summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_worker_src.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_worker_src.html')
-rw-r--r--dom/security/test/csp/test_worker_src.html105
1 files changed, 105 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_worker_src.html b/dom/security/test/csp/test_worker_src.html
new file mode 100644
index 0000000000..5aa8f7bc56
--- /dev/null
+++ b/dom/security/test/csp/test_worker_src.html
@@ -0,0 +1,105 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1302667 - Test worker-src</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+SimpleTest.requestLongerTimeout(3);
+
+/* Description of the test:
+ * We load a page inlcuding a worker, a shared worker as well as a
+ * service worker with a CSP of:
+ * >> worker-src https://example.com; child-src 'none'; script-src 'nonce-foo'
+ * and make sure that worker-src governs these three kinds of workers correctly.
+ * In addition, we make sure that child-src as well as script-src is discarded
+ * in case worker-src is specified. Ideally we would use "script-src 'none'" but
+ * we have to allowlist the actual script that spawns the workers, hence the nonce.
+ */
+
+let ALLOWED_HOST = "https://example.com/tests/dom/security/test/csp/";
+let BLOCKED_HOST = "https://test1.example.com/tests/dom/security/test/csp/";
+
+let TESTS = [
+ // allowed
+ ALLOWED_HOST + "file_worker_src_worker_governs.html",
+ ALLOWED_HOST + "file_worker_src_child_governs.html",
+ ALLOWED_HOST + "file_worker_src_script_governs.html",
+ // blocked
+ BLOCKED_HOST + "file_worker_src_worker_governs.html",
+ BLOCKED_HOST + "file_worker_src_child_governs.html",
+ BLOCKED_HOST + "file_worker_src_script_governs.html",
+];
+
+let numberSubTests = 3; // 1 web worker, 1 shared worker, 1 service worker
+let subTestCounter = 0; // keeps track of how many
+let testIndex = 0;
+
+function checkFinish() {
+ subTestCounter = 0;
+ testIndex++;
+ if (testIndex < TESTS.length) {
+ runNextTest();
+ return;
+ }
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+}
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ let href = event.data.href;
+ let result = event.data.result;
+
+ if (href.startsWith("https://example.com")) {
+ if (result == "worker-allowed" ||
+ result == "shared-worker-allowed" ||
+ result == "service-worker-allowed") {
+ ok(true, "allowing worker from https://example.com (" + result + ")");
+ }
+ else {
+ ok(false, "blocking worker from https://example.com (" + result + ")");
+ }
+ }
+ else if (href.startsWith("https://test1.example.com")) {
+ if (result == "worker-blocked" ||
+ result == "shared-worker-blocked" ||
+ result == "service-worker-blocked") {
+ ok(true, "blocking worker from https://test1.example.com (" + result + ")");
+ }
+ else {
+ ok(false, "allowing worker from https://test1.example.com (" + result + ")");
+ }
+ }
+ else {
+ // sanity check, we should never enter that branch, bust just in case...
+ ok(false, "unexpected result: " + result);
+ }
+ subTestCounter++;
+ if (subTestCounter < numberSubTests) {
+ return;
+ }
+ checkFinish();
+}
+
+function runNextTest() {
+ document.getElementById("testframe").src = TESTS[testIndex];
+}
+
+SpecialPowers.pushPrefEnv({"set": [
+ ["dom.serviceWorkers.enabled", true],
+ ["dom.serviceWorkers.testing.enabled", true],
+]}, function() {
+ runNextTest();
+});
+
+</script>
+</body>
+</html>