Opened 5 years ago

Closed 2 years ago

#14057 closed task (wontfix)

Implement a test plan for double key cookie logic

Reported by: michael Owned by: michael
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: brade, mcs, gk, boklm Actual Points:
Parent ID: #3246 Points:
Reviewer: Sponsor:

Description (last modified by michael)

Write a test plan including unit and regression testing, and simplifying QA while supporting reuse.


3rd party consumer and provider hosts

For purposes of analysis (R&D) and validation (QA), implement a real world (as mcs puts it) test harness by configuring at least two divergent (according to RFC6265 5.1.3. Domain Matching) virtual hosts consuming 3rd party content. Implement a cookie provider serving HTTP headers in a 3rd party context (as a IFrame for example.)

Popular website tests

Write verification tests of a set of popular websites consuming 3rd party cookies to prove correct isolation via 1st party contexts. Specify a subset of web application use cases of 3rd party cookies (federated login, shopping cart, gaming) as well as a list of websites for each set.

Regression tests

Implement automated test scripts (possibly using either Mozilla XPCShell or Mochitest) for regression testing. Review #13749 for possible overlap.

Unit tests

Write unit tests (possibly hand typing in the JavaScript browser console) for individual components like host domain matching, cookie searches, cookie blocking, and privacy.thirdparty.isolate condition.

Optional unit tests

Optionally write unit tests (possibly using QUnitJS) for individual components.

Optional peripheral tests

Optionally integrate tests for #3600, leverage ideas from #3546 and #3676, and avoid redundancy with #13749.

Optional addon review

Get cozy with Cookie Monster #4132 and other Firefox addons to optionally broaden the scope of tests.

Child Tickets

Attachments (1)

privacypanel1.png (84.4 KB) - added by michael 5 years ago.
Improvement of pictoral guide to modify default preferences when testing.

Download all attachments as: .zip

Change History (13)

comment:1 Changed 5 years ago by michael

Owner: changed from tbb-team to michael
Status: newassigned

comment:2 Changed 5 years ago by michael

Description: modified (diff)

comment:3 Changed 5 years ago by michael

Keywords: TorBrowserTeam201501 added

comment:4 Changed 5 years ago by mcs

Cc: brade mcs added

comment:5 Changed 5 years ago by michael

It could be useful to consider requirements of #3600 when testing, since validation of double key cookie logic could potentially close (or mitigate) that bug as well.

comment:6 Changed 5 years ago by michael

Description: modified (diff)

comment:7 Changed 5 years ago by michael

Helpful privacy panel settings

Improvement of pictoral guide to modify default preferences when testing.
The Tor Browser default settings are on the left. To properly test this ticket some features must be en/disabled including the example settings on the right.

These settings correspond to several network.cookie.* and privacy.* preferences.


Warning! privacy.thirdparty.isolate = 1 must be manually set using about:config, because no UI exists for party isolation yet.

Last edited 5 years ago by michael (previous) (diff)

comment:8 Changed 5 years ago by gk

Cc: gk added

comment:9 Changed 5 years ago by boklm

Cc: boklm added

Changed 5 years ago by michael

Attachment: privacypanel1.png added

Improvement of pictoral guide to modify default preferences when testing.

comment:10 Changed 5 years ago by michael

Keywords: TorBrowserTeam201506 added; TorBrowserTeam201501 removed

comment:11 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201506 removed

comment:12 Changed 2 years ago by gk

Resolution: wontfix
Status: assignedclosed

No need for those tickets on our side anymore as Mozilla implemented double-keying of cookies which we ship in 7.0a3 when we switch to ESR 52.

Note: See TracTickets for help on using tickets.