diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db index 42a71e85a3db..d7c148e98abd 100644 Binary files a/build/pgo/certs/cert9.db and b/build/pgo/certs/cert9.db differ diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db index 49652af0f4a4..894317a2c008 100644 Binary files a/build/pgo/certs/key4.db and b/build/pgo/certs/key4.db differ diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client index f2efad0a6ccf..ccd2f3749cbf 100644 Binary files a/build/pgo/certs/mochitest.client and b/build/pgo/certs/mochitest.client differ diff --git a/build/pgo/server-locations.txt b/build/pgo/server-locations.txt index fa1b2c8aac12..e9394f552f36 100644 --- a/build/pgo/server-locations.txt +++ b/build/pgo/server-locations.txt @@ -204,6 +204,7 @@ http://itisatracker.org:80 http://trackertest.org:80 http://email-tracking.example.org:80 http://consent-manager.example.org:80 +http://anti-fraud.example.org:80 # # Used while testing TLS session ticket resumption for third-party trackers (bug 1500533) @@ -223,6 +224,7 @@ https://social-tracking.example.org:443 https://itisatracker.org:443 https://email-tracking.example.org:443 https://consent-manager.example.org:443 +https://anti-fraud.example.org:443 # # Used while testing flash blocking (Bug 1307604) diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml index 3b4ec1f463c1..3d4e6ce11558 100644 --- a/modules/libpref/init/StaticPrefList.yaml +++ b/modules/libpref/init/StaticPrefList.yaml @@ -15778,20 +15778,20 @@ value: true mirror: always -# Annotate channels based on the anti fraud list -# Note: consent manager annotations will be disabled if tracking protection is disabled +# Annotate channels based on the anti-fraud list +# Note: anti-fraud annotations will be disabled if tracking protection is disabled - name: privacy.trackingprotection.antifraud.annotate_channels type: bool value: true mirror: always -# Skip blocking for consentmanager resources in all modes. +# Skip blocking for anti-fraud resources in all modes. - name: privacy.trackingprotection.antifraud.skip.enabled type: RelaxedAtomicBool value: false mirror: always -# Skip blocking for consentmanager resources in Private Browsing mode. +# Skip blocking for anti-fraud resources in Private Browsing mode. - name: privacy.trackingprotection.antifraud.skip.pbmode.enabled type: RelaxedAtomicBool value: true diff --git a/netwerk/url-classifier/UrlClassifierFeatureAntiFraudAnnotation.cpp b/netwerk/url-classifier/UrlClassifierFeatureAntiFraudAnnotation.cpp index 5b176a1fd944..42d3fbf39507 100644 --- a/netwerk/url-classifier/UrlClassifierFeatureAntiFraudAnnotation.cpp +++ b/netwerk/url-classifier/UrlClassifierFeatureAntiFraudAnnotation.cpp @@ -96,7 +96,8 @@ UrlClassifierFeatureAntiFraudAnnotation::MaybeCreate(nsIChannel* aChannel) { return nullptr; } - // We also don't need to annotate the channel if we are not blocking trackers + // We also don't need to annotate the channel if we are not blocking + // fingerprinters if (!StaticPrefs::privacy_trackingprotection_fingerprinting_enabled()) { return nullptr; } diff --git a/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.sys.mjs b/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.sys.mjs index db4ec8a46bca..7235038148c7 100644 --- a/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.sys.mjs +++ b/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.sys.mjs @@ -21,6 +21,9 @@ const EMAIL_TRACKING_TABLE_PREF = const CONSENTMANAGER_ANNOTATION_TABLE_NAME = "mochitest6-track-simple"; const CONSENTMANAGER_ANNOTATION_TABLE_PREF = "urlclassifier.features.consentmanager.annotate.blocklistTables"; +const ANTIFRAUD_ANNOTATION_TABLE_NAME = "mochitest7-track-simple"; +const ANTIFRAUD_ANNOTATION_TABLE_PREF = + "urlclassifier.features.antifraud.annotate.blocklistTables"; let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); @@ -40,6 +43,7 @@ export var UrlClassifierTestUtils = { let socialTrackingURL = "social-tracking.example.org/"; let emailTrackingURL = "email-tracking.example.org/"; let consentmanagerAnnotationURL = "consent-manager.example.org/"; + let antifraudAnnotationURL = "anti-fraud.example.org/"; let annotationUpdate = "n:1000\ni:" + @@ -74,6 +78,11 @@ export var UrlClassifierTestUtils = { consentmanagerAnnotationURL.length + "\n" + consentmanagerAnnotationURL + + "\n" + + "a:7:32:" + + antifraudAnnotationURL.length + + "\n" + + antifraudAnnotationURL + "\n"; let socialAnnotationUpdate = "n:1000\ni:" + @@ -93,6 +102,15 @@ export var UrlClassifierTestUtils = { "\n" + consentmanagerAnnotationURL + "\n"; + let antifraudAnnotationUpdate = + "n:1000\ni:" + + ANTIFRAUD_ANNOTATION_TABLE_NAME + + "\nad:1\n" + + "a:1:32:" + + antifraudAnnotationURL.length + + "\n" + + antifraudAnnotationURL + + "\n"; let annotationEntitylistUpdate = "n:1000\ni:" + ANNOTATION_ENTITYLIST_TABLE_NAME + @@ -125,6 +143,11 @@ export var UrlClassifierTestUtils = { consentmanagerAnnotationURL.length + "\n" + consentmanagerAnnotationURL + + "\n" + + "a:5:32:" + + antifraudAnnotationURL.length + + "\n" + + antifraudAnnotationURL + "\n"; let socialTrackingUpdate = "n:1000\ni:" + @@ -170,6 +193,11 @@ export var UrlClassifierTestUtils = { name: CONSENTMANAGER_ANNOTATION_TABLE_PREF, update: consentmanagerAnnotationUpdate, }, + { + pref: ANTIFRAUD_ANNOTATION_TABLE_NAME, + name: ANTIFRAUD_ANNOTATION_TABLE_PREF, + update: antifraudAnnotationUpdate, + }, { pref: ANNOTATION_ENTITYLIST_TABLE_PREF, name: ANNOTATION_ENTITYLIST_TABLE_NAME, @@ -223,6 +251,7 @@ export var UrlClassifierTestUtils = { Services.prefs.clearUserPref(ANNOTATION_TABLE_PREF); Services.prefs.clearUserPref(SOCIAL_ANNOTATION_TABLE_PREF); Services.prefs.clearUserPref(CONSENTMANAGER_ANNOTATION_TABLE_PREF); + Services.prefs.clearUserPref(ANTIFRAUD_ANNOTATION_TABLE_PREF); Services.prefs.clearUserPref(ANNOTATION_ENTITYLIST_TABLE_PREF); Services.prefs.clearUserPref(TRACKING_TABLE_PREF); Services.prefs.clearUserPref(SOCIAL_TRACKING_TABLE_PREF); diff --git a/toolkit/components/url-classifier/tests/browser/browser.toml b/toolkit/components/url-classifier/tests/browser/browser.toml index 8d7658542f7e..ff00f66d42b0 100644 --- a/toolkit/components/url-classifier/tests/browser/browser.toml +++ b/toolkit/components/url-classifier/tests/browser/browser.toml @@ -1,9 +1,12 @@ [DEFAULT] support-files = [ + "head.js", "page.html", "raptor.jpg", ] +["browser_antifraud_annotation.js"] + ["browser_consentmanager_annotation.js"] ["browser_emailtracking_telemetry.js"] diff --git a/toolkit/components/url-classifier/tests/browser/browser_antifraud_annotation.js b/toolkit/components/url-classifier/tests/browser/browser_antifraud_annotation.js new file mode 100644 index 000000000000..75ad8881af7a --- /dev/null +++ b/toolkit/components/url-classifier/tests/browser/browser_antifraud_annotation.js @@ -0,0 +1,89 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +let { UrlClassifierTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/UrlClassifierTestUtils.sys.mjs" +); + +const ANTIFRAUD_DOMAIN = "https://anti-fraud.example.org/"; +const ANTIFRAUD_IMAGE = ANTIFRAUD_DOMAIN + TEST_PATH + "raptor.jpg"; + +async function tryLoadingImageAndCheckAntiFraudFlags(tab, shouldLoad) { + let channelCheckPromise = checkChannelClassificationsFlags( + ANTIFRAUD_DOMAIN, + Ci.nsIClassifiedChannel.CLASSIFIED_ANTIFRAUD + ); + + let isImageLoaded = await loadImage(tab.linkedBrowser, ANTIFRAUD_IMAGE); + + if (shouldLoad) { + ok(isImageLoaded, "Image should be loaded"); + } else { + ok(!isImageLoaded, "Image should not be loaded"); + } + + return channelCheckPromise; +} + +add_setup(async function () { + await UrlClassifierTestUtils.addTestTrackers(); + + registerCleanupFunction(function () { + UrlClassifierTestUtils.cleanupTestTrackers(); + }); + + await SpecialPowers.pushPrefEnv({ + set: [ + [ + "urlclassifier.features.antifraud.annotate.blocklistTables", + "mochitest7-track-simple", + ], + + ["privacy.trackingprotection.enabled", true], + ["privacy.trackingprotection.annotate_channels", true], + ["privacy.trackingprotection.cryptomining.enabled", false], + ["privacy.trackingprotection.emailtracking.enabled", false], + ["privacy.trackingprotection.fingerprinting.enabled", false], + ["privacy.trackingprotection.socialtracking.enabled", false], + ["privacy.trackingprotection.consentmanager.annotate_channels", false], + ["privacy.trackingprotection.antifraud.annotate_channels", true], + + ["privacy.trackingprotection.antifraud.skip.enabled", false], + ["privacy.trackingprotection.antifraud.skip.pbmode.enabled", false], + ], + }); +}); + +add_task(async function test_antifraud_annotation_unblocking_off() { + // check antifraud still blocked when skip is disabled + await SpecialPowers.pushPrefEnv({ + set: [["privacy.trackingprotection.fingerprinting.enabled", true]], + }); + + const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_PAGE); + + await tryLoadingImageAndCheckAntiFraudFlags(tab, false); + + await BrowserTestUtils.removeTab(tab); +}); + +add_task(async function test_antifraud_annotation_unblocking_on() { + // check that antifraud not blocked when skip is enabled + await SpecialPowers.pushPrefEnv({ + set: [ + ["privacy.trackingprotection.fingerprinting.enabled", true], + + ["privacy.trackingprotection.antifraud.skip.enabled", true], + ["privacy.trackingprotection.antifraud.skip.pbmode.enabled", true], + ], + }); + + const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_PAGE); + + await tryLoadingImageAndCheckAntiFraudFlags(tab, true); + + await BrowserTestUtils.removeTab(tab); + await SpecialPowers.popPrefEnv(); +}); diff --git a/toolkit/components/url-classifier/tests/browser/browser_consentmanager_annotation.js b/toolkit/components/url-classifier/tests/browser/browser_consentmanager_annotation.js index 66433d09b78d..3f3ff606e085 100644 --- a/toolkit/components/url-classifier/tests/browser/browser_consentmanager_annotation.js +++ b/toolkit/components/url-classifier/tests/browser/browser_consentmanager_annotation.js @@ -7,46 +7,9 @@ let { UrlClassifierTestUtils } = ChromeUtils.importESModule( "resource://testing-common/UrlClassifierTestUtils.sys.mjs" ); -const TEST_DOMAIN = "https://example.com/"; -const TEST_PATH = "browser/toolkit/components/url-classifier/tests/browser/"; - -const TEST_PAGE = TEST_DOMAIN + TEST_PATH + "page.html"; - const CONSENTMANAGER_DOMAIN = "https://consent-manager.example.org/"; const CONSENTMANAGER_IMAGE = CONSENTMANAGER_DOMAIN + TEST_PATH + "raptor.jpg"; -function loadImage(browser, url) { - return SpecialPowers.spawn(browser, [url], page => { - return new Promise(resolve => { - let image = new content.Image(); - image.src = page + "?" + Math.random(); - image.onload = _ => resolve(true); - image.onerror = _ => resolve(false); - }); - }); -} - -function checkChannelClassificationsFlags(expectedURLPrePath, flags) { - return TestUtils.topicObserved("http-on-modify-request", subject => { - let httpChannel = subject.QueryInterface(Ci.nsIHttpChannel); - - if (!httpChannel.URI.spec.startsWith(expectedURLPrePath)) { - // this is not the request we are looking for - // we use the prepath and not the spec because the query is randomly generated in the - // loaded image - return false; - } - - ok( - subject.QueryInterface(Ci.nsIClassifiedChannel).classificationFlags & - flags, - "Classification flags should match expected" - ); - - return true; - }); -} - async function tryLoadingImageAndCheckConsentManagerFlags(tab, shouldLoad) { let channelCheckPromise = checkChannelClassificationsFlags( CONSENTMANAGER_DOMAIN, @@ -84,6 +47,7 @@ add_setup(async function () { ["privacy.trackingprotection.emailtracking.enabled", false], ["privacy.trackingprotection.fingerprinting.enabled", false], ["privacy.trackingprotection.socialtracking.enabled", false], + ["privacy.trackingprotection.antifraud.annotate_channels", false], ["privacy.trackingprotection.consentmanager.annotate_channels", true], ["privacy.trackingprotection.consentmanager.skip.enabled", false], diff --git a/toolkit/components/url-classifier/tests/browser/browser_emailtracking_telemetry.js b/toolkit/components/url-classifier/tests/browser/browser_emailtracking_telemetry.js index 086ca49afe76..36f68b99ac9c 100644 --- a/toolkit/components/url-classifier/tests/browser/browser_emailtracking_telemetry.js +++ b/toolkit/components/url-classifier/tests/browser/browser_emailtracking_telemetry.js @@ -14,7 +14,6 @@ const TEST_EMAIL_WEBAPP_DOMAIN = "https://test1.example.com/"; const EMAIL_TRACKER_DOMAIN = "https://email-tracking.example.org/"; const TEST_PATH = "browser/toolkit/components/url-classifier/tests/browser/"; -const TEST_PAGE = TEST_DOMAIN + TEST_PATH + "page.html"; const TEST_EMAIL_WEBAPP_PAGE = TEST_EMAIL_WEBAPP_DOMAIN + TEST_PATH + "page.html"; @@ -45,17 +44,6 @@ async function clearTelemetry() { .clear(); } -async function loadImage(browser, url) { - return SpecialPowers.spawn(browser, [url], page => { - return new Promise(resolve => { - let image = new content.Image(); - image.src = page + "?" + Math.random(); - image.onload = _ => resolve(true); - image.onerror = _ => resolve(false); - }); - }); -} - async function getTelemetryProbe(key, label, checkCntFn) { let histogram; diff --git a/toolkit/components/url-classifier/tests/browser/head.js b/toolkit/components/url-classifier/tests/browser/head.js new file mode 100644 index 000000000000..0feedb436308 --- /dev/null +++ b/toolkit/components/url-classifier/tests/browser/head.js @@ -0,0 +1,41 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +const TEST_DOMAIN = "https://example.com/"; +const TEST_PATH = "browser/toolkit/components/url-classifier/tests/browser/"; +const TEST_PAGE = TEST_DOMAIN + TEST_PATH + "page.html"; + +async function loadImage(browser, url) { + return SpecialPowers.spawn(browser, [url], page => { + return new Promise(resolve => { + let image = new content.Image(); + image.src = page + "?" + Math.random(); + image.onload = _ => resolve(true); + image.onerror = _ => resolve(false); + }); + }); +} + +function checkChannelClassificationsFlags(expectedURLPrePath, flags) { + return TestUtils.topicObserved("http-on-modify-request", subject => { + let httpChannel = subject.QueryInterface(Ci.nsIHttpChannel); + + if (!httpChannel.URI.spec.startsWith(expectedURLPrePath)) { + // this is not the request we are looking for + // we use the prepath and not the spec because the query is randomly generated in the + // loaded image + return false; + } + + ok( + subject.QueryInterface(Ci.nsIClassifiedChannel).classificationFlags & + flags, + "Classification flags should match expected" + ); + + return true; + }); +}