wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

bug 1041511 - backout due to instability. r=backout a=backout

Browse Source
This commit is contained in:
Patrick McManus 2014-07-24 09:59:42 -04:00
parent 72bb3ddd42
commit 48709153b8
2 changed files with 39 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
netwerk/base/src/nsNetworkZonePolicy.cpp
View File

@ -294,18 +294,7 @@ nsNetworkZonePolicy::CheckPrivateNetworkPermission(nsIRequest *aRequest,
}
// Find out if this loadgroup's hierarchy allows private loads.
// Skip channel's loadgroup if this is an initial document load to allow for
// top-level navigations.
bool hierarchyAllows = false;
nsLoadFlags flags;
aRequest->GetLoadFlags(&flags);
if (!(flags & nsIChannel::LOAD_DOCUMENT_URI)) {
hierarchyAllows = CheckLoadGroupHierarchy(loadGroup);
} else {
NZPLOG("Doc load Request %p [%s]", aRequest, nameStr.get());
hierarchyAllows = CheckLoadGroupAncestorHierarchies(loadGroup);
}
bool hierarchyAllows = CheckLoadGroupHierarchy(loadGroup);
NZPLOG("LoadGroup %p for request %p [%s] is %s private loads.",
loadGroup.get(), aRequest, nameStr.get(),

132
netwerk/test/unit/test_networkZonePolicy.js
View File

@ -90,7 +90,6 @@ Listener.prototype = {
// Ensure that the pref enables and disables private load restrictions.
function test_basic_NetworkZonePolicy_pref() {
// Create loadgroup and channel for non-doc load.
// Use /failme because we're not going to load this channel.
var loadGroup = Cc["@mozilla.org/network/load-group;1"]
.createInstance(Ci.nsILoadGroup);
var chan = ios.newChannel("http://localhost/failme/", null, null)
@ -109,19 +108,11 @@ function test_basic_NetworkZonePolicy_pref() {
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
// Set permission for doc load; verify permission changed.
// Use /failme because we're not going to load this channel.
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
chan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
nzp.setPrivateNetworkPermission(docChan, false);
// Loadgroup should be set to forbid private loads.
nzp.setPrivateNetworkPermission(chan, false);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, false);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
// Since there is no loadgroup hierarchy, simulating a top-level doc load,
// the doc channel should have permission for private loads.
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Disable pref; ensure restrictions lifted.
prefs.setBoolPref("network.zonepolicy.enabled", false);
@ -129,13 +120,11 @@ function test_basic_NetworkZonePolicy_pref() {
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, false);
// NZP will report that private loads are ok.
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Enable pref again; ensure restrictions are again in play.
prefs.setBoolPref("network.zonepolicy.enabled", true);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, false);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Leaving pref on for the remainder of the tests.
@ -162,18 +151,11 @@ function test_basic_NetworkZonePolicy_and_loadGroup() {
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
// Set permission for doc load; verify permission changed.
// Use /failme because we're not going to load this channel.
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
chan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
nzp.setPrivateNetworkPermission(docChan, false);
nzp.setPrivateNetworkPermission(chan, false);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, false);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
// Since there is no loadgroup hierarchy, simulating a top-level doc load,
// the doc channel should have permission for private loads.
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
run_next_test();
}
@ -181,34 +163,32 @@ function test_basic_NetworkZonePolicy_and_loadGroup() {
// Ensure that NetworkZonePolicy can manage permissions for a channel's
// loadgroup and one of its ancestors. Ancestor is specified by calling
// function.
function test_loadGroup_and_ancestor(loadGroup, ancestor, chan, docChan) {
function test_loadGroup_and_ancestor(loadGroup, ancestor, chan) {
// Verify permission defaults
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
do_check_eq(ancestor.allowLoadsFromPrivateNetworks, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Set permission for non-doc load; verify no changes.
nzp.setPrivateNetworkPermission(chan, false);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
do_check_eq(ancestor.allowLoadsFromPrivateNetworks, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Set permission for doc load; verify permission changed for loadgroup, but
// not for ancestor loadgroup.
nzp.setPrivateNetworkPermission(docChan, false);
chan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
nzp.setPrivateNetworkPermission(chan, false);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, false);
do_check_eq(ancestor.allowLoadsFromPrivateNetworks, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Verify we can set permission allowed again.
nzp.setPrivateNetworkPermission(docChan, true);
nzp.setPrivateNetworkPermission(chan, true);
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
do_check_eq(ancestor.allowLoadsFromPrivateNetworks, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Set ancestor to forbid private loads; verify chan permission forbidden.
ancestor.allowLoadsFromPrivateNetworks = false;
@ -216,17 +196,14 @@ function test_loadGroup_and_ancestor(loadGroup, ancestor, chan, docChan) {
// ... loadgroup's own persmission should still be allow.
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
// ... nzp should not be able to set permission to true.
nzp.setPrivateNetworkPermission(docChan, true);
nzp.setPrivateNetworkPermission(chan, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
// ... and docChan should no longer have permission to load privately.
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), false);
// Reset ancestor and verify.
ancestor.allowLoadsFromPrivateNetworks = true;
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
nzp.setPrivateNetworkPermission(docChan, false);
nzp.setPrivateNetworkPermission(chan, false);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), false);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
}
// Ensure that NetworkZonePolicy can manage permissions for a channel's
@ -240,17 +217,12 @@ function test_basic_NetworkZonePolicy_loadGroup_and_parent() {
.QueryInterface(Ci.nsIHttpChannel);
chan.loadGroup = loadGroup;
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
var parent = Cc["@mozilla.org/network/load-group;1"]
.createInstance(Ci.nsILoadGroup);
loadGroupAsChild.parentLoadGroup = parent;
do_check_eq(parent, loadGroupAsChild.parentLoadGroup);
test_loadGroup_and_ancestor(loadGroup, parent, chan, docChan);
test_loadGroup_and_ancestor(loadGroup, parent, chan);
run_next_test();
}
@ -265,17 +237,12 @@ function test_basic_NetworkZonePolicy_loadGroup_and_owner() {
.QueryInterface(Ci.nsIHttpChannel);
chan.loadGroup = loadGroup;
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
var owner = Cc["@mozilla.org/network/load-group;1"]
.createInstance(Ci.nsILoadGroup);
loadGroup.loadGroup = owner;
do_check_eq(owner, loadGroup.loadGroup);
test_loadGroup_and_ancestor(loadGroup, owner, chan, docChan);
test_loadGroup_and_ancestor(loadGroup, owner, chan);
run_next_test();
}
@ -298,20 +265,14 @@ function test_basic_NetworkZonePolicy_loadGroup_and_docshell() {
.QueryInterface(Ci.nsIHttpChannel);
chan.loadGroup = loadGroup;
// Create a channel for a document load.
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
test_loadGroup_and_ancestor(loadGroup, dsParent, chan, docChan);
test_loadGroup_and_ancestor(loadGroup, dsParent, chan);
run_next_test();
}
// Ensure that a loadgroup's immediate ancestors dictate its private load
// permissions.
function test_loadGroup_immediate_ancestors(isInitialDocLoad) {
function test_loadGroup_immediate_ancestors() {
// Create docshell and docshell parent, and get their loadgroups.
var docShell = Cc["@mozilla.org/docshell;1"].createInstance(Ci.nsIDocShell);
var docShellParent = Cc["@mozilla.org/docshell;1"]
@ -339,30 +300,20 @@ function test_loadGroup_immediate_ancestors(isInitialDocLoad) {
.QueryInterface(Ci.nsIHttpChannel);
chan.loadGroup = loadGroup;
// Create a channel for a document load.
var docChan = ios.newChannel("http://localhost/failme/", null, null)
.QueryInterface(Ci.nsIHttpChannel);
docChan.loadGroup = loadGroup;
docChan.loadFlags |= Ci.nsIChannel.LOAD_DOCUMENT_URI;
// Verify permission defaults
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
do_check_eq(dsParent.allowLoadsFromPrivateNetworks, true);
do_check_eq(owner.allowLoadsFromPrivateNetworks, true);
do_check_eq(parent.allowLoadsFromPrivateNetworks, true);
do_check_eq(nzp.checkPrivateNetworkPermission(chan), true);
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), true);
// Set ancestors to forbid.
for (var i = 0; i < 8; i++) {
dsParent.allowLoadsFromPrivateNetworks = !!(i & 1);
owner.allowLoadsFromPrivateNetworks = !!(i & 2);
parent.allowLoadsFromPrivateNetworks = !!(i & 4);
// Channel's loadgroup should not have changed.
do_check_eq(loadGroup.allowLoadsFromPrivateNetworks, true);
// Permission allowed only when all ancestors allow private loads.
do_check_eq(nzp.checkPrivateNetworkPermission(chan), (i == 7));
do_check_eq(nzp.checkPrivateNetworkPermission(docChan), (i == 7));
}
run_next_test();
@ -401,6 +352,7 @@ function test_single_loadGroup(allowPrivateLoads,
// Same as test_single_loadGroup but for a document load.
function test_single_loadGroup_doc_load(allowPrivateLoads,
expectSuccessfulResponse,
loadGroupAllowsAfter,
urlStr) {
// Create loadgroup and channel for document load.
@ -416,8 +368,8 @@ function test_single_loadGroup_doc_load(allowPrivateLoads,
" private loads for doc load " + urlStr + ".");
loadGroup.allowLoadsFromPrivateNetworks = allowPrivateLoads;
// Note: No loadgroup hierarchy so simulated top-level doc load will succeed.
var listener = new Listener(true, loadGroupAllowsAfter);
// Try to load channel with IP literal.
var listener = new Listener(expectSuccessfulResponse, loadGroupAllowsAfter);
chan.asyncOpen(listener, null);
}
@ -466,13 +418,17 @@ function test_private_cached_entry_same_network(privateLoadAllowed) {
});
}
// Create a private cache entry of a doc load; it should always be allowed.
// be accepted. The load should not go to the network.
// LoadGroup permissions should be set to allow after the response is received.
// Create a private cache entry; if private loads are allowed, the entry will
// be accepted. If not, the entry will be rejected, but since the server is
// localhost the network load should also be rejected.
// LoadGroup permissions should not change after response.
function test_private_cached_entry_same_network_doc_load(privateLoadAllowed) {
var uri = uriBase + "/failme/";
prime_cache_entry(uri, true, ios.networkLinkID, function() {
test_single_loadGroup_doc_load(privateLoadAllowed, true, uri);
test_single_loadGroup_doc_load(privateLoadAllowed,
privateLoadAllowed,
privateLoadAllowed,
uri);
});
}
@ -497,10 +453,13 @@ function test_private_cached_entry_diff_network_doc_load(privateLoadAllowed) {
// We should bypass the cache entry since it was created on a different
// network. As such, use /passme for private loads allowed, and /failme for
// private loads forbidden.
// LoadGroup permissions should allow private loads after the response.
var uri = uriBase + "/passme/";
// LoadGroup permissions should not change after response.
var uri = uriBase + (privateLoadAllowed ? "/passme/" : "/failme/");
prime_cache_entry(uri, true, fakeNetworkID, function() {
test_single_loadGroup_doc_load(privateLoadAllowed, true, uri);
test_single_loadGroup_doc_load(privateLoadAllowed,
privateLoadAllowed,
privateLoadAllowed,
uri);
});
}
@ -512,21 +471,17 @@ function test_public_cached_entry(privateCacheEntryAllowed) {
});
}
// Ensure that publicly cached documents are always loaded.
// Ensure that publicly cached entries are always loaded; doc loads.
function test_public_cached_entry_doc_load(privateCacheEntryAllowed) {
// Create a public cache entry for /failme; the entry should be accepted and
// we should not go to the network.
// LoadGroup permissions should forbid private loads after response.
var uri = uriBase + "/failme/";
prime_cache_entry(uri, false, null, function() {
test_single_loadGroup_doc_load(privateCacheEntryAllowed, false, uri);
test_single_loadGroup_doc_load(privateCacheEntryAllowed, true, false, uri);
});
}
function test_public_to_private_navigation() {
}
//
// Initialization
//
@ -587,21 +542,11 @@ function setup_and_add_tests() {
test_basic_NetworkZonePolicy_pref,
// Verify NetworkZonePolicy can manage loadgroup permisssions.
function test_basic_NetworkZonePolicy_and_loadGroup_non_init_doc() {
test_basic_NetworkZonePolicy_and_loadGroup(false);
},
function test_basic_NetworkZonePolicy_and_loadGroup_init_doc() {
test_basic_NetworkZonePolicy_and_loadGroup(true);
},
test_basic_NetworkZonePolicy_and_loadGroup,
test_basic_NetworkZonePolicy_loadGroup_and_parent,
test_basic_NetworkZonePolicy_loadGroup_and_owner,
test_basic_NetworkZonePolicy_loadGroup_and_docshell,
function test_loadGroup_immediate_ancestors_non_init_doc() {
test_loadGroup_immediate_ancestors(false);
},
function test_loadGroup_immediate_ancestors_init_doc() {
test_loadGroup_immediate_ancestors(true);
},
test_loadGroup_immediate_ancestors,
// Private (localhost) network requests.
function test_network_private_allowed() {
@ -611,10 +556,9 @@ function setup_and_add_tests() {
// Private (localhost) network requests for document loads.
function test_network_private_allowed_doc_load() {
test_single_loadGroup_doc_load(true, true, uriBase + "/passme/"); },
test_single_loadGroup_doc_load(true, true, true, uriBase + "/passme/"); },
function test_network_private_forbidden_doc_load() {
// Simulates top-level doc load; should be allowed.
test_single_loadGroup_doc_load(false, true, uriBase + "/passme/"); },
test_single_loadGroup_doc_load(false, false, false, uriBase + "/failme/"); },
// Private cache entries; same network.
function test_private_cache_same_network_private_allowed() {