WorkerPrivate::GetLoadInfo(
aParent->GetOverriddenFingerprintingSettings();
loadInfo.mParentController = aParent->GlobalScope()->GetController();
loadInfo.mWatchedByDevTools = aParent->IsWatchedByDevTools();
loadInfo.mIsOn3PCBExceptionList = aParent->IsOn3PCBExceptionList();
} else {
AssertIsOnMainThread();
@@ -3154,7 +3153,6 @@ nsresult WorkerPrivate::GetLoadInfo(
RFPTarget::IsAlwaysEnabledForPrecompute);
loadInfo.mOverriddenFingerprintingSettings =
document->GetOverriddenFingerprintingSettings();
loadInfo.mIsOn3PCBExceptionList = document->IsOn3PCBExceptionList();
// This is an hack to deny the storage-access-permission for workers of
// sub-iframes.
@@ -3227,7 +3225,6 @@ nsresult WorkerPrivate::GetLoadInfo(
loadInfo.mOriginAttributes = OriginAttributes();
loadInfo.mIsThirdPartyContext = false;
loadInfo.mIsOn3PCBExceptionList = false;
}
MOZ_ASSERT(loadInfo.mLoadingPrincipal);

4
dom/workers/WorkerPrivate.h
View File

@@ -1032,10 +1032,6 @@ class WorkerPrivate final
return mLoadInfo.mOverriddenFingerprintingSettings;
}
bool IsOn3PCBExceptionList() const {
return mLoadInfo.mIsOn3PCBExceptionList;
}
RemoteWorkerChild* GetRemoteWorkerController();
void SetRemoteWorkerController(RemoteWorkerChild* aController);

1
dom/workers/remoteworkers/RemoteWorkerChild.cpp
View File

@@ -289,7 +289,6 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(
net::CookieJarSettings::Deserialize(aData.cookieJarSettings(),
getter_AddRefs(info.mCookieJarSettings));
info.mCookieJarSettingsArgs = aData.cookieJarSettings();
info.mIsOn3PCBExceptionList = aData.isOn3PCBExceptionList();
// Default CSP permissions for now. These will be overrided if necessary
// based on the script CSP headers during load in ScriptLoader.

2
dom/workers/remoteworkers/RemoteWorkerTypes.ipdlh
View File

@@ -87,8 +87,6 @@ struct RemoteWorkerData
uint64_t? overriddenFingerprintingSettings;
bool isOn3PCBExceptionList;
OriginTrials originTrials;
OptionalServiceWorkerData serviceWorkerData;

1
dom/workers/sharedworkers/SharedWorker.cpp
View File

@@ -266,7 +266,6 @@ already_AddRefed<SharedWorker> SharedWorker::Constructor(
loadInfo.mDomain, isSecureContext, ipcClientInfo, loadInfo.mReferrerInfo,
storageAllowed, AntiTrackingUtils::IsThirdPartyWindow(window, nullptr),
loadInfo.mShouldResistFingerprinting, overriddenFingerprintingSettingsArg,
loadInfo.mIsOn3PCBExceptionList,
OriginTrials::FromWindow(nsGlobalWindowInner::Cast(window)),
void_t() /* OptionalServiceWorkerData */, agentClusterId,
remoteType.unwrap());

19
ipc/glue/BackgroundUtils.cpp
View File

@@ -573,10 +573,10 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
aLoadInfo->GetFrameBrowsingContextID(),
aLoadInfo->GetInitialSecurityCheckDone(),
aLoadInfo->GetIsInThirdPartyContext(), isThirdPartyContextToTopWindow,
aLoadInfo->GetIsOn3PCBExceptionList(), aLoadInfo->GetIsFormSubmission(),
aLoadInfo->GetIsGETRequest(), aLoadInfo->GetSendCSPViolationEvents(),
aLoadInfo->GetOriginAttributes(), redirectChainIncludingInternalRedirects,
redirectChain, aLoadInfo->GetHasInjectedCookieForCookieBannerHandling(),
aLoadInfo->GetIsFormSubmission(), aLoadInfo->GetIsGETRequest(),
aLoadInfo->GetSendCSPViolationEvents(), aLoadInfo->GetOriginAttributes(),
redirectChainIncludingInternalRedirects, redirectChain,
aLoadInfo->GetHasInjectedCookieForCookieBannerHandling(),
aLoadInfo->GetSchemelessInput(), aLoadInfo->GetHttpsUpgradeTelemetry(),
ipcClientInfo, ipcReservedClientInfo, ipcInitialClientInfo, ipcController,
aLoadInfo->CorsUnsafeHeaders(), aLoadInfo->GetForcePreflight(),
@@ -865,9 +865,8 @@ nsresult LoadInfoArgsToLoadInfo(const LoadInfoArgs& loadInfoArgs,
loadInfoArgs.browsingContextID(), loadInfoArgs.frameBrowsingContextID(),
loadInfoArgs.initialSecurityCheckDone(),
loadInfoArgs.isInThirdPartyContext(), isThirdPartyContextToTopWindow,
loadInfoArgs.isOn3PCBExceptionList(), loadInfoArgs.isFormSubmission(),
loadInfoArgs.isGETRequest(), loadInfoArgs.sendCSPViolationEvents(),
loadInfoArgs.originAttributes(),
loadInfoArgs.isFormSubmission(), loadInfoArgs.isGETRequest(),
loadInfoArgs.sendCSPViolationEvents(), loadInfoArgs.originAttributes(),
std::move(redirectChainIncludingInternalRedirects),
std::move(redirectChain), std::move(ancestorPrincipals),
ancestorBrowsingContextIDs, loadInfoArgs.corsUnsafeHeaders(),
@@ -976,7 +975,7 @@ void LoadInfoToParentLoadInfoForwarder(
aLoadInfo->GetRequestBlockingReason(), aLoadInfo->GetStoragePermission(),
overriddenFingerprintingSettingsArg, aLoadInfo->GetIsMetaRefresh(),
isThirdPartyContextToTopWindow, aLoadInfo->GetIsInThirdPartyContext(),
aLoadInfo->GetIsOn3PCBExceptionList(), unstrippedURI);
unstrippedURI);
}
nsresult MergeParentLoadInfoForwarder(
@@ -1089,10 +1088,6 @@ nsresult MergeParentLoadInfoForwarder(
aForwarderArgs.isInThirdPartyContext());
NS_ENSURE_SUCCESS(rv, rv);
rv = aLoadInfo->SetIsOn3PCBExceptionList(
aForwarderArgs.isOn3PCBExceptionList());
NS_ENSURE_SUCCESS(rv, rv);
rv = aLoadInfo->SetUnstrippedURI(aForwarderArgs.unstrippedURI());
NS_ENSURE_SUCCESS(rv, rv);

20
netwerk/base/LoadInfo.cpp
View File

@@ -647,7 +647,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
mInitialSecurityCheckDone(rhs.mInitialSecurityCheckDone),
mIsThirdPartyContext(rhs.mIsThirdPartyContext),
mIsThirdPartyContextToTopWindow(rhs.mIsThirdPartyContextToTopWindow),
mIsOn3PCBExceptionList(rhs.mIsOn3PCBExceptionList),
mIsFormSubmission(rhs.mIsFormSubmission),
mIsGETRequest(rhs.mIsGETRequest),
mSendCSPViolationEvents(rhs.mSendCSPViolationEvents),
@@ -722,9 +721,9 @@ LoadInfo::LoadInfo(
bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
const Maybe<bool>& aIsThirdPartyContextToTopWindow,
bool aIsOn3PCBExceptionList, bool aIsFormSubmission, bool aIsGETRequest,
bool aSendCSPViolationEvents, const OriginAttributes& aOriginAttributes,
const Maybe<bool>& aIsThirdPartyContextToTopWindow, bool aIsFormSubmission,
bool aIsGETRequest, bool aSendCSPViolationEvents,
const OriginAttributes& aOriginAttributes,
RedirectHistoryArray&& aRedirectChainIncludingInternalRedirects,
RedirectHistoryArray&& aRedirectChain,
nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
@@ -789,7 +788,6 @@ LoadInfo::LoadInfo(
mInitialSecurityCheckDone(aInitialSecurityCheckDone),
mIsThirdPartyContext(aIsThirdPartyContext),
mIsThirdPartyContextToTopWindow(aIsThirdPartyContextToTopWindow),
mIsOn3PCBExceptionList(aIsOn3PCBExceptionList),
mIsFormSubmission(aIsFormSubmission),
mIsGETRequest(aIsGETRequest),
mSendCSPViolationEvents(aSendCSPViolationEvents),
@@ -1115,18 +1113,6 @@ LoadInfo::SetIsThirdPartyContextToTopWindow(
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetIsOn3PCBExceptionList(bool* aIsOn3PCBExceptionList) {
*aIsOn3PCBExceptionList = mIsOn3PCBExceptionList;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::SetIsOn3PCBExceptionList(bool aIsOn3PCBExceptionList) {
mIsOn3PCBExceptionList = aIsOn3PCBExceptionList;
return NS_OK;
}
static const uint32_t sCookiePolicyMask =
nsILoadInfo::SEC_COOKIES_DEFAULT | nsILoadInfo::SEC_COOKIES_INCLUDE |
nsILoadInfo::SEC_COOKIES_SAME_ORIGIN | nsILoadInfo::SEC_COOKIES_OMIT;

5
netwerk/base/LoadInfo.h
View File

@@ -236,8 +236,8 @@ class LoadInfo final : public nsILoadInfo {
uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
const Maybe<bool>& aIsThirdPartyContextToTopWindow,
bool aIsOn3PCBExceptionList, bool aIsFormSubmission, bool aIsGETRequest,
bool aSendCSPViolationEvents, const OriginAttributes& aOriginAttributes,
bool aIsFormSubmission, bool aIsGETRequest, bool aSendCSPViolationEvents,
const OriginAttributes& aOriginAttributes,
RedirectHistoryArray&& aRedirectChainIncludingInternalRedirects,
RedirectHistoryArray&& aRedirectChain,
nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
@@ -348,7 +348,6 @@ class LoadInfo final : public nsILoadInfo {
// NB: TYPE_DOCUMENT implies !third-party.
bool mIsThirdPartyContext = false;
Maybe<bool> mIsThirdPartyContextToTopWindow;
bool mIsOn3PCBExceptionList = false;
bool mIsFormSubmission = false;
bool mIsGETRequest = true;
bool mSendCSPViolationEvents = true;

10
netwerk/base/TRRLoadInfo.cpp
View File

@@ -161,16 +161,6 @@ TRRLoadInfo::SetIsThirdPartyContextToTopWindow(
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
TRRLoadInfo::GetIsOn3PCBExceptionList(bool* aIsOn3PCBExceptionList) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
TRRLoadInfo::SetIsOn3PCBExceptionList(bool aIsOn3PCBExceptionList) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
TRRLoadInfo::GetCookiePolicy(uint32_t* aResult) {
return NS_ERROR_NOT_IMPLEMENTED;

8
netwerk/base/nsILoadInfo.idl
View File

@@ -605,14 +605,6 @@ interface nsILoadInfo : nsISupports
*/
[infallible] attribute boolean isThirdPartyContextToTopWindow;
/**
* True if this request is on the third-party cookie blocking exception list.
*
* This value would be set during opening the channel in parent and propagate
* to the channel in the content.
*/
[infallible] attribute boolean isOn3PCBExceptionList;
/**
* See the SEC_COOKIES_* flags above. This attribute will never return
* SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to.

23
netwerk/cookie/CookieCommons.cpp
View File

@@ -424,14 +424,9 @@ already_AddRefed<Cookie> CookieCommons::CreateCookieFromDocument(
nsCString cookieString(aCookieString);
nsCOMPtr<nsILoadInfo> loadInfo =
aDocument->GetChannel() ? aDocument->GetChannel()->LoadInfo() : nullptr;
const bool on3pcbException = loadInfo && loadInfo->GetIsOn3PCBExceptionList();
aCookieParser.Parse(baseDomain, requireHostMatch, cookieStatus, cookieString,
EmptyCString(), false, isForeignAndNotAddon,
mustBePartitioned, aDocument->IsInPrivateBrowsing(),
on3pcbException);
mustBePartitioned, aDocument->IsInPrivateBrowsing());
if (!aCookieParser.ContainsCookie()) {
return nullptr;
@@ -516,8 +511,7 @@ already_AddRefed<nsICookieJarSettings> CookieCommons::GetCookieJarSettings(
bool CookieCommons::ShouldIncludeCrossSiteCookie(Cookie* aCookie,
bool aPartitionForeign,
bool aInPrivateBrowsing,
bool aUsingStorageAccess,
bool aOn3pcbException) {
bool aUsingStorageAccess) {
MOZ_ASSERT(aCookie);
int32_t sameSiteAttr = 0;
@@ -525,14 +519,15 @@ bool CookieCommons::ShouldIncludeCrossSiteCookie(Cookie* aCookie,
return ShouldIncludeCrossSiteCookie(
sameSiteAttr, aCookie->IsPartitioned() && aCookie->RawIsPartitioned(),
aPartitionForeign, aInPrivateBrowsing, aUsingStorageAccess,
aOn3pcbException);
aPartitionForeign, aInPrivateBrowsing, aUsingStorageAccess);
}
// static
bool CookieCommons::ShouldIncludeCrossSiteCookie(
int32_t aSameSiteAttr, bool aCookiePartitioned, bool aPartitionForeign,
bool aInPrivateBrowsing, bool aUsingStorageAccess, bool aOn3pcbException) {
bool CookieCommons::ShouldIncludeCrossSiteCookie(int32_t aSameSiteAttr,
bool aCookiePartitioned,
bool aPartitionForeign,
bool aInPrivateBrowsing,
bool aUsingStorageAccess) {
// CHIPS - If a third-party has storage access it can access both it's
// partitioned and unpartitioned cookie jars, else its cookies are blocked.
//
@@ -543,7 +538,7 @@ bool CookieCommons::ShouldIncludeCrossSiteCookie(
(aInPrivateBrowsing &&
StaticPrefs::
network_cookie_cookieBehavior_optInPartitioning_pbmode())) &&
!aCookiePartitioned && !aUsingStorageAccess && !aOn3pcbException) {
!aCookiePartitioned && !aUsingStorageAccess) {
return false;
}

11
netwerk/cookie/CookieCommons.h
View File

@@ -118,12 +118,13 @@ class CookieCommons final {
static bool ShouldIncludeCrossSiteCookie(Cookie* aCookie,
bool aPartitionForeign,
bool aInPrivateBrowsing,
bool aUsingStorageAccess,
bool aOn3pcbException);
bool aUsingStorageAccess);
static bool ShouldIncludeCrossSiteCookie(
int32_t aSameSiteAttr, bool aCookiePartitioned, bool aPartitionForeign,
bool aInPrivateBrowsing, bool aUsingStorageAccess, bool aOn3pcbException);
static bool ShouldIncludeCrossSiteCookie(int32_t aSameSiteAttr,
bool aCookiePartitioned,
bool aPartitionForeign,
bool aInPrivateBrowsing,
bool aUsingStorageAccess);
static bool IsFirstPartyPartitionedCookieWithoutCHIPS(
Cookie* aCookie, const nsACString& aBaseDomain,

16
netwerk/cookie/CookieParser.cpp
View File

@@ -858,7 +858,7 @@ void CookieParser::Parse(const nsACString& aBaseDomain, bool aRequireHostMatch,
CookieStatus aStatus, nsCString& aCookieHeader,
const nsACString& aDateHeader, bool aFromHttp,
bool aIsForeignAndNotAddon, bool aPartitionedOnly,
bool aIsInPrivateBrowsing, bool aOn3pcbException) {
bool aIsInPrivateBrowsing) {
MOZ_ASSERT(!mContainsCookie);
// init expiryTime such that session cookies won't prematurely expire
@@ -1005,19 +1005,6 @@ void CookieParser::Parse(const nsACString& aBaseDomain, bool aRequireHostMatch,
return;
}
// If the cookie is on the 3pcd exception list, we apply partitioned
// attribute to the cookie.
if (aOn3pcbException) {
// We send a warning if the cookie doesn't have the partitioned attribute
// in the foreign context.
if (aPartitionedOnly && !mCookieData.isPartitioned() &&
aIsForeignAndNotAddon) {
mWarnings.mForeignNoPartitionedWarning = true;
}
mCookieData.isPartitioned() = true;
}
// If the cookie does not have the partitioned attribute,
// but is foreign we should give the developer a message.
// If CHIPS isn't required yet, we will warn the console
@@ -1033,7 +1020,6 @@ void CookieParser::Parse(const nsACString& aBaseDomain, bool aRequireHostMatch,
RejectCookie(RejectedForeignNoPartitionedError);
return;
}
mWarnings.mForeignNoPartitionedWarning = true;
}

2
netwerk/cookie/CookieParser.h
View File

@@ -50,7 +50,7 @@ class CookieParser final {
CookieStatus aStatus, nsCString& aCookieHeader,
const nsACString& aDateHeader, bool aFromHttp,
bool aIsForeignAndNotAddon, bool aPartitionedOnly,
bool aIsInPrivateBrowsing, bool aOn3pcbException);
bool aIsInPrivateBrowsing);
bool ContainsCookie() const {
MOZ_ASSERT_IF(mContainsCookie, mRejection == NoRejection);

86
netwerk/cookie/CookieService.cpp
View File

@@ -7,7 +7,6 @@
#include "CookieCommons.h"
#include "CookieLogging.h"
#include "CookieParser.h"
#include "CookieService.h"
#include "mozilla/AppShutdown.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/Components.h"
@@ -17,7 +16,6 @@
#include "mozilla/dom/Document.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "mozilla/dom/Promise.h"
#include "mozilla/dom/Promise-inl.h"
#include "mozilla/net/CookieJarSettings.h"
#include "mozilla/net/CookiePersistentStorage.h"
#include "mozilla/net/CookiePrivateStorage.h"
@@ -261,13 +259,6 @@ nsresult CookieService::Init() {
os->AddObserver(this, "profile-do-change", true);
os->AddObserver(this, "last-pb-context-exited", true);
// Initialize the 3PCB exception service.
mThirdPartyCookieBlockingExceptions.Initialize();
RunOnShutdown([self = RefPtr{this}] {
self->mThirdPartyCookieBlockingExceptions.Shutdown();
});
return NS_OK;
}
@@ -586,8 +577,7 @@ CookieService::SetCookieStringFromHttp(nsIURI* aHostURI,
cookieParser.Parse(baseDomain, requireHostMatch, cookieStatus, cookieHeader,
dateHeader, true, isForeignAndNotAddon, mustBePartitioned,
storagePrincipalOriginAttributes.IsPrivateBrowsing(),
loadInfo->GetIsOn3PCBExceptionList());
storagePrincipalOriginAttributes.IsPrivateBrowsing());
if (!cookieParser.ContainsCookie()) {
return NS_OK;
@@ -851,9 +841,6 @@ void CookieService::GetCookiesForURI(
nsCOMPtr<nsIConsoleReportCollector> crc = do_QueryInterface(aChannel);
nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
const bool on3pcdException = loadInfo && loadInfo->GetIsOn3PCBExceptionList();
for (const auto& attrs : aOriginAttrsList) {
CookieStorage* storage = PickStorage(attrs);
@@ -981,16 +968,13 @@ void CookieService::GetCookiesForURI(
// Check if we need to block the cookie because of opt-in partitioning.
// We will only allow partitioned cookies with "partitioned" attribution
// if opt-in partitioning is enabled.
//
// Note: If the cookie is on the 3pcd exception list, we will include
// the cookie.
if (aIsForeign && cookieJarSettings->GetPartitionForeign() &&
(StaticPrefs::network_cookie_cookieBehavior_optInPartitioning() ||
(attrs.IsPrivateBrowsing() &&
StaticPrefs::
network_cookie_cookieBehavior_optInPartitioning_pbmode())) &&
!(cookie->IsPartitioned() && cookie->RawIsPartitioned()) &&
!aStorageAccessPermissionGranted && !on3pcdException) {
!aStorageAccessPermissionGranted) {
continue;
}
@@ -1739,71 +1723,5 @@ void CookieService::AddCookieFromDocument(
aThirdParty, aDocument->GetBrowsingContext());
}
/* static */
void CookieService::Update3PCBExceptionInfo(nsIChannel* aChannel) {
MOZ_ASSERT(aChannel);
MOZ_ASSERT(XRE_IsParentProcess());
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
RefPtr<CookieService> csSingleton = CookieService::GetSingleton();
// Bail out if the channel is a top-level loading. The exception is only
// applicable to third-party loading.
if (loadInfo->GetExternalContentPolicyType() ==
ExtContentPolicy::TYPE_DOCUMENT) {
return;
}
// Bail out earlier if the 3PCB exception service is not initialized.
if (!csSingleton->mThirdPartyCookieBlockingExceptions.IsInitialized()) {
return;
}
// If the channel is triggered by a system principal, we don't need to do
// anything because the channel is for loading system resources.
if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
return;
}
bool isInExceptionList =
csSingleton->mThirdPartyCookieBlockingExceptions.CheckExceptionForChannel(
aChannel);
Unused << loadInfo->SetIsOn3PCBExceptionList(isInExceptionList);
}
NS_IMETHODIMP
CookieService::AddThirdPartyCookieBlockingExceptions(
const nsTArray<RefPtr<nsIThirdPartyCookieExceptionEntry>>& aExceptions) {
for (const auto& ex : aExceptions) {
nsAutoCString exception;
MOZ_ALWAYS_SUCCEEDS(ex->Serialize(exception));
mThirdPartyCookieBlockingExceptions.Insert(exception);
}
return NS_OK;
}
NS_IMETHODIMP
CookieService::RemoveThirdPartyCookieBlockingExceptions(
const nsTArray<RefPtr<nsIThirdPartyCookieExceptionEntry>>& aExceptions) {
for (const auto& ex : aExceptions) {
nsAutoCString exception;
MOZ_ALWAYS_SUCCEEDS(ex->Serialize(exception));
mThirdPartyCookieBlockingExceptions.Remove(exception);
}
return NS_OK;
}
NS_IMETHODIMP
CookieService::TestGet3PCBExceptions(nsTArray<nsCString>& aExceptions) {
aExceptions.Clear();
mThirdPartyCookieBlockingExceptions.GetExceptions(aExceptions);
return NS_OK;
}
} // namespace net
} // namespace mozilla

10
netwerk/cookie/CookieService.h
View File

@@ -13,12 +13,10 @@
#include "Cookie.h"
#include "CookieCommons.h"
#include "ThirdPartyCookieBlockingExceptions.h"
#include "nsString.h"
#include "nsIMemoryReporter.h"
#include "mozilla/MemoryReporting.h"
#include "mozilla/MozPromise.h"
class nsIConsoleReportCollector;
class nsICookieJarSettings;
@@ -60,12 +58,6 @@ class CookieService final : public nsICookieService,
static already_AddRefed<nsICookieService> GetXPCOMSingleton();
nsresult Init();
static void Update3PCBExceptionInfo(nsIChannel* aChannel);
ThirdPartyCookieBlockingExceptions& ThirdPartyCookieBlockingExceptionsRef() {
return mThirdPartyCookieBlockingExceptions;
}
/**
* Start watching the observer service for messages indicating that an app has
* been uninstalled. When an app is uninstalled, we get the cookie service
@@ -134,8 +126,6 @@ class CookieService final : public nsICookieService,
nsCOMPtr<mozIThirdPartyUtil> mThirdPartyUtil;
nsCOMPtr<nsIEffectiveTLDService> mTLDService;
ThirdPartyCookieBlockingExceptions mThirdPartyCookieBlockingExceptions;
// we have two separate Cookie Storages: one for normal browsing and one for
// private browsing.
RefPtr<CookieStorage> mPersistentStorage;

3
netwerk/cookie/CookieServiceChild.cpp
View File

@@ -482,8 +482,7 @@ CookieServiceChild::SetCookieStringFromHttp(nsIURI* aHostURI,
CookieParser parser(crc, aHostURI);
parser.Parse(baseDomain, requireHostMatch, cookieStatus, cookieString,
dateHeader, true, isForeignAndNotAddon, mustBePartitioned,
storagePrincipalOriginAttributes.IsPrivateBrowsing(),
loadInfo->GetIsOn3PCBExceptionList());
storagePrincipalOriginAttributes.IsPrivateBrowsing());
if (!parser.ContainsCookie()) {
continue;
}

249
netwerk/cookie/ThirdPartyCookieBlockingExceptionListService.sys.mjs
View File

@@ -1,249 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const lazy = {};
ChromeUtils.defineESModuleGetters(lazy, {
RemoteSettings: "resource://services-settings/remote-settings.sys.mjs",
});
// Name of the RemoteSettings collection containing the records.
const COLLECTION_NAME = "third-party-cookie-blocking-exempt-urls";
const PREF_NAME = "network.cookie.cookieBehavior.optInPartitioning.skip_list";
export class ThirdPartyCookieBlockingExceptionListService {
classId = Components.ID("{1ee0cc18-c968-4105-a895-bdea08e187eb}");
QueryInterface = ChromeUtils.generateQI([
"nsIThirdPartyCookieBlockingExceptionListService",
]);
#rs = null;
#onSyncCallback = null;
// Sets to keep track of the exceptions in the pref. It uses the string in the
// format "firstPartySite,thirdPartySite" as the key.
#prefValueSet = null;
// Set to keep track of exceptions from RemoteSettings. It uses the same
// keying as above.
#rsValueSet = null;
constructor() {
this.#rs = lazy.RemoteSettings(COLLECTION_NAME);
}
async init() {
await this.importAllExceptions();
Services.prefs.addObserver(PREF_NAME, this);
if (!this.#onSyncCallback) {
this.#onSyncCallback = this.onSync.bind(this);
this.#rs.on("sync", this.#onSyncCallback);
}
// Import for initial pref state.
this.onPrefChange();
}
shutdown() {
Services.prefs.removeObserver(PREF_NAME, this);
if (this.#onSyncCallback) {
this.#rs.off("sync", this.#onSyncCallback);
this.#onSyncCallback = null;
}
}
#handleExceptionChange(created = [], deleted = []) {
if (created.length) {
Services.cookies.addThirdPartyCookieBlockingExceptions(created);
}
if (deleted.length) {
Services.cookies.removeThirdPartyCookieBlockingExceptions(deleted);
}
}
onSync({ data: { created = [], updated = [], deleted = [] } }) {
// Convert the RemoteSettings records to exception entries.
created = created.map(ex =>
ThirdPartyCookieExceptionEntry.fromRemoteSettingsRecord(ex)
);
deleted = deleted.map(ex =>
ThirdPartyCookieExceptionEntry.fromRemoteSettingsRecord(ex)
);
updated.forEach(ex => {
let newEntry = ThirdPartyCookieExceptionEntry.fromRemoteSettingsRecord(
ex.new
);
let oldEntry = ThirdPartyCookieExceptionEntry.fromRemoteSettingsRecord(
ex.old
);
// We only care about changes in the sites.
if (newEntry.equals(oldEntry)) {
return;
}
created.push(newEntry);
deleted.push(oldEntry);
});
this.#rsValueSet ??= new Set();
// Remove items in sitesToRemove
for (const site of deleted) {
this.#rsValueSet.delete(site.serialize());
}
// Add items from sitesToAdd
for (const site of created) {
this.#rsValueSet.add(site.serialize());
}
this.#handleExceptionChange(created, deleted);
}
onPrefChange() {
let newExceptions = Services.prefs.getStringPref(PREF_NAME, "").split(";");
// Convert the exception strings to exception entries.
newExceptions = newExceptions
.map(ex => ThirdPartyCookieExceptionEntry.fromString(ex))
.filter(Boolean);
// If this is the first time we're initializing from pref, we can directly
// call handleExceptionChange to create the exceptions.
if (!this.#prefValueSet) {
this.#handleExceptionChange({
data: { created: newExceptions },
prefUpdate: true,
});
// Serialize the exception entries to the string format and store in the
// pref set.
this.#prefValueSet = new Set(newExceptions.map(ex => ex.serialize()));
return;
}
// Otherwise, we need to check for changes in the pref.
// Find added items
let created = [...newExceptions].filter(
ex => !this.#prefValueSet.has(ex.serialize())
);
// Convert the new exceptions to the string format to check against the pref
// set.
let newExceptionStringSet = new Set(
newExceptions.map(ex => ex.serialize())
);
// Find removed items
let deleted = Array.from(this.#prefValueSet)
.filter(item => !newExceptionStringSet.has(item))
.map(ex => ThirdPartyCookieExceptionEntry.fromString(ex));
// We shouldn't remove the exceptions in the remote settings list.
if (this.#rsValueSet) {
deleted = deleted.filter(ex => !this.#rsValueSet.has(ex.serialize()));
}
this.#prefValueSet = newExceptionStringSet;
// Calling handleExceptionChange to handle the changes.
this.#handleExceptionChange(created, deleted);
}
observe(subject, topic, data) {
if (topic != "nsPref:changed" || data != PREF_NAME) {
throw new Error(`Unexpected event ${topic} with ${data}`);
}
this.onPrefChange();
}
async importAllExceptions() {
try {
let exceptions = await this.#rs.get();
if (!exceptions.length) {
return;
}
this.onSync({ data: { created: exceptions } });
} catch (error) {
console.error(
"Error while importing 3pcb exceptions from RemoteSettings",
error
);
}
}
}
export class ThirdPartyCookieExceptionEntry {
classId = Components.ID("{8200e12c-416c-42eb-8af5-db9745d2e527}");
QueryInterface = ChromeUtils.generateQI([
"nsIThirdPartyCookieExceptionEntry",
]);
constructor(fpSite, tpSite) {
this.firstPartySite = fpSite;
this.thirdPartySite = tpSite;
}
// Serialize the exception entry into a string. This is used for keying the
// exception in the pref and RemoteSettings set.
serialize() {
return `${this.firstPartySite},${this.thirdPartySite}`;
}
equals(other) {
return (
this.firstPartySite === other.firstPartySite &&
this.thirdPartySite === other.thirdPartySite
);
}
static fromString(exStr) {
if (!exStr) {
return null;
}
let [fpSite, tpSite] = exStr.split(",");
try {
fpSite = this.#sanitizeSite(fpSite, true);
tpSite = this.#sanitizeSite(tpSite);
return new ThirdPartyCookieExceptionEntry(fpSite, tpSite);
} catch (e) {
console.error(
`Error while constructing 3pcd exception entry from string`,
exStr
);
return null;
}
}
static fromRemoteSettingsRecord(record) {
try {
let fpSite = this.#sanitizeSite(record.fpSite, true);
let tpSite = this.#sanitizeSite(record.tpSite);
return new ThirdPartyCookieExceptionEntry(fpSite, tpSite);
} catch (e) {
console.error(
`Error while constructing 3pcd exception entry from RemoteSettings record`,
record
);
return null;
}
}
// A helper function to sanitize the site using the eTLD service.
static #sanitizeSite(site, acceptWildcard = false) {
if (acceptWildcard && site === "*") {
return "*";
}
let uri = Services.io.newURI(site);
return Services.eTLD.getSite(uri);
}
}

213
netwerk/cookie/ThirdPartyCookieBlockingExceptions.cpp
View File

@@ -1,213 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ThirdPartyCookieBlockingExceptions.h"
#include "mozilla/Components.h"
#include "mozilla/dom/BrowsingContext.h"
#include "mozilla/dom/CanonicalBrowsingContext.h"
#include "mozilla/dom/Promise.h"
#include "mozilla/dom/Promise-inl.h"
#include "mozilla/dom/WindowGlobalParent.h"
#include "mozilla/ErrorNames.h"
#include "mozilla/Logging.h"
#include "nsIChannel.h"
namespace mozilla {
namespace net {
LazyLogModule g3PCBExceptionLog("3pcbexception");
void ThirdPartyCookieBlockingExceptions::Initialize() {
if (mIsInitialized) {
return;
}
// Get the remote third-party cookie blocking exception list service instance.
nsresult rv;
m3PCBExceptionService = do_GetService(
NS_NSITHIRDPARTYCOOKIEBLOCKINGEXCEPTIONLISTSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS_VOID(rv);
RefPtr<mozilla::dom::Promise> initPromise;
rv = m3PCBExceptionService->Init(getter_AddRefs(initPromise));
NS_ENSURE_SUCCESS_VOID(rv);
// Bail out earlier if we don't have a init promise.
if (!initPromise) {
MOZ_LOG(g3PCBExceptionLog, LogLevel::Error,
("Failed to initialize 3PCB exception service: no init promise"));
return;
}
initPromise->AddCallbacksWithCycleCollectedArgs(
[&self = *this](JSContext*, JS::Handle<JS::Value>,
mozilla::ErrorResult&) { self.mIsInitialized = true; },
[](JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult& error) {
nsresult rv = error.StealNSResult();
nsAutoCString name;
GetErrorName(rv, name);
MOZ_LOG(
g3PCBExceptionLog, LogLevel::Error,
("Failed to initialize 3PCB exception service: %s", name.get()));
});
}
void ThirdPartyCookieBlockingExceptions::Shutdown() {
if (m3PCBExceptionService) {
Unused << m3PCBExceptionService->Shutdown();
m3PCBExceptionService = nullptr;
}
mIsInitialized = false;
}
void ThirdPartyCookieBlockingExceptions::Insert(const nsACString& aException) {
m3PCBExceptionsSet.Insert(aException);
}
void ThirdPartyCookieBlockingExceptions::Remove(const nsACString& aException) {
m3PCBExceptionsSet.Remove(aException);
}
bool ThirdPartyCookieBlockingExceptions::CheckWildcardException(
const nsACString& aThirdPartySite) {
nsAutoCString key;
Create3PCBExceptionKey("*"_ns, aThirdPartySite, key);
return m3PCBExceptionsSet.Contains(key);
}
bool ThirdPartyCookieBlockingExceptions::CheckException(
const nsACString& aFirstPartySite, const nsACString& aThirdPartySite) {
nsAutoCString key;
Create3PCBExceptionKey(aFirstPartySite, aThirdPartySite, key);
return m3PCBExceptionsSet.Contains(key);
}
bool ThirdPartyCookieBlockingExceptions::CheckExceptionForURIs(
nsIURI* aFirstPartyURI, nsIURI* aThirdPartyURI) {
MOZ_ASSERT(XRE_IsParentProcess());
NS_ENSURE_TRUE(aFirstPartyURI, false);
NS_ENSURE_TRUE(aThirdPartyURI, false);
if (!mIsInitialized) {
return false;
}
RefPtr<nsEffectiveTLDService> eTLDService =
nsEffectiveTLDService::GetInstance();
NS_ENSURE_TRUE(eTLDService, false);
nsAutoCString thirdPartySite;
nsresult rv = eTLDService->GetSite(aThirdPartyURI, thirdPartySite);
NS_ENSURE_SUCCESS(rv, false);
bool isInExceptionList = CheckWildcardException(thirdPartySite);
if (isInExceptionList) {
return true;
}
nsAutoCString firstPartySite;
rv = eTLDService->GetSite(aFirstPartyURI, firstPartySite);
NS_ENSURE_SUCCESS(rv, false);
return CheckException(firstPartySite, thirdPartySite);
}
bool ThirdPartyCookieBlockingExceptions::CheckExceptionForChannel(
nsIChannel* aChannel) {
MOZ_ASSERT(XRE_IsParentProcess());
NS_ENSURE_TRUE(aChannel, false);
if (!mIsInitialized) {
return false;
}
RefPtr<nsEffectiveTLDService> eTLDService =
nsEffectiveTLDService::GetInstance();
NS_ENSURE_TRUE(eTLDService, false);
nsCOMPtr<nsIURI> uri;
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, false);
nsAutoCString thirdPartySite;
rv = eTLDService->GetSite(uri, thirdPartySite);
NS_ENSURE_SUCCESS(rv, false);
bool isInExceptionList = CheckWildcardException(thirdPartySite);
if (isInExceptionList) {
return true;
}
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
RefPtr<dom::BrowsingContext> bc;
loadInfo->GetBrowsingContext(getter_AddRefs(bc));
if (!bc) {
bc = loadInfo->GetWorkerAssociatedBrowsingContext();
}
nsAutoCString firstPartySite;
// If the channel is not associated with a browsing context, we will try to
// get the first party site from the partition key.
if (!bc) {
nsCOMPtr<nsICookieJarSettings> cjs;
nsresult rv = loadInfo->GetCookieJarSettings(getter_AddRefs(cjs));
NS_ENSURE_SUCCESS(rv, false);
nsAutoString partitionKey;
rv = cjs->GetPartitionKey(partitionKey);
NS_ENSURE_SUCCESS(rv, false);
nsAutoString site;
if (!OriginAttributes::ExtractSiteFromPartitionKey(partitionKey, site)) {
return false;
}
firstPartySite.Assign(NS_ConvertUTF16toUTF8(site));
} else {
RefPtr<dom::WindowGlobalParent> topWGP =
bc->Top()->Canonical()->GetCurrentWindowGlobal();
if (!topWGP) {
return false;
}
nsCOMPtr<nsIPrincipal> topPrincipal = topWGP->DocumentPrincipal();
// If the top window is an about page, we don't need to do anything. This
// could happen when fetching system resources, such as pocket's images
if (topPrincipal->SchemeIs("about")) {
return false;
}
nsCOMPtr<nsIURI> topURI = topPrincipal->GetURI();
nsAutoCString site;
nsresult rv = eTLDService->GetSite(topURI, firstPartySite);
NS_ENSURE_SUCCESS(rv, false);
}
return CheckException(firstPartySite, thirdPartySite);
}
void ThirdPartyCookieBlockingExceptions::GetExceptions(
nsTArray<nsCString>& aExceptions) {
aExceptions.Clear();
for (const auto& host : m3PCBExceptionsSet) {
aExceptions.AppendElement(host);
}
}
} // namespace net
} // namespace mozilla

75
netwerk/cookie/ThirdPartyCookieBlockingExceptions.h
View File

@@ -1,75 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_net_ThirdPartyCookieBlockingExceptions_h
#define mozilla_net_ThirdPartyCookieBlockingExceptions_h
#include "mozilla/MozPromise.h"
#include "nsEffectiveTLDService.h"
#include "nsString.h"
#include "nsTArray.h"
#include "nsTHashSet.h"
#include "nsIThirdPartyCookieBlockingExceptionListService.h"
class nsIEffectiveTLDService;
class nsIURI;
class nsIChannel;
namespace mozilla {
namespace net {
class ThirdPartyCookieBlockingExceptions final {
public:
// Initializes the foreign cookie blocking exception list.
void Initialize();
// Check if the given top-level and third-party URIs are in the exception
// list.
bool CheckExceptionForURIs(nsIURI* aFirstPartyURI, nsIURI* aThirdPartyURI);
// Check if the given channel is in the exception list.
bool CheckExceptionForChannel(nsIChannel* aChannel);
void Insert(const nsACString& aException);
void Remove(const nsACString& aException);
void GetExceptions(nsTArray<nsCString>& aExceptions);
void Shutdown();
bool IsInitialized() const { return mIsInitialized; }
private:
nsCOMPtr<nsIThirdPartyCookieBlockingExceptionListService>
m3PCBExceptionService;
// A helper function to create a key for the exception list.
static void Create3PCBExceptionKey(const nsACString& aFirstPartySite,
const nsACString& aThirdPartySite,
nsACString& aKey) {
aKey.Truncate();
aKey.Append(aFirstPartySite);
aKey.AppendLiteral(",");
aKey.Append(aThirdPartySite);
}
// Check if the given third-party site is in the wildcard exception list.
// The wildcard exception list is used to allow third-party cookies under
// every top-level site.
bool CheckWildcardException(const nsACString& aThirdPartySite);
// Check if the given first-party and third-party sites are in the exception
// list.
bool CheckException(const nsACString& aFirstPartySite,
const nsACString& aThirdPartySite);
// The flag that indicates if the 3PCB exception service is initialized.
bool mIsInitialized = false;
nsTHashSet<nsCStringHashKey> m3PCBExceptionsSet;
};
} // namespace net
} // namespace mozilla
#endif // mozilla_net_ThirdPartyCookieBlockingExceptions_h

22
netwerk/cookie/components.conf
View File

@@ -1,22 +0,0 @@
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
Classes = [
{
'cid': '{1ee0cc18-c968-4105-a895-bdea08e187eb}',
'contract_ids': ['@mozilla.org/third-party-cookie-blocking-exception-list-service;1'],
'singleton': True,
'esModule': 'resource://gre/modules/ThirdPartyCookieBlockingExceptionListService.sys.mjs',
'constructor': 'ThirdPartyCookieBlockingExceptionListService',
'processes': ProcessSelector.MAIN_PROCESS_ONLY,
},
{
'cid': '{8200e12c-416c-42eb-8af5-db9745d2e527}',
'contract_ids': ['@mozilla.org/third-party-cookie-exception-entry;1'],
'esModule': 'resource://gre/modules/ThirdPartyCookieBlockingExceptionListService.sys.mjs',
'constructor': 'ThirdPartyCookieExceptionEntry',
}
]

11
netwerk/cookie/moz.build
View File

@@ -15,7 +15,6 @@ XPIDL_SOURCES += [
"nsICookieNotification.idl",
"nsICookiePermission.idl",
"nsICookieService.idl",
"nsIThirdPartyCookieBlockingExceptionListService.idl",
]
XPIDL_MODULE = "necko_cookie"
@@ -34,7 +33,6 @@ EXPORTS.mozilla.net = [
"CookieServiceChild.h",
"CookieServiceParent.h",
"CookieStorage.h",
"ThirdPartyCookieBlockingExceptions.h",
]
UNIFIED_SOURCES += [
"Cookie.cpp",
@@ -49,7 +47,6 @@ UNIFIED_SOURCES += [
"CookieServiceChild.cpp",
"CookieServiceParent.cpp",
"CookieStorage.cpp",
"ThirdPartyCookieBlockingExceptions.cpp",
]
XPCSHELL_TESTS_MANIFESTS += [
"test/unit/xpcshell.toml",
@@ -74,18 +71,10 @@ LOCAL_INCLUDES += [
"/netwerk/protocol/http",
]
EXTRA_JS_MODULES += [
"ThirdPartyCookieBlockingExceptionListService.sys.mjs",
]
TESTING_JS_MODULES += [
"CookieXPCShellUtils.sys.mjs",
]
XPCOM_MANIFESTS += [
"components.conf",
]
include("/ipc/chromium/chromium-config.mozbuild")
FINAL_LIBRARY = "xul"

19
netwerk/cookie/nsICookieManager.idl
View File

@@ -5,7 +5,6 @@
#include "nsISupports.idl"
#include "nsICookie.idl"
#include "nsIThirdPartyCookieBlockingExceptionListService.idl"
%{ C++
namespace mozilla {
@@ -296,22 +295,4 @@ interface nsICookieManager : nsISupports
* Retrieves all the cookies that were created on or after aSinceWhen, order
* by creation time */
Array<nsICookie> getCookiesSince(in int64_t aSinceWhen);
/**
* Adds a list of exceptions to the third party cookie blocking exception
* list.
*/
void addThirdPartyCookieBlockingExceptions(
in Array<nsIThirdPartyCookieExceptionEntry> aExcpetions);
/**
* Removes a list of exceptions from the third party cookie blocking
* exception list.
*/
void removeThirdPartyCookieBlockingExceptions(
in Array<nsIThirdPartyCookieExceptionEntry> aExceptions);
// Test getter to inspect remote exception list state.
Array<ACString> testGet3PCBExceptions();
};

40
netwerk/cookie/nsIThirdPartyCookieBlockingExceptionListService.idl
View File

@@ -1,40 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
/**
* Helper for syncing remote exception lists for third-party cookie blocking.
*/
[scriptable, uuid(1ee0cc18-c968-4105-a895-bdea08e187eb)]
interface nsIThirdPartyCookieBlockingExceptionListService : nsISupports {
/**
* Initialize the service and import exceptions.
* Resolves once the initial set of exceptions has been imported.
*/
Promise init();
/**
* Shutdown the service.
*/
void shutdown();
};
[scriptable, uuid(8200e12c-416c-42eb-8af5-db9745d2e527)]
interface nsIThirdPartyCookieExceptionEntry : nsISupports {
// The first-party site of the exception. This can be a wildcard to match all
// first-party sites.
readonly attribute ACString firstPartySite;
// The third-party site of the exception.
readonly attribute ACString thirdPartySite;
// Serialize the entry to a string in the format
// "firstPartySite,thirdPartySite".
ACString serialize();
};
%{C++
#define NS_NSITHIRDPARTYCOOKIEBLOCKINGEXCEPTIONLISTSERVICE_CONTRACTID "@mozilla.org/third-party-cookie-blocking-exception-list-service;1"
%}

9
netwerk/cookie/test/browser/browser.toml
View File

@@ -6,9 +6,6 @@ support-files = [
"head.js"
]
["browser_3pcb_expection.js"]
support-files = ["setFetchCookie.sjs"]
["browser_broadcastChannel.js"]
["browser_chips_partition_cap_child.js"]
@@ -16,9 +13,6 @@ support-files = ["setFetchCookie.sjs"]
["browser_cookie_chips.js"]
support-files = ["chips.sjs"]
["browser_cookie_empty_name_value.js"]
support-files = ["cookie_empty_name_value.sjs"]
["browser_cookie_insecure_overwrites_secure.js"]
["browser_cookie_purge_sync.js"]
@@ -40,6 +34,9 @@ support-files = ["cookies.sjs", "serviceWorker.js"]
["browser_oversize.js"]
support-files = ["oversize.sjs"]
["browser_cookie_empty_name_value.js"]
support-files = ["cookie_empty_name_value.sjs"]
["browser_partitionedConsole.js"]
support-files = ["partitioned.sjs"]

610
netwerk/cookie/test/browser/browser_3pcb_expection.js
View File

@@ -1,610 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
const { RemoteSettings } = ChromeUtils.importESModule(
"resource://services-settings/remote-settings.sys.mjs"
);
const COLLECTION_NAME = "third-party-cookie-blocking-exempt-urls";
const PREF_NAME = "network.cookie.cookieBehavior.optInPartitioning.skip_list";
const FIRST_PARTY_DOMAIN = "example.com";
const THIRD_PARTY_DOMAIN = "example.org";
const ANOTHER_THIRD_PARTY_DOMAIN = "example.net";
const FIRST_PARTY_SITE = `https://${FIRST_PARTY_DOMAIN}`;
const THIRD_PARTY_SITE = `https://${THIRD_PARTY_DOMAIN}`;
const ANOTHER_THIRD_PARTY_SITE = `https://${ANOTHER_THIRD_PARTY_DOMAIN}`;
const FIRST_PARTY_URL = `${FIRST_PARTY_SITE}/${TEST_PATH}/file_empty.html`;
const THIRD_PARTY_URL = `${THIRD_PARTY_SITE}/${TEST_PATH}/file_empty.html`;
// RemoteSettings collection db.
let db;
/**
* Dispatch a RemoteSettings "sync" event.
* @param {Object} data - The event's data payload.
* @param {Object} [data.created] - Records that were created.
* @param {Object} [data.updated] - Records that were updated.
* @param {Object} [data.deleted] - Records that were removed.
*/
async function remoteSettingsSync({ created, updated, deleted }) {
await RemoteSettings(COLLECTION_NAME).emit("sync", {
data: {
created,
updated,
deleted,
},
});
}
/**
* Compare two string arrays ignoring order.
* @param {string[]} arr1 - The first array.
* @param {string[]} arr2 - The second array.
* @returns {boolean} - Whether the arrays match.
*/
const strArrayMatches = (arr1, arr2) =>
arr1.length === arr2.length &&
arr1.sort().every((value, index) => value === arr2.sort()[index]);
/**
* Wait until the 3pcb allow-list matches the expected state.
* @param {string[]} allowedSiteHosts - (Unordered) host list to match.
*/
async function waitForAllowListState(expected) {
// Ensure the site host exception list has been imported correctly.
await BrowserTestUtils.waitForCondition(() => {
return strArrayMatches(Services.cookies.testGet3PCBExceptions(), expected);
}, "Waiting for exceptions to be imported.");
Assert.deepEqual(
Services.cookies.testGet3PCBExceptions().sort(),
expected.sort(),
"Imported the correct site host exceptions"
);
}
/**
* A helper function to create the iframe and the nested ABA iframe.
* @param {Browser} browser The browser where the testing is performed.
* @param {string} firstPartyURL The first party URL.
* @param {string} thirdPartyURL The third party URL.
* @returns {Promise} A promise that resolves to the iframe browsing context
* and the ABA iframe browsing context.
*/
async function createNestedIframes(browser, firstPartyURL, thirdPartyURL) {
return SpecialPowers.spawn(
browser,
[firstPartyURL, thirdPartyURL],
async (firstPartyURL, thirdPartyURL) => {
let iframe = content.document.createElement("iframe");
iframe.src = thirdPartyURL;
await new Promise(resolve => {
iframe.onload = resolve;
content.document.body.appendChild(iframe);
});
let ABABC = await SpecialPowers.spawn(
iframe,
[firstPartyURL],
async firstPartyURL => {
let iframe = content.document.createElement("iframe");
iframe.src = firstPartyURL;
await new Promise(resolve => {
iframe.onload = resolve;
content.document.body.appendChild(iframe);
});
return iframe.browsingContext;
}
);
return { iframeBC: iframe.browsingContext, ABABC };
}
);
}
/**
* A helper function to set third-party cookies in the third-party iframe and
* the ABA iframe.
*
* @param {Browser} browser The browser where the testing is performed.
* @param {CanonicalBrowsingContext} iframeBC The iframe browsing context.
* @param {CanonicalBrowsingContext} ABAABC The ABA browsing context.
*/
async function setThirdPartyCookie(browser, iframeBC, ABABC) {
const THIRD_PARTY_FETCH_COOKIE_URL = `${THIRD_PARTY_SITE}/${TEST_PATH}/setFetchCookie.sjs`;
// Try to set a third-party cookie by fetching from the third-party URL.
await SpecialPowers.spawn(
browser,
[THIRD_PARTY_FETCH_COOKIE_URL],
async url => {
await content.fetch(url, { credentials: "include" });
}
);
// Set a third-party cookie in the third-party iframe.
await SpecialPowers.spawn(iframeBC, [], async _ => {
content.document.cookie = "thirdPartyIframe=value; SameSite=None; Secure;";
});
// Set a ABA cookie in the nested iframe. An ABA cookie is also considered
// as a third-party cookie.
await SpecialPowers.spawn(ABABC, [], async _ => {
content.document.cookie = "ABAIframe=value; SameSite=None; Secure;";
});
}
add_setup(async function () {
await SpecialPowers.pushPrefEnv({
set: [["network.cookie.cookieBehavior.optInPartitioning", true]],
});
// Start with an empty RS collection.
db = RemoteSettings(COLLECTION_NAME).db;
await db.importChanges({}, Date.now(), [], { clear: true });
});
add_task(async function test_3pcb_no_exception() {
// Clear cookies before running the test.
Services.cookies.removeAll();
info("Opening a new tab.");
let tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
FIRST_PARTY_URL
);
let browser = tab.linkedBrowser;
info("Creating iframes and setting third-party cookies.");
let { iframeBC, ABABC } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await setThirdPartyCookie(browser, iframeBC, ABABC);
info("Verifying cookies.");
// Verify in the iframeBC to ensure no cookie is set.
await SpecialPowers.spawn(iframeBC, [], async () => {
let cookies = content.document.cookie;
is(cookies, "", "No cookies should be set in the iframeBC");
});
// Verify in the nested iframe to ensure no cookie is set.
await SpecialPowers.spawn(ABABC, [], async () => {
let cookies = content.document.cookie;
is(cookies, "", "No cookies should be set in the ABA iframe");
});
info("Clean up");
BrowserTestUtils.removeTab(tab);
});
add_task(async function test_3pcb_pref_exception() {
// Clear cookies before running the test.
Services.cookies.removeAll();
await SpecialPowers.pushPrefEnv({
set: [
[
PREF_NAME,
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE};${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
],
],
});
info("Opening a new tab.");
let tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
FIRST_PARTY_URL
);
let browser = tab.linkedBrowser;
info("Creating iframes and setting third-party cookies.");
let { iframeBC, ABABC } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await setThirdPartyCookie(browser, iframeBC, ABABC);
info("Verifying cookies.");
// Verify in the iframeBC to ensure cookies are set.
await SpecialPowers.spawn(iframeBC, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
// Verify in the nested ABA iframe to ensure no cookie is set.
await SpecialPowers.spawn(ABABC, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"ABAIframe=value",
"No cookies should be set in the ABA iframe"
);
});
BrowserTestUtils.removeTab(tab);
info("Clear exceptions and verify cookies are still valid");
await SpecialPowers.pushPrefEnv({
set: [[PREF_NAME, ""]],
});
info("Opening the tab again.");
tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, FIRST_PARTY_URL);
browser = tab.linkedBrowser;
let { iframeBC: iframeBCNew, ABABC: ABABCNew } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await SpecialPowers.spawn(iframeBCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
await SpecialPowers.spawn(ABABCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"ABAIframe=value",
"No cookies should be set in the ABA iframe"
);
});
info("Clean up");
BrowserTestUtils.removeTab(tab);
});
add_task(async function test_3pcb_pref_wildcard_exception() {
// Clear cookies before running the test.
Services.cookies.removeAll();
await SpecialPowers.pushPrefEnv({
set: [[PREF_NAME, `*,${THIRD_PARTY_SITE};*,${FIRST_PARTY_SITE}`]],
});
info("Opening a new tab.");
let tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
FIRST_PARTY_URL
);
let browser = tab.linkedBrowser;
info("Creating iframes and setting third-party cookies.");
let { iframeBC, ABABC } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await setThirdPartyCookie(browser, iframeBC, ABABC);
info("Verifying cookies.");
// Verify in the iframeBC to ensure cookies are set.
await SpecialPowers.spawn(iframeBC, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
// Verify in the nested ABA iframe to ensure no cookie is set.
await SpecialPowers.spawn(ABABC, [], async () => {
let cookies = content.document.cookie;
is(cookies, "ABAIframe=value", "Cookies should be set in the ABA iframe");
});
BrowserTestUtils.removeTab(tab);
info("Clear exceptions and verify cookies are still valid");
await SpecialPowers.pushPrefEnv({
set: [[PREF_NAME, ""]],
});
info("Opening the tab again.");
tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, FIRST_PARTY_URL);
browser = tab.linkedBrowser;
let { iframeBC: iframeBCNew, ABABC: ABABCNew } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await SpecialPowers.spawn(iframeBCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
await SpecialPowers.spawn(ABABCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"ABAIframe=value",
"No cookies should be set in the ABA iframe"
);
});
info("Clean up");
BrowserTestUtils.removeTab(tab);
});
add_task(async function test_3pcb_pref_exception_updates() {
// Start with an empty pref
await SpecialPowers.pushPrefEnv({
set: [[PREF_NAME, ""]],
});
info("Set initial pref value");
Services.prefs.setStringPref(
PREF_NAME,
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE};${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`
);
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Update the pref exception");
Services.prefs.setStringPref(
PREF_NAME,
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE};${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`
);
await waitForAllowListState([
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Remove one exception");
Services.prefs.setStringPref(
PREF_NAME,
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE}`
);
await waitForAllowListState([
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE}`,
]);
info("Remove all exceptions");
Services.prefs.setStringPref(PREF_NAME, "");
await waitForAllowListState([]);
info("Cleanup");
Services.prefs.clearUserPref(PREF_NAME);
});
add_task(async function test_3pcb_rs_exception() {
// Clear cookies before running the test.
Services.cookies.removeAll();
info("Import RS entries.");
let thirdPartyEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: THIRD_PARTY_SITE,
});
let ABAEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: FIRST_PARTY_SITE,
});
await db.importChanges({}, Date.now());
await remoteSettingsSync({ created: [thirdPartyEntry, ABAEntry] });
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Opening a new tab.");
let tab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
FIRST_PARTY_URL
);
let browser = tab.linkedBrowser;
info("Creating iframes and setting third-party cookies.");
let { iframeBC, ABABC } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await setThirdPartyCookie(browser, iframeBC, ABABC);
info("Verifying cookies.");
// Verify in the iframeBC to ensure cookies are set.
await SpecialPowers.spawn(iframeBC, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
// Verify in the nested ABA iframe to ensure the cookie is set.
await SpecialPowers.spawn(ABABC, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"ABAIframe=value",
"No cookies should be set in the ABA iframe"
);
});
BrowserTestUtils.removeTab(tab);
info("Clear exceptions and verify cookies are still valid");
await db.delete(thirdPartyEntry.id);
await db.delete(ABAEntry.id);
await db.importChanges({}, Date.now());
await remoteSettingsSync({
deleted: [thirdPartyEntry, ABAEntry],
});
await waitForAllowListState([]);
info("Opening the tab again.");
tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, FIRST_PARTY_URL);
browser = tab.linkedBrowser;
let { iframeBC: iframeBCNew, ABABC: ABABCNew } = await createNestedIframes(
browser,
FIRST_PARTY_URL,
THIRD_PARTY_URL
);
await SpecialPowers.spawn(iframeBCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"thirdPartyFetch=value; thirdPartyIframe=value",
"Cookies should be set in the iframeBC"
);
});
await SpecialPowers.spawn(ABABCNew, [], async () => {
let cookies = content.document.cookie;
is(
cookies,
"ABAIframe=value",
"No cookies should be set in the ABA iframe"
);
});
info("Clean up");
BrowserTestUtils.removeTab(tab);
await db.clear();
await db.importChanges({}, Date.now());
});
add_task(async function test_3pcb_rs_exception_updates() {
info("Create the third-party entry and the ABA entry.");
let thirdPartyEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: THIRD_PARTY_SITE,
});
let ABAEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: FIRST_PARTY_SITE,
});
await db.importChanges({}, Date.now());
await remoteSettingsSync({ created: [thirdPartyEntry, ABAEntry] });
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Update third-party entry with a different third-party site.");
let thirdPartyEntryUpdated = { ...thirdPartyEntry };
thirdPartyEntryUpdated.tpSite = ANOTHER_THIRD_PARTY_SITE;
await db.update(thirdPartyEntry);
await db.importChanges({}, Date.now());
await remoteSettingsSync({
updated: [{ old: thirdPartyEntry, new: thirdPartyEntryUpdated }],
});
await waitForAllowListState([
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Create another entry and remove the ABA entry.");
let anotherThirdPartyEntry = await db.create({
fpSite: ANOTHER_THIRD_PARTY_SITE,
tpSite: THIRD_PARTY_SITE,
});
await db.delete(ABAEntry.id);
await db.importChanges({}, Date.now());
await remoteSettingsSync({
created: [anotherThirdPartyEntry],
deleted: [ABAEntry],
});
await waitForAllowListState([
`${FIRST_PARTY_SITE},${ANOTHER_THIRD_PARTY_SITE}`,
`${ANOTHER_THIRD_PARTY_SITE},${THIRD_PARTY_SITE}`,
]);
info("Remove all RS entries.");
await db.delete(thirdPartyEntryUpdated.id);
await db.delete(anotherThirdPartyEntry.id);
await db.importChanges({}, Date.now());
await remoteSettingsSync({
deleted: [thirdPartyEntryUpdated, anotherThirdPartyEntry],
});
await waitForAllowListState([]);
info("Clean up");
await db.clear();
await db.importChanges({}, Date.now());
});
add_task(async function test_3pcb_rs_precedence_over_pref() {
info("Create the third-party entry and the ABA entry.");
let thirdPartyEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: THIRD_PARTY_SITE,
});
let ABAEntry = await db.create({
fpSite: FIRST_PARTY_SITE,
tpSite: FIRST_PARTY_SITE,
});
await db.importChanges({}, Date.now());
await remoteSettingsSync({ created: [thirdPartyEntry, ABAEntry] });
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Set the duplicate pref exception.");
// Verify that we don't introduce duplicate exceptions if we set the same
// exception via pref.
await SpecialPowers.pushPrefEnv({
set: [
[
PREF_NAME,
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE};${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
],
],
});
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Remove the pref exception.");
// Verify that the RS exception is still there even if we remove the same
// exception via pref.
await SpecialPowers.pushPrefEnv({
set: [[PREF_NAME, ""]],
});
await waitForAllowListState([
`${FIRST_PARTY_SITE},${THIRD_PARTY_SITE}`,
`${FIRST_PARTY_SITE},${FIRST_PARTY_SITE}`,
]);
info("Clean up");
await db.delete(thirdPartyEntry.id);
await db.delete(ABAEntry.id);
await db.importChanges({}, Date.now());
await remoteSettingsSync({
deleted: [thirdPartyEntry, ABAEntry],
});
await waitForAllowListState([]);
await db.clear();
await db.importChanges({}, Date.now());
});

15
netwerk/cookie/test/browser/setFetchCookie.sjs
View File

@@ -1,15 +0,0 @@
function handleRequest(request, response) {
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader(
"Set-Cookie",
"thirdPartyFetch=value; SameSite=None; Secure;",
false
);
response.setHeader(
"Access-Control-Allow-Origin",
"https://example.com",
false
);
response.setHeader("Access-Control-Allow-Credentials", "true", false);
response.setHeader("Access-Control-Allow-Methods", "GET", false);
}

3
netwerk/ipc/NeckoChannelParams.ipdlh
View File

@@ -133,7 +133,6 @@ struct LoadInfoArgs
bool initialSecurityCheckDone;
bool isInThirdPartyContext;
bool? isThirdPartyContextToTopWindow;
bool isOn3PCBExceptionList;
bool isFormSubmission;
bool isGETRequest;
bool sendCSPViolationEvents;
@@ -291,8 +290,6 @@ struct ParentLoadInfoForwarderArgs
bool isInThirdPartyContext;
bool isOn3PCBExceptionList;
nullable nsIURI unstrippedURI;
// IMPORTANT: when you add new properites here you must also update

5
netwerk/protocol/http/nsHttpChannel.cpp
View File

@@ -72,7 +72,6 @@
#include "nsContentUtils.h"
#include "nsContentSecurityManager.h"
#include "nsIClassOfService.h"
#include "CookieService.h"
#include "nsIPrincipal.h"
#include "nsIScriptError.h"
#include "nsIScriptSecurityManager.h"
@@ -7177,10 +7176,6 @@ nsresult nsHttpChannel::BeginConnect() {
MaybeStartDNSPrefetch();
// Update whether the channel is on the third-party cookie blocking exception
// list.
CookieService::Update3PCBExceptionInfo(this);
rv = CallOrWaitForResume(
[](nsHttpChannel* self) { return self->PrepareToConnect(); });
if (NS_FAILED(rv)) {