Commit 258bda4d authored by Felipe Gomes's avatar Felipe Gomes
Browse files

Bug 1433290 - Remove Block parameter for InstallAddons and Popup policies. r=bytesized

The Block parameters for the InstallAddons policy doesn't make sense because the addons install process has two behaviors:
- Allow
- Ask

So a website that is not explictly in the allow list will always ask for permission before installing an addon. If a sysadmin wants to fully block addon install they can use a different policy.

Similarly, for Popups it's the same thing. There is a conceptually valid use case in that someone can change the _default_ behavior to always allow popups, and then the Block list becomes the allow exceptions to Ask. But that's a corner case that we don't need to support now, since allowing popups globally on the web is a pretty crazy choice.

MozReview-Commit-ID: EzclfLNDgUo

--HG--
extra : rebase_source : 37753de1bad9c09ea89f537f1a80f4eed5494def
parent 5bf13b30
......@@ -212,13 +212,13 @@ var Policies = {
"InstallAddons": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("install", param.Allow, param.Block);
addAllowDenyPermissions("install", param.Allow, null);
}
},
"Popups": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("popup", param.Allow, param.Block);
addAllowDenyPermissions("popup", param.Allow, null);
}
},
......
......@@ -210,13 +210,6 @@
"items": {
"type": "origin"
}
},
"Block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
},
......@@ -232,13 +225,6 @@
"items": {
"type": "origin"
}
},
"Block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
},
......
......@@ -10,15 +10,9 @@ function URI(str) {
add_task(async function test_setup_preexisting_permissions() {
// Pre-existing ALLOW permissions that should be overriden
// with DENY.
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"popup",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"install",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
// No ALLOW -> DENY override for popup and install permissions,
// because their policies only supports the Allow parameter.
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"cookie",
......@@ -75,20 +69,23 @@ function checkPermission(url, expected, permissionName) {
}
}
function checkAllPermissionsForType(type) {
function checkAllPermissionsForType(type, typeSupportsDeny = true) {
checkPermission("allow.com", "ALLOW", type);
checkPermission("deny.com", "DENY", type);
checkPermission("unknown.com", "UNKNOWN", type);
checkPermission("pre-existing-allow.com", "DENY", type);
checkPermission("pre-existing-deny.com", "ALLOW", type);
if (typeSupportsDeny) {
checkPermission("deny.com", "DENY", type);
checkPermission("pre-existing-allow.com", "DENY", type);
}
}
add_task(async function test_popups_policy() {
checkAllPermissionsForType("popup");
checkAllPermissionsForType("popup", false);
});
add_task(async function test_webextensions_policy() {
checkAllPermissionsForType("install");
checkAllPermissionsForType("install", false);
});
add_task(async function test_cookies_policy() {
......@@ -102,15 +99,15 @@ add_task(async function test_flash_policy() {
add_task(async function test_change_permission() {
// Checks that changing a permission will still retain the
// value set through the engine.
Services.perms.add(URI("https://www.allow.com"), "popup",
Services.perms.add(URI("https://www.allow.com"), "cookie",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
checkPermission("allow.com", "ALLOW", "popup");
checkPermission("allow.com", "ALLOW", "cookie");
// Also change one un-managed permission to make sure it doesn't
// cause any problems to the policy engine or the permission manager.
Services.perms.add(URI("https://www.unmanaged.com"), "popup",
Services.perms.add(URI("https://www.unmanaged.com"), "cookie",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
});
......@@ -4,11 +4,6 @@
"Allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"Block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
},
......@@ -28,11 +23,6 @@
"Allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"Block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
},
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment