summaryrefslogtreecommitdiffstats
path: root/dom/security/test/general
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--dom/security/test/general/browser.ini40
-rw-r--r--dom/security/test/general/browser_test_FTP_console_warning.js45
-rw-r--r--dom/security/test/general/browser_test_assert_systemprincipal_documents.js41
-rw-r--r--dom/security/test/general/browser_test_data_download.js52
-rw-r--r--dom/security/test/general/browser_test_data_text_csv.js47
-rw-r--r--dom/security/test/general/browser_test_framing_error_pages.js63
-rw-r--r--dom/security/test/general/browser_test_referrer_loadInOtherProcess.js151
-rw-r--r--dom/security/test/general/browser_test_report_blocking.js225
-rw-r--r--dom/security/test/general/browser_test_toplevel_data_navigations.js70
-rw-r--r--dom/security/test/general/browser_test_view_image_data_navigation.js73
-rw-r--r--dom/security/test/general/browser_test_xfo_embed_object.js42
-rw-r--r--dom/security/test/general/bug1277803.html11
-rw-r--r--dom/security/test/general/chrome.ini10
-rw-r--r--dom/security/test/general/closeWindow.sjs24
-rw-r--r--dom/security/test/general/favicon_bug1277803.icobin0 -> 1406 bytes
-rw-r--r--dom/security/test/general/file_FTP_console_warning.html14
-rw-r--r--dom/security/test/general/file_assert_systemprincipal_documents.html11
-rw-r--r--dom/security/test/general/file_assert_systemprincipal_documents_iframe.html9
-rw-r--r--dom/security/test/general/file_block_script_wrong_mime_server.sjs34
-rw-r--r--dom/security/test/general/file_block_subresource_redir_to_data.sjs25
-rw-r--r--dom/security/test/general/file_block_toplevel_data_navigation.html17
-rw-r--r--dom/security/test/general/file_block_toplevel_data_navigation2.html41
-rw-r--r--dom/security/test/general/file_block_toplevel_data_navigation3.html16
-rw-r--r--dom/security/test/general/file_block_toplevel_data_redirect.sjs14
-rw-r--r--dom/security/test/general/file_cache_splitting_isloaded.sjs36
-rw-r--r--dom/security/test/general/file_cache_splitting_server.sjs27
-rw-r--r--dom/security/test/general/file_cache_splitting_window.html16
-rw-r--r--dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs46
-rw-r--r--dom/security/test/general/file_data_download.html14
-rw-r--r--dom/security/test/general/file_data_text_csv.html14
-rw-r--r--dom/security/test/general/file_framing_error_pages.sjs24
-rw-r--r--dom/security/test/general/file_framing_error_pages_csp.html7
-rw-r--r--dom/security/test/general/file_framing_error_pages_xfo.html7
-rw-r--r--dom/security/test/general/file_framing_xfo_embed.html7
-rw-r--r--dom/security/test/general/file_framing_xfo_embed_object.sjs7
-rw-r--r--dom/security/test/general/file_framing_xfo_object.html7
-rw-r--r--dom/security/test/general/file_nosniff_navigation.sjs32
-rw-r--r--dom/security/test/general/file_nosniff_navigation_garbage.sjs33
-rw-r--r--dom/security/test/general/file_nosniff_navigation_mismatch.sjs33
-rw-r--r--dom/security/test/general/file_nosniff_testserver.sjs60
-rw-r--r--dom/security/test/general/file_same_site_cookies_about.sjs89
-rw-r--r--dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html34
-rw-r--r--dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html30
-rw-r--r--dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs50
-rw-r--r--dom/security/test/general/file_same_site_cookies_from_script.sjs49
-rw-r--r--dom/security/test/general/file_same_site_cookies_iframe.sjs85
-rw-r--r--dom/security/test/general/file_same_site_cookies_redirect.sjs90
-rw-r--r--dom/security/test/general/file_same_site_cookies_subrequest.sjs75
-rw-r--r--dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs89
-rw-r--r--dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs64
-rw-r--r--dom/security/test/general/file_sec_fetch_websocket_wsh.py6
-rw-r--r--dom/security/test/general/file_toplevel_data_meta_redirect.html10
-rw-r--r--dom/security/test/general/file_toplevel_data_navigations.sjs14
-rw-r--r--dom/security/test/general/file_view_bg_image_data_navigation.html16
-rw-r--r--dom/security/test/general/file_view_image_data_navigation.html12
-rw-r--r--dom/security/test/general/file_xfo_error_page.sjs8
-rw-r--r--dom/security/test/general/mochitest.ini66
-rw-r--r--dom/security/test/general/test_allow_opening_data_json.html39
-rw-r--r--dom/security/test/general/test_allow_opening_data_pdf.html41
-rw-r--r--dom/security/test/general/test_assert_about_page_no_csp.html30
-rw-r--r--dom/security/test/general/test_block_script_wrong_mime.html92
-rw-r--r--dom/security/test/general/test_block_subresource_redir_to_data.html68
-rw-r--r--dom/security/test/general/test_block_toplevel_data_img_navigation.html53
-rw-r--r--dom/security/test/general/test_block_toplevel_data_navigation.html148
-rw-r--r--dom/security/test/general/test_bug1277803.xhtml72
-rw-r--r--dom/security/test/general/test_bug1450853.html58
-rw-r--r--dom/security/test/general/test_cache_split.html159
-rw-r--r--dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html106
-rw-r--r--dom/security/test/general/test_innerhtml_sanitizer.html74
-rw-r--r--dom/security/test/general/test_innerhtml_sanitizer.xhtml73
-rw-r--r--dom/security/test/general/test_nosniff.html88
-rw-r--r--dom/security/test/general/test_nosniff_navigation.html35
-rw-r--r--dom/security/test/general/test_same_site_cookies_about.html116
-rw-r--r--dom/security/test/general/test_same_site_cookies_cross_origin_context.html87
-rw-r--r--dom/security/test/general/test_same_site_cookies_from_script.html86
-rw-r--r--dom/security/test/general/test_same_site_cookies_iframe.html168
-rw-r--r--dom/security/test/general/test_same_site_cookies_laxByDefault.html86
-rw-r--r--dom/security/test/general/test_same_site_cookies_redirect.html101
-rw-r--r--dom/security/test/general/test_same_site_cookies_subrequest.html113
-rw-r--r--dom/security/test/general/test_same_site_cookies_toplevel_nav.html117
-rw-r--r--dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html57
-rw-r--r--dom/security/test/general/test_sec_fetch_websocket.html81
-rw-r--r--dom/security/test/general/test_xfo_error_page.html35
-rw-r--r--dom/security/test/general/window_nosniff_navigation.html95
84 files changed, 4510 insertions, 0 deletions
diff --git a/dom/security/test/general/browser.ini b/dom/security/test/general/browser.ini
new file mode 100644
index 0000000000..62caee52af
--- /dev/null
+++ b/dom/security/test/general/browser.ini
@@ -0,0 +1,40 @@
+[DEFAULT]
+[browser_test_toplevel_data_navigations.js]
+skip-if = (verify && debug && (os == 'mac')) || (debug && (os == 'mac' || os == 'linux')) # Bug 1403815
+support-files =
+ file_toplevel_data_navigations.sjs
+ file_toplevel_data_meta_redirect.html
+[browser_test_data_download.js]
+support-files =
+ file_data_download.html
+[browser_test_data_text_csv.js]
+support-files =
+ file_data_text_csv.html
+[browser_test_view_image_data_navigation.js]
+support-files =
+ file_view_image_data_navigation.html
+ file_view_bg_image_data_navigation.html
+[browser_test_FTP_console_warning.js]
+support-files =
+ file_FTP_console_warning.html
+[browser_test_assert_systemprincipal_documents.js]
+skip-if = !nightly_build
+support-files =
+ file_assert_systemprincipal_documents.html
+ file_assert_systemprincipal_documents_iframe.html
+[browser_test_referrer_loadInOtherProcess.js]
+[browser_test_framing_error_pages.js]
+support-files =
+ file_framing_error_pages_csp.html
+ file_framing_error_pages_xfo.html
+ file_framing_error_pages.sjs
+[browser_test_xfo_embed_object.js]
+support-files =
+ file_framing_xfo_embed.html
+ file_framing_xfo_object.html
+ file_framing_xfo_embed_object.sjs
+[browser_test_report_blocking.js]
+support-files =
+ file_framing_error_pages_xfo.html
+ file_framing_error_pages_csp.html
+ file_framing_error_pages.sjs
diff --git a/dom/security/test/general/browser_test_FTP_console_warning.js b/dom/security/test/general/browser_test_FTP_console_warning.js
new file mode 100644
index 0000000000..f39048537d
--- /dev/null
+++ b/dom/security/test/general/browser_test_FTP_console_warning.js
@@ -0,0 +1,45 @@
+// Description of the test:
+// Ensure that FTP subresource loads trigger a warning in the webconsole.
+"use strict";
+
+function scopedCuImport(path) {
+ const scope = {};
+ ChromeUtils.import(path, scope);
+ return scope;
+}
+
+// These files don't actually exist, we are just looking for messages
+// that indicate that loading those files would have been blocked.
+var seen_files = ["a.html", "b.html", "c.html", "d.png"];
+
+function on_new_message(msgObj) {
+ let text = msgObj.message;
+ if (
+ text.includes("Loading FTP subresource within http(s) page not allowed")
+ ) {
+ // Remove the file in the message from the list.
+ seen_files = seen_files.filter(file => {
+ return !text.includes(file);
+ });
+ }
+}
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://mochi.test:8888"
+);
+const kTestURI = kTestPath + "file_FTP_console_warning.html";
+
+add_task(async function() {
+ // A longer timeout is necessary for this test than the plain mochitests
+ // due to opening a new tab with the web console.
+ requestLongerTimeout(4);
+
+ Services.console.registerListener(on_new_message);
+
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, kTestURI);
+ await BrowserTestUtils.waitForCondition(() => seen_files.length === 0);
+ is(seen_files.length, 0, "All FTP subresources should be blocked");
+
+ Services.console.unregisterListener(on_new_message);
+});
diff --git a/dom/security/test/general/browser_test_assert_systemprincipal_documents.js b/dom/security/test/general/browser_test_assert_systemprincipal_documents.js
new file mode 100644
index 0000000000..25fb2db735
--- /dev/null
+++ b/dom/security/test/general/browser_test_assert_systemprincipal_documents.js
@@ -0,0 +1,41 @@
+//"use strict"
+
+const kTestPath = getRootDirectory(gTestPath);
+const kTestURI = kTestPath + "file_assert_systemprincipal_documents.html";
+
+add_task(async function setup() {
+ // We expect the assertion in function
+ // CheckSystemPrincipalLoads as defined in
+ // file dom/security/nsContentSecurityManager.cpp
+ SimpleTest.expectAssertions(1);
+
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["security.disallow_non_local_systemprincipal_in_tests", true],
+ ["security.allow_unsafe_parent_loads", true],
+ ],
+ });
+});
+
+add_task(async function open_test_iframe_in_tab() {
+ // This looks at the iframe (load type SUBDOCUMENT)
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url: kTestURI },
+ async browser => {
+ await SpecialPowers.spawn(browser, [], async function() {
+ let outerPrincipal = content.document.nodePrincipal;
+ ok(
+ outerPrincipal.isSystemPrincipal,
+ "Sanity: Using SystemPrincipal for test file on chrome://"
+ );
+ const iframeDoc = content.document.getElementById("testframe")
+ .contentDocument;
+ is(
+ iframeDoc.body.innerHTML,
+ "",
+ "iframe with systemprincipal should be empty document"
+ );
+ });
+ }
+ );
+});
diff --git a/dom/security/test/general/browser_test_data_download.js b/dom/security/test/general/browser_test_data_download.js
new file mode 100644
index 0000000000..387572c125
--- /dev/null
+++ b/dom/security/test/general/browser_test_data_download.js
@@ -0,0 +1,52 @@
+"use strict";
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+const kTestURI = kTestPath + "file_data_download.html";
+
+function addWindowListener(aURL, aCallback) {
+ Services.wm.addListener({
+ onOpenWindow(aXULWindow) {
+ info("window opened, waiting for focus");
+ Services.wm.removeListener(this);
+ var domwindow = aXULWindow.docShell.domWindow;
+ waitForFocus(function() {
+ is(
+ domwindow.document.location.href,
+ aURL,
+ "should have seen the right window open"
+ );
+ aCallback(domwindow);
+ }, domwindow);
+ },
+ onCloseWindow(aXULWindow) {},
+ });
+}
+
+function test() {
+ waitForExplicitFinish();
+ Services.prefs.setBoolPref(
+ "security.data_uri.block_toplevel_data_uri_navigations",
+ true
+ );
+ registerCleanupFunction(function() {
+ Services.prefs.clearUserPref(
+ "security.data_uri.block_toplevel_data_uri_navigations"
+ );
+ });
+ addWindowListener(
+ "chrome://mozapps/content/downloads/unknownContentType.xhtml",
+ function(win) {
+ is(
+ win.document.getElementById("location").value,
+ "data-foo.html",
+ "file name of download should match"
+ );
+ win.close();
+ finish();
+ }
+ );
+ BrowserTestUtils.loadURI(gBrowser, kTestURI);
+}
diff --git a/dom/security/test/general/browser_test_data_text_csv.js b/dom/security/test/general/browser_test_data_text_csv.js
new file mode 100644
index 0000000000..6a116491e6
--- /dev/null
+++ b/dom/security/test/general/browser_test_data_text_csv.js
@@ -0,0 +1,47 @@
+"use strict";
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+const kTestURI = kTestPath + "file_data_text_csv.html";
+
+function addWindowListener(aURL, aCallback) {
+ return new Promise(resolve => {
+ Services.wm.addListener({
+ onOpenWindow(aXULWindow) {
+ info("window opened, waiting for focus");
+ Services.wm.removeListener(this);
+ var domwindow = aXULWindow.docShell.domWindow;
+ waitForFocus(function() {
+ is(
+ domwindow.document.location.href,
+ aURL,
+ "should have seen the right window open"
+ );
+ resolve(domwindow);
+ }, domwindow);
+ },
+ onCloseWindow(aXULWindow) {},
+ });
+ });
+}
+
+add_task(async function() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+ let windowPromise = addWindowListener(
+ "chrome://mozapps/content/downloads/unknownContentType.xhtml"
+ );
+ BrowserTestUtils.loadURI(gBrowser, kTestURI);
+ let win = await windowPromise;
+
+ let expectedValue = "text/csv;foo,bar,foobar";
+ is(
+ win.document.getElementById("location").value,
+ expectedValue,
+ "file name of download should match"
+ );
+ win.close();
+});
diff --git a/dom/security/test/general/browser_test_framing_error_pages.js b/dom/security/test/general/browser_test_framing_error_pages.js
new file mode 100644
index 0000000000..5087f25119
--- /dev/null
+++ b/dom/security/test/general/browser_test_framing_error_pages.js
@@ -0,0 +1,63 @@
+"use strict";
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html";
+const kTestXFrameOptionsURIFrame =
+ kTestPath + "file_framing_error_pages.sjs?xfo";
+
+const kTestFrameAncestorsURI = kTestPath + "file_framing_error_pages_csp.html";
+const kTestFrameAncestorsURIFrame =
+ kTestPath + "file_framing_error_pages.sjs?csp";
+
+add_task(async function open_test_xfo_error_page() {
+ await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
+ let loaded = BrowserTestUtils.browserLoaded(
+ browser,
+ true,
+ kTestXFrameOptionsURIFrame,
+ true
+ );
+ BrowserTestUtils.loadURI(browser, kTestXFrameOptionsURI);
+ await loaded;
+
+ await SpecialPowers.spawn(browser, [], async function() {
+ const iframeDoc = content.document.getElementById("testframe")
+ .contentDocument;
+ let errorPage = iframeDoc.body.innerHTML;
+ ok(
+ errorPage.includes(
+ "This page has an X-Frame-Options policy that prevents it from being loaded in this context"
+ ),
+ "xfo error page correct"
+ );
+ });
+ });
+});
+
+add_task(async function open_test_csp_frame_ancestor_error_page() {
+ await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
+ let loaded = BrowserTestUtils.browserLoaded(
+ browser,
+ true,
+ kTestFrameAncestorsURIFrame,
+ true
+ );
+ BrowserTestUtils.loadURI(browser, kTestFrameAncestorsURI);
+ await loaded;
+
+ await SpecialPowers.spawn(browser, [], async function() {
+ const iframeDoc = content.document.getElementById("testframe")
+ .contentDocument;
+ let errorPage = iframeDoc.body.innerHTML;
+ ok(
+ errorPage.includes(
+ "This page has a content security policy that prevents it from being loaded in this way"
+ ),
+ "csp error page correct"
+ );
+ });
+ });
+});
diff --git a/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js b/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js
new file mode 100644
index 0000000000..dab8d0d057
--- /dev/null
+++ b/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js
@@ -0,0 +1,151 @@
+const TEST_PAGE =
+ "http://example.org/browser/browser/base/content/test/general/dummy_page.html";
+const TEST_REFERRER = "http://mochi.test:8888/";
+
+const ReferrerInfo = Components.Constructor(
+ "@mozilla.org/referrer-info;1",
+ "nsIReferrerInfo",
+ "init"
+);
+
+let referrerInfo = new ReferrerInfo(
+ Ci.nsIReferrerInfo.ORIGIN,
+ true,
+ Services.io.newURI(TEST_REFERRER)
+);
+let deReferrerInfo = E10SUtils.serializeReferrerInfo(referrerInfo);
+
+var checkResult = async function(isRemote, browserKey, uri) {
+ is(
+ gBrowser.selectedBrowser.isRemoteBrowser,
+ isRemote,
+ "isRemoteBrowser should be correct"
+ );
+
+ is(
+ gBrowser.selectedBrowser.permanentKey,
+ browserKey,
+ "browser.permanentKey should be correct"
+ );
+
+ if (SpecialPowers.Services.appinfo.sessionHistoryInParent) {
+ let sessionHistory =
+ gBrowser.selectedBrowser.browsingContext.sessionHistory;
+ let entry = sessionHistory.getEntryAtIndex(sessionHistory.count - 1);
+ let args = { uri, referrerInfo: deReferrerInfo, isRemote };
+ Assert.equal(entry.URI.spec, args.uri, "Uri should be correct");
+
+ // Main process like about:mozilla does not trigger the real network request.
+ // So we don't store referrerInfo in sessionHistory in that case.
+ // Besides, the referrerInfo stored in sessionHistory was computed, we only
+ // check pre-computed things.
+ if (args.isRemote) {
+ let resultReferrerInfo = entry.referrerInfo;
+ let expectedReferrerInfo = E10SUtils.deserializeReferrerInfo(
+ args.referrerInfo
+ );
+
+ Assert.equal(
+ resultReferrerInfo.originalReferrer.spec,
+ expectedReferrerInfo.originalReferrer.spec,
+ "originalReferrer should be correct"
+ );
+ Assert.equal(
+ resultReferrerInfo.sendReferrer,
+ expectedReferrerInfo.sendReferrer,
+ "sendReferrer should be correct"
+ );
+ Assert.equal(
+ resultReferrerInfo.referrerPolicy,
+ expectedReferrerInfo.referrerPolicy,
+ "referrerPolicy should be correct"
+ );
+ } else {
+ Assert.equal(entry.referrerInfo, null, "ReferrerInfo should be correct");
+ }
+
+ return;
+ }
+
+ await SpecialPowers.spawn(
+ gBrowser.selectedBrowser,
+ [{ uri, referrerInfo: deReferrerInfo, isRemote }],
+ async function(args) {
+ let webNav = content.docShell.QueryInterface(Ci.nsIWebNavigation);
+ let sessionHistory = webNav.sessionHistory;
+ let entry = sessionHistory.legacySHistory.getEntryAtIndex(
+ sessionHistory.count - 1
+ );
+
+ var { E10SUtils } = SpecialPowers.Cu.import(
+ "resource://gre/modules/E10SUtils.jsm"
+ );
+
+ Assert.equal(entry.URI.spec, args.uri, "Uri should be correct");
+
+ // Main process like about:mozilla does not trigger the real network request.
+ // So we don't store referrerInfo in sessionHistory in that case.
+ // Besides, the referrerInfo stored in sessionHistory was computed, we only
+ // check pre-computed things.
+ if (args.isRemote) {
+ let resultReferrerInfo = entry.referrerInfo;
+ let expectedReferrerInfo = E10SUtils.deserializeReferrerInfo(
+ args.referrerInfo
+ );
+
+ Assert.equal(
+ resultReferrerInfo.originalReferrer.spec,
+ expectedReferrerInfo.originalReferrer.spec,
+ "originalReferrer should be correct"
+ );
+ Assert.equal(
+ resultReferrerInfo.sendReferrer,
+ expectedReferrerInfo.sendReferrer,
+ "sendReferrer should be correct"
+ );
+ Assert.equal(
+ resultReferrerInfo.referrerPolicy,
+ expectedReferrerInfo.referrerPolicy,
+ "referrerPolicy should be correct"
+ );
+ } else {
+ Assert.equal(
+ entry.referrerInfo,
+ null,
+ "ReferrerInfo should be correct"
+ );
+ }
+ }
+ );
+};
+var waitForLoad = async function(uri) {
+ info("waitForLoad " + uri);
+ let loadURIOptions = {
+ triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+ referrerInfo,
+ };
+ gBrowser.selectedBrowser.webNavigation.loadURI(uri, loadURIOptions);
+
+ await BrowserTestUtils.browserStopped(gBrowser, uri);
+};
+
+// Tests referrerInfo when navigating from a page in the remote process to main
+// process and vice versa.
+add_task(async function test_navigation() {
+ // Navigate from non remote to remote
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank");
+ let testURI = TEST_PAGE;
+ let { permanentKey } = gBrowser.selectedBrowser;
+ await waitForLoad(testURI);
+ await checkResult(true, permanentKey, testURI);
+ gBrowser.removeCurrentTab();
+
+ // Navigate from remote to non-remote
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TEST_PAGE);
+ testURI = "about:mozilla";
+ permanentKey = gBrowser.selectedBrowser.permanentKey;
+ await waitForLoad(testURI);
+ await checkResult(false, permanentKey, testURI);
+
+ gBrowser.removeCurrentTab();
+});
diff --git a/dom/security/test/general/browser_test_report_blocking.js b/dom/security/test/general/browser_test_report_blocking.js
new file mode 100644
index 0000000000..5431d635d5
--- /dev/null
+++ b/dom/security/test/general/browser_test_report_blocking.js
@@ -0,0 +1,225 @@
+"use strict";
+
+const { TelemetryArchiveTesting } = ChromeUtils.import(
+ "resource://testing-common/TelemetryArchiveTesting.jsm"
+);
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+
+const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html";
+const kTestCspURI = kTestPath + "file_framing_error_pages_csp.html";
+const kTestXFrameOptionsURIFrame =
+ kTestPath + "file_framing_error_pages.sjs?xfo";
+const kTestCspURIFrame = kTestPath + "file_framing_error_pages.sjs?csp";
+
+const kTestExpectedPingXFO = [
+ [["payload", "error_type"], "xfo"],
+ [["payload", "xfo_header"], "deny"],
+ [["payload", "csp_header"], ""],
+ [["payload", "frame_hostname"], "example.com"],
+ [["payload", "top_hostname"], "example.com"],
+ [
+ ["payload", "frame_uri"],
+ "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs",
+ ],
+ [
+ ["payload", "top_uri"],
+ "http//example.com/browser/dom/security/test/general/file_framing_error_pages_xfo.html",
+ ],
+];
+
+const kTestExpectedPingCSP = [
+ [["payload", "error_type"], "csp"],
+ [["payload", "xfo_header"], ""],
+ [["payload", "csp_header"], "'none'"],
+ [["payload", "frame_hostname"], "example.com"],
+ [["payload", "top_hostname"], "example.com"],
+ [
+ ["payload", "frame_uri"],
+ "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs",
+ ],
+ [
+ ["payload", "top_uri"],
+ "http//example.com/browser/dom/security/test/general/file_framing_error_pages_csp.html",
+ ],
+];
+
+const TEST_CASES = [
+ {
+ type: "xfo",
+ test_uri: kTestXFrameOptionsURI,
+ frame_uri: kTestXFrameOptionsURIFrame,
+ expected_msg:
+ "This page has an X-Frame-Options policy that prevents it from being loaded in this context",
+ expected_ping: kTestExpectedPingXFO,
+ },
+ {
+ type: "csp",
+ test_uri: kTestCspURI,
+ frame_uri: kTestCspURIFrame,
+ expected_msg:
+ "This page has a content security policy that prevents it from being loaded in this way",
+ expected_ping: kTestExpectedPingCSP,
+ },
+];
+
+add_task(async function setup() {
+ Services.telemetry.setEventRecordingEnabled("security.ui.xfocsperror", true);
+
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["security.xfocsp.errorReporting.enabled", true],
+ ["security.xfocsp.errorReporting.automatic", false],
+ ],
+ });
+});
+
+add_task(async function testReportingCases() {
+ for (const test of TEST_CASES) {
+ await testReporting(test);
+ }
+});
+
+async function testReporting(test) {
+ // Clear telemetry event before testing.
+ Services.telemetry.clearEvents();
+
+ let telemetryChecker = new TelemetryArchiveTesting.Checker();
+ await telemetryChecker.promiseInit();
+
+ let tab = await BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ "about:blank"
+ );
+ let browser = tab.linkedBrowser;
+
+ let loaded = BrowserTestUtils.browserLoaded(
+ browser,
+ true,
+ test.frame_uri,
+ true
+ );
+ BrowserTestUtils.loadURI(browser, test.test_uri);
+ await loaded;
+
+ let { type, expected_msg } = test;
+
+ let frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+ const iframe = content.document.getElementById("testframe");
+ return iframe.browsingContext;
+ });
+
+ await SpecialPowers.spawn(frameBC, [{ type, expected_msg }], async obj => {
+ // Wait until the reporting UI is visible.
+ await ContentTaskUtils.waitForCondition(() => {
+ let reportUI = content.document.getElementById("blockingErrorReporting");
+ return ContentTaskUtils.is_visible(reportUI);
+ });
+
+ let errorPage = content.document.body.innerHTML;
+ ok(errorPage.includes(obj.expected_msg), `${obj.type} error page correct`);
+
+ let reportCheckBox = content.document.getElementById(
+ "automaticallyReportBlockingInFuture"
+ );
+ is(
+ reportCheckBox.checked,
+ false,
+ "The checkbox of the reporting ui should be not checked."
+ );
+
+ // Click on the checkbox.
+ await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content);
+ });
+ BrowserTestUtils.removeTab(tab);
+
+ // Open the error page again
+ tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank");
+ browser = tab.linkedBrowser;
+
+ loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true);
+ BrowserTestUtils.loadURI(browser, test.test_uri);
+ await loaded;
+
+ frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+ const iframe = content.document.getElementById("testframe");
+ return iframe.browsingContext;
+ });
+
+ await SpecialPowers.spawn(frameBC, [], async _ => {
+ // Wait until the reporting UI is visible.
+ await ContentTaskUtils.waitForCondition(() => {
+ let reportUI = content.document.getElementById("blockingErrorReporting");
+ return ContentTaskUtils.is_visible(reportUI);
+ });
+
+ let reportCheckBox = content.document.getElementById(
+ "automaticallyReportBlockingInFuture"
+ );
+ is(
+ reportCheckBox.checked,
+ true,
+ "The checkbox of the reporting ui should be checked."
+ );
+
+ // Click on the checkbox again to disable the reporting.
+ await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content);
+
+ is(
+ reportCheckBox.checked,
+ false,
+ "The checkbox of the reporting ui should be unchecked."
+ );
+ });
+ BrowserTestUtils.removeTab(tab);
+
+ // Open the error page again to see if the reporting is disabled.
+ tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank");
+ browser = tab.linkedBrowser;
+
+ loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true);
+ BrowserTestUtils.loadURI(browser, test.test_uri);
+ await loaded;
+
+ frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+ const iframe = content.document.getElementById("testframe");
+ return iframe.browsingContext;
+ });
+
+ await SpecialPowers.spawn(frameBC, [], async _ => {
+ // Wait until the reporting UI is visible.
+ await ContentTaskUtils.waitForCondition(() => {
+ let reportUI = content.document.getElementById("blockingErrorReporting");
+ return ContentTaskUtils.is_visible(reportUI);
+ });
+
+ let reportCheckBox = content.document.getElementById(
+ "automaticallyReportBlockingInFuture"
+ );
+ is(
+ reportCheckBox.checked,
+ false,
+ "The checkbox of the reporting ui should be unchecked."
+ );
+ });
+ BrowserTestUtils.removeTab(tab);
+
+ // Finally, check if the ping has been archived.
+ await new Promise(resolve => {
+ telemetryChecker
+ .promiseFindPing("xfocsp-error-report", test.expected_ping)
+ .then(
+ found => {
+ ok(found, "Telemetry ping submitted successfully");
+ resolve();
+ },
+ err => {
+ ok(false, "Exception finding telemetry ping: " + err);
+ resolve();
+ }
+ );
+ });
+}
diff --git a/dom/security/test/general/browser_test_toplevel_data_navigations.js b/dom/security/test/general/browser_test_toplevel_data_navigations.js
new file mode 100644
index 0000000000..9219047eac
--- /dev/null
+++ b/dom/security/test/general/browser_test_toplevel_data_navigations.js
@@ -0,0 +1,70 @@
+/* eslint-disable mozilla/no-arbitrary-setTimeout */
+
+"use strict";
+
+const kDataBody = "toplevel navigation to data: URI allowed";
+const kDataURI = "data:text/html,<body>" + kDataBody + "</body>";
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+const kRedirectURI = kTestPath + "file_toplevel_data_navigations.sjs";
+const kMetaRedirectURI = kTestPath + "file_toplevel_data_meta_redirect.html";
+
+add_task(async function test_nav_data_uri() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+ await BrowserTestUtils.withNewTab(kDataURI, async function(browser) {
+ await SpecialPowers.spawn(
+ gBrowser.selectedBrowser,
+ [{ kDataBody }],
+ async function({ kDataBody }) {
+ // eslint-disable-line
+ is(
+ content.document.body.innerHTML,
+ kDataBody,
+ "data: URI navigation from system should be allowed"
+ );
+ }
+ );
+ });
+});
+
+add_task(async function test_nav_data_uri_redirect() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+ let tab = BrowserTestUtils.addTab(gBrowser, kRedirectURI);
+ registerCleanupFunction(async function() {
+ BrowserTestUtils.removeTab(tab);
+ });
+ // wait to make sure data: URI did not load before checking that it got blocked
+ await new Promise(resolve => setTimeout(resolve, 500));
+ await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function() {
+ is(
+ content.document.body.innerHTML,
+ "",
+ "data: URI navigation after server redirect should be blocked"
+ );
+ });
+});
+
+add_task(async function test_nav_data_uri_meta_redirect() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+ let tab = BrowserTestUtils.addTab(gBrowser, kMetaRedirectURI);
+ registerCleanupFunction(async function() {
+ BrowserTestUtils.removeTab(tab);
+ });
+ // wait to make sure data: URI did not load before checking that it got blocked
+ await new Promise(resolve => setTimeout(resolve, 500));
+ await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function() {
+ is(
+ content.document.body.innerHTML,
+ "",
+ "data: URI navigation after meta redirect should be blocked"
+ );
+ });
+});
diff --git a/dom/security/test/general/browser_test_view_image_data_navigation.js b/dom/security/test/general/browser_test_view_image_data_navigation.js
new file mode 100644
index 0000000000..19548b63aa
--- /dev/null
+++ b/dom/security/test/general/browser_test_view_image_data_navigation.js
@@ -0,0 +1,73 @@
+"use strict";
+
+add_task(async function test_principal_right_click_open_link_in_new_tab() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+
+ const TEST_PAGE =
+ getRootDirectory(gTestPath) + "file_view_image_data_navigation.html";
+
+ await BrowserTestUtils.withNewTab(TEST_PAGE, async function(browser) {
+ let loadPromise = BrowserTestUtils.browserLoaded(
+ gBrowser.selectedBrowser,
+ true
+ );
+
+ // simulate right-click->view-image
+ BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
+ // These are operations that must be executed synchronously with the event.
+ document.getElementById("context-viewimage").doCommand();
+ event.target.hidePopup();
+ return true;
+ });
+ BrowserTestUtils.synthesizeMouseAtCenter(
+ "#testimage",
+ { type: "contextmenu", button: 2 },
+ gBrowser.selectedBrowser
+ );
+ await loadPromise;
+
+ let spec = gBrowser.selectedBrowser.currentURI.spec;
+ ok(
+ spec.startsWith("data:image/svg+xml;"),
+ "data:image/svg navigation allowed through right-click view-image"
+ );
+ });
+});
+
+add_task(async function test_right_click_open_bg_image() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+ });
+
+ const TEST_PAGE =
+ getRootDirectory(gTestPath) + "file_view_bg_image_data_navigation.html";
+
+ await BrowserTestUtils.withNewTab(TEST_PAGE, async function(browser) {
+ let loadPromise = BrowserTestUtils.browserLoaded(
+ gBrowser.selectedBrowser,
+ true
+ );
+
+ // simulate right-click->view-bg-image
+ BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
+ // These are operations that must be executed synchronously with the event.
+ document.getElementById("context-viewbgimage").doCommand();
+ event.target.hidePopup();
+ return true;
+ });
+ BrowserTestUtils.synthesizeMouseAtCenter(
+ "#testbody",
+ { type: "contextmenu", button: 2 },
+ gBrowser.selectedBrowser
+ );
+ await loadPromise;
+
+ let spec = gBrowser.selectedBrowser.currentURI.spec;
+ ok(
+ spec.startsWith("data:image/svg+xml;"),
+ "data:image/svg navigation allowed through right-click view-bg-image"
+ );
+ });
+});
diff --git a/dom/security/test/general/browser_test_xfo_embed_object.js b/dom/security/test/general/browser_test_xfo_embed_object.js
new file mode 100644
index 0000000000..23ccf609e7
--- /dev/null
+++ b/dom/security/test/general/browser_test_xfo_embed_object.js
@@ -0,0 +1,42 @@
+"use strict";
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "http://example.com"
+);
+const kTestXFOEmbedURI = kTestPath + "file_framing_xfo_embed.html";
+const kTestXFOObjectURI = kTestPath + "file_framing_xfo_object.html";
+
+const errorMessage = `The loading of “http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs” in a frame is denied by “X-Frame-Options“ directive set to “deny“`;
+
+let xfoBlocked = false;
+
+function onXFOMessage(msgObj) {
+ const message = msgObj.message;
+ const logLevel = msgObj.logLevel;
+
+ if (message.includes(errorMessage)) {
+ ok(true, "XFO error message logged");
+ xfoBlocked = true;
+ }
+}
+
+add_task(async function open_test_xfo_embed_blocked() {
+ xfoBlocked = false;
+ await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
+ Services.console.registerListener(onXFOMessage);
+ BrowserTestUtils.loadURI(browser, kTestXFOEmbedURI);
+ await BrowserTestUtils.waitForCondition(() => xfoBlocked == true);
+ Services.console.unregisterListener(onXFOMessage);
+ });
+});
+
+add_task(async function open_test_xfo_object_blocked() {
+ xfoBlocked = false;
+ await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
+ Services.console.registerListener(onXFOMessage);
+ BrowserTestUtils.loadURI(browser, kTestXFOObjectURI);
+ await BrowserTestUtils.waitForCondition(() => xfoBlocked == true);
+ Services.console.unregisterListener(onXFOMessage);
+ });
+});
diff --git a/dom/security/test/general/bug1277803.html b/dom/security/test/general/bug1277803.html
new file mode 100644
index 0000000000..c8033551a0
--- /dev/null
+++ b/dom/security/test/general/bug1277803.html
@@ -0,0 +1,11 @@
+<html>
+
+<head>
+ <link rel='icon' href='favicon_bug1277803.ico'>
+</head>
+
+<body>
+Nothing to see here...
+</body>
+
+</html>
diff --git a/dom/security/test/general/chrome.ini b/dom/security/test/general/chrome.ini
new file mode 100644
index 0000000000..76608b1e26
--- /dev/null
+++ b/dom/security/test/general/chrome.ini
@@ -0,0 +1,10 @@
+[DEFAULT]
+support-files =
+ favicon_bug1277803.ico
+ bug1277803.html
+
+[test_innerhtml_sanitizer.html]
+[test_innerhtml_sanitizer.xhtml]
+[test_bug1277803.xhtml]
+skip-if = os == 'android' || verify
+
diff --git a/dom/security/test/general/closeWindow.sjs b/dom/security/test/general/closeWindow.sjs
new file mode 100644
index 0000000000..996db36f6f
--- /dev/null
+++ b/dom/security/test/general/closeWindow.sjs
@@ -0,0 +1,24 @@
+const BODY = `
+ <script>
+ opener.postMessage("ok!", "*");
+ close();
+ </script>`;
+
+function handleRequest(request, response) {
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString.includes("unset")) {
+ response.setHeader("Set-Cookie", "test=wow", true);
+ }
+
+ if (request.queryString.includes("none")) {
+ response.setHeader("Set-Cookie", "test2=wow2; samesite=none", true);
+ }
+
+ if (request.queryString.includes("lax")) {
+ response.setHeader("Set-Cookie", "test3=wow3; samesite=lax", true);
+ }
+
+ response.write(BODY);
+}
diff --git a/dom/security/test/general/favicon_bug1277803.ico b/dom/security/test/general/favicon_bug1277803.ico
new file mode 100644
index 0000000000..d44438903b
--- /dev/null
+++ b/dom/security/test/general/favicon_bug1277803.ico
Binary files differ
diff --git a/dom/security/test/general/file_FTP_console_warning.html b/dom/security/test/general/file_FTP_console_warning.html
new file mode 100644
index 0000000000..ef711f923f
--- /dev/null
+++ b/dom/security/test/general/file_FTP_console_warning.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+<head>
+ <meta charset="utf-8">
+ <title>FTP subresources</title>
+</head>
+<body>
+ <iframe src="ftp://blocked.test/a.html"></iframe>
+ <iframe srcdoc='<iframe src="ftp://blocked.test/b.html"></iframe>'></iframe>
+ <iframe src='data:text/html,<iframe src="ftp://blocked.test/c.html"></iframe>'></iframe>
+ <img src="ftp://blocked.test/d.png">
+</body>
+</html> \ No newline at end of file
diff --git a/dom/security/test/general/file_assert_systemprincipal_documents.html b/dom/security/test/general/file_assert_systemprincipal_documents.html
new file mode 100644
index 0000000000..2d7ff4d253
--- /dev/null
+++ b/dom/security/test/general/file_assert_systemprincipal_documents.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1543579: Block web documents loading into system land </title>
+</head>
+<body>
+<h1>This page loads documents from the SystemPrincipal (which should be blocked)</h1>
+<iframe type="chrome" id="testframe" src="http://example.com/browser/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html"></iframe>
+</body>
+</html>
+
diff --git a/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html b/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html
new file mode 100644
index 0000000000..704625a1da
--- /dev/null
+++ b/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1543579: Block web documents loading into system land </title>
+</head>
+<body>
+<h1>This is the iframe that should not load.</h1>
+</body>
+</html>
diff --git a/dom/security/test/general/file_block_script_wrong_mime_server.sjs b/dom/security/test/general/file_block_script_wrong_mime_server.sjs
new file mode 100644
index 0000000000..d6d27796cb
--- /dev/null
+++ b/dom/security/test/general/file_block_script_wrong_mime_server.sjs
@@ -0,0 +1,34 @@
+// Custom *.sjs specifically for the needs of:
+// Bug 1288361 - Block scripts with wrong MIME type
+
+"use strict";
+Components.utils.importGlobalProperties(["URLSearchParams"]);
+
+const WORKER = `
+ onmessage = function(event) {
+ postMessage("worker-loaded");
+ };`;
+
+function handleRequest(request, response) {
+ const query = new URLSearchParams(request.queryString);
+
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // Set MIME type
+ response.setHeader("Content-Type", query.get("mime"), false);
+
+ // Deliver response
+ switch (query.get("type")) {
+ case "script":
+ response.write("");
+ break;
+ case "worker":
+ response.write(WORKER);
+ break;
+ case "worker-import":
+ response.write(`importScripts("file_block_script_wrong_mime_server.sjs?type=script&mime=${query.get("mime")}");`);
+ response.write(WORKER);
+ break;
+ }
+}
diff --git a/dom/security/test/general/file_block_subresource_redir_to_data.sjs b/dom/security/test/general/file_block_subresource_redir_to_data.sjs
new file mode 100644
index 0000000000..f8a6e9bf6d
--- /dev/null
+++ b/dom/security/test/general/file_block_subresource_redir_to_data.sjs
@@ -0,0 +1,25 @@
+"use strict";
+
+let SCRIPT_DATA = "alert('this alert should be blocked');";
+let WORKER_DATA = "onmessage = function(event) { postMessage('worker-loaded'); }";
+
+function handleRequest(request, response)
+{
+ const query = request.queryString;
+
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setStatusLine("1.1", 302, "Found");
+
+ if (query === "script" || query === "modulescript") {
+ response.setHeader("Location", "data:text/javascript," + escape(SCRIPT_DATA), false);
+ return;
+ }
+
+ if (query === "worker") {
+ response.setHeader("Location", "data:text/javascript," + escape(WORKER_DATA), false);
+ return;
+ }
+
+ // we should never get here; just in case return something unexpected
+ response.write("do'h");
+}
diff --git a/dom/security/test/general/file_block_toplevel_data_navigation.html b/dom/security/test/general/file_block_toplevel_data_navigation.html
new file mode 100644
index 0000000000..3d83b7ff63
--- /dev/null
+++ b/dom/security/test/general/file_block_toplevel_data_navigation.html
@@ -0,0 +1,17 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Toplevel data navigation</title>
+</head>
+<body>
+test1: clicking data: URI tries to navigate window<br/>
+<!-- postMessage will not be sent if data: URI is blocked -->
+<a id="testlink" href="data:text/html,<body><script
+window.opener.postMessage('test1','*');</script>toplevel data: URI navigations
+should be blocked</body>">click me</a>
+<script>
+ document.getElementById('testlink').click();
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_block_toplevel_data_navigation2.html b/dom/security/test/general/file_block_toplevel_data_navigation2.html
new file mode 100644
index 0000000000..3753d23d31
--- /dev/null
+++ b/dom/security/test/general/file_block_toplevel_data_navigation2.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Toplevel data navigation</title>
+</head>
+<body>
+test2: data: URI in iframe tries to window.open(data:, _blank);<br/>
+<iframe id="testFrame" src=""></iframe>
+<script>
+ // GeckoView displays an error page for invalid navigations,
+ // so catch the security error trying to access the cross-origin error
+ // document and treat that as blocked.
+ let DATA_URI = `data:text/html,<body><script>
+ var win = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>", "_blank");
+ setTimeout(function () {
+ let result = "navigated";
+ try {
+ result = win.document.body.innerHTML === "" ? "blocked" : "navigated";
+ } catch (e) {
+ if (e instanceof DOMException && e.name === "SecurityError") {
+ result = "blocked";
+ } else {
+ throw e;
+ }
+ }
+ parent.postMessage(result, "*");
+ win.close();
+ }, 1000);
+ <\/script></body>`;
+
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ // propagate the information back to the caller
+ window.opener.postMessage(event.data, "*");
+ }
+ document.getElementById('testFrame').src = DATA_URI;
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_block_toplevel_data_navigation3.html b/dom/security/test/general/file_block_toplevel_data_navigation3.html
new file mode 100644
index 0000000000..3743a72034
--- /dev/null
+++ b/dom/security/test/general/file_block_toplevel_data_navigation3.html
@@ -0,0 +1,16 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Toplevel data navigation</title>
+</head>
+<body>
+test3: performing data: URI navigation through win.loc.href<br/>
+<script>
+ // postMessage will not be sent if data: URI is blocked
+ window.location.href = "data:text/html,<body><script>" +
+ "window.opener.postMessage('test3','*');<\/script>toplevel data: URI " +
+ "navigations should be blocked</body>";
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_block_toplevel_data_redirect.sjs b/dom/security/test/general/file_block_toplevel_data_redirect.sjs
new file mode 100644
index 0000000000..64e294cab1
--- /dev/null
+++ b/dom/security/test/general/file_block_toplevel_data_redirect.sjs
@@ -0,0 +1,14 @@
+// Custom *.sjs file specifically for the needs of Bug:
+// Bug 1394554 - Block toplevel data: URI navigations after redirect
+
+var DATA_URI =
+ "<body>toplevel data: URI navigations after redirect should be blocked</body>";
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", "data:text/html," + escape(DATA_URI), false);
+}
diff --git a/dom/security/test/general/file_cache_splitting_isloaded.sjs b/dom/security/test/general/file_cache_splitting_isloaded.sjs
new file mode 100644
index 0000000000..b5eefb5492
--- /dev/null
+++ b/dom/security/test/general/file_cache_splitting_isloaded.sjs
@@ -0,0 +1,36 @@
+/*
+ Helper Server -
+ Send a Request with ?queryResult - response will be the
+ queryString of the next request.
+
+*/
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
+);
+
+function handleRequest(request, response) {
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // save the object state of the initial request, which returns
+ // async once the server has processed the img request.
+ if (request.queryString.includes("wait")) {
+ response.processAsync();
+ setObjectState("wait", response);
+ return;
+ }
+
+ response.write(IMG_BYTES);
+
+ // return the result
+ getObjectState("wait", function(queryResponse) {
+ if (!queryResponse) {
+ return;
+ }
+ queryResponse.write("1");
+ queryResponse.finish();
+ });
+ return;
+}
diff --git a/dom/security/test/general/file_cache_splitting_server.sjs b/dom/security/test/general/file_cache_splitting_server.sjs
new file mode 100644
index 0000000000..da75986f74
--- /dev/null
+++ b/dom/security/test/general/file_cache_splitting_server.sjs
@@ -0,0 +1,27 @@
+function handleRequest(request, response) {
+ var receivedRequests = parseInt(getState("requests"));
+ if (isNaN(receivedRequests)) {
+ receivedRequests = 0;
+ }
+ if (request.queryString.includes("state")) {
+ response.write(receivedRequests);
+ return;
+ }
+ if (request.queryString.includes("flush")) {
+ setState("requests", "0");
+ response.write("OK");
+ return;
+ }
+ response.setHeader("Cache-Control", "max-age=999999"); // Force caching
+ response.setHeader("Content-Type", "text/css");
+ receivedRequests = receivedRequests + 1;
+ setState("requests", "" + receivedRequests);
+ response.write(`
+ .test{
+ color:red;
+ }
+ .test h1{
+ font-size:200px;
+ }
+ `);
+}
diff --git a/dom/security/test/general/file_cache_splitting_window.html b/dom/security/test/general/file_cache_splitting_window.html
new file mode 100644
index 0000000000..2421118e31
--- /dev/null
+++ b/dom/security/test/general/file_cache_splitting_window.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>Document</title>
+ <link rel="stylesheet" href="http://mochi.test:8888/tests/dom/security/test/general/file_cache_splitting_server.sjs">
+</head>
+<body>
+ <h1>HELLO WORLD!</h1>
+
+ <script>
+ window.addEventListener("load",()=>{
+ fetch("file_cache_splitting_isloaded.sjs");
+ });
+ </script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs b/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs
new file mode 100644
index 0000000000..f0084410a2
--- /dev/null
+++ b/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs
@@ -0,0 +1,46 @@
+// custom *.sjs for Bug 1255240
+
+const TEST_FRAME = `
+ <!DOCTYPE HTML>
+ <html>
+ <head><meta charset='utf-8'></head>
+ <body>
+ <a id='testlink' target='innerframe' href='file_contentpolicytype_targeted_link_iframe.sjs?innerframe'>click me</a>
+ <iframe name='innerframe'></iframe>
+ <script type='text/javascript'>
+ var link = document.getElementById('testlink');
+ testlink.click();
+ </script>
+ </body>
+ </html> `;
+
+const INNER_FRAME = `
+ <!DOCTYPE HTML>
+ <html>
+ <head><meta charset='utf-8'></head>
+ hello world!
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setHeader("Content-Type", "text/html", false);
+
+ var queryString = request.queryString;
+
+ if (queryString === "testframe") {
+ response.write(TEST_FRAME);
+ return;
+ }
+
+ if (queryString === "innerframe") {
+ response.write(INNER_FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case
+ // return something unexpected
+ response.write("do'h");
+}
diff --git a/dom/security/test/general/file_data_download.html b/dom/security/test/general/file_data_download.html
new file mode 100644
index 0000000000..4cc92fe8f5
--- /dev/null
+++ b/dom/security/test/general/file_data_download.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Test download attribute for data: URI</title>
+</head>
+<body>
+ <a href="data:text/html,<body>data download</body>" download="data-foo.html" id="testlink">download data</a>
+ <script>
+ // click the link to have the downoad panel appear
+ let testlink = document.getElementById("testlink");
+ testlink.click();
+ </script>
+ </body>
+</html>
diff --git a/dom/security/test/general/file_data_text_csv.html b/dom/security/test/general/file_data_text_csv.html
new file mode 100644
index 0000000000..a9ac369d16
--- /dev/null
+++ b/dom/security/test/general/file_data_text_csv.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Test open data:text/csv</title>
+</head>
+<body>
+ <a href="data:text/csv;foo,bar,foobar" id="testlink">test text/csv</a>
+ <script>
+ // click the link to have the downoad panel appear
+ let testlink = document.getElementById("testlink");
+ testlink.click();
+ </script>
+ </body>
+</html>
diff --git a/dom/security/test/general/file_framing_error_pages.sjs b/dom/security/test/general/file_framing_error_pages.sjs
new file mode 100644
index 0000000000..bf669283cc
--- /dev/null
+++ b/dom/security/test/general/file_framing_error_pages.sjs
@@ -0,0 +1,24 @@
+"use strict";
+
+function handleRequest(request, response) {
+
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setHeader("Content-Type", "text/html", false);
+
+ let query = request.queryString;
+ if (query === "xfo") {
+ response.setHeader("x-frame-options", "deny", false);
+ response.write("<html>xfo test loaded</html>");
+ return;
+ }
+
+ if (query === "csp") {
+ response.setHeader("content-security-policy", "frame-ancestors 'none'", false);
+ response.write("<html>csp test loaded</html>");
+ return;
+ }
+
+ // we should never get here, but just in case
+ // return something unexpected
+ response.write("do'h");
+}
diff --git a/dom/security/test/general/file_framing_error_pages_csp.html b/dom/security/test/general/file_framing_error_pages_csp.html
new file mode 100644
index 0000000000..2817722539
--- /dev/null
+++ b/dom/security/test/general/file_framing_error_pages_csp.html
@@ -0,0 +1,7 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+iframe should be blocked <br/>
+<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?csp" height=800 width=800></iframe>
+</body>
+</html>
diff --git a/dom/security/test/general/file_framing_error_pages_xfo.html b/dom/security/test/general/file_framing_error_pages_xfo.html
new file mode 100644
index 0000000000..95dc649fa4
--- /dev/null
+++ b/dom/security/test/general/file_framing_error_pages_xfo.html
@@ -0,0 +1,7 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+iframe should be blocked <br/>
+<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?xfo" height=800 width=800></iframe>
+</body>
+</html>
diff --git a/dom/security/test/general/file_framing_xfo_embed.html b/dom/security/test/general/file_framing_xfo_embed.html
new file mode 100644
index 0000000000..2083a31a37
--- /dev/null
+++ b/dom/security/test/general/file_framing_xfo_embed.html
@@ -0,0 +1,7 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+ embed should be blocked <br/>
+ <embed src="http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs"></embed>
+</body>
+</html>
diff --git a/dom/security/test/general/file_framing_xfo_embed_object.sjs b/dom/security/test/general/file_framing_xfo_embed_object.sjs
new file mode 100644
index 0000000000..56616b7930
--- /dev/null
+++ b/dom/security/test/general/file_framing_xfo_embed_object.sjs
@@ -0,0 +1,7 @@
+"use strict";
+
+function handleRequest(request, response) {
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setHeader("x-frame-options", "deny", false);
+ response.write("<html>doc with x-frame-options: deny</html>");
+}
diff --git a/dom/security/test/general/file_framing_xfo_object.html b/dom/security/test/general/file_framing_xfo_object.html
new file mode 100644
index 0000000000..1bb79a67f5
--- /dev/null
+++ b/dom/security/test/general/file_framing_xfo_object.html
@@ -0,0 +1,7 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+ object should be blocked <br/>
+ <object data="http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs"></object>
+</body>
+</html>
diff --git a/dom/security/test/general/file_nosniff_navigation.sjs b/dom/security/test/general/file_nosniff_navigation.sjs
new file mode 100644
index 0000000000..8d1de13828
--- /dev/null
+++ b/dom/security/test/general/file_nosniff_navigation.sjs
@@ -0,0 +1,32 @@
+// Custom *.sjs file specifically for the needs of Bug 1286861
+
+// small red image
+const IMG = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+function getSniffableContent(selector){
+ switch(selector){
+ case "xml":
+ return `<?xml version="1.0"?><test/>`;
+ case "html":
+ return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`;
+ case "css":
+ return `*{ color: pink !important; }`;
+ case 'json':
+ return `{ 'test':'yes' }`;
+ case 'img':
+ return IMG;
+ }
+ return "Basic UTF-8 Text";
+}
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing
+ response.setHeader("Content-Type","*/*"); // Try Browser to force sniffing.
+ response.write(getSniffableContent(request.queryString));
+ return;
+}
+
diff --git a/dom/security/test/general/file_nosniff_navigation_garbage.sjs b/dom/security/test/general/file_nosniff_navigation_garbage.sjs
new file mode 100644
index 0000000000..726c6ecf9e
--- /dev/null
+++ b/dom/security/test/general/file_nosniff_navigation_garbage.sjs
@@ -0,0 +1,33 @@
+// Custom *.sjs file specifically for the needs of Bug 1286861
+
+// small red image
+const IMG = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+function getSniffableContent(selector){
+ switch(selector){
+ case "xml":
+ return `<?xml version="1.0"?><test/>`;
+ case "html":
+ return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`;
+ case 'js':
+ return `<script> alert("This shouldt not be executed"); </script>`
+ case "css":
+ return `*{ color: pink !important; }`;
+ case 'json':
+ return `{ 'test':'yes' }`;
+ case 'img':
+ return IMG;
+ }
+ return "Basic UTF-8 Text";
+}
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing
+ response.setHeader("Content-Type","garbage/garbage"); // Try Browser to force sniffing.
+ response.write(getSniffableContent(request.queryString));
+ return;
+}
diff --git a/dom/security/test/general/file_nosniff_navigation_mismatch.sjs b/dom/security/test/general/file_nosniff_navigation_mismatch.sjs
new file mode 100644
index 0000000000..3b34389c4b
--- /dev/null
+++ b/dom/security/test/general/file_nosniff_navigation_mismatch.sjs
@@ -0,0 +1,33 @@
+// Custom *.sjs file specifically for the needs of Bug 1286861
+
+// small red image
+const IMG = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+function getSniffableContent(selector){
+ switch(selector){
+ case "xml":
+ return `<?xml version="1.0"?><test/>`;
+ case "html":
+ return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`;
+ case 'js':
+ return `<script> alert("This shouldt not be executed"); </script>`
+ case "css":
+ return `*{ color: pink !important; }`;
+ case 'json':
+ return `{ 'test':'yes' }`;
+ case 'img':
+ return IMG;
+ }
+ return "Basic UTF-8 Text";
+}
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing
+ response.setHeader("Content-Type","image/png"); // Send a wrong mime type
+ response.write(getSniffableContent(request.queryString));
+ return;
+}
diff --git a/dom/security/test/general/file_nosniff_testserver.sjs b/dom/security/test/general/file_nosniff_testserver.sjs
new file mode 100644
index 0000000000..0cf168a3c7
--- /dev/null
+++ b/dom/security/test/general/file_nosniff_testserver.sjs
@@ -0,0 +1,60 @@
+"use strict";
+Components.utils.importGlobalProperties(["URLSearchParams"]);
+
+const SCRIPT = "var foo = 24;";
+const CSS = "body { background-color: green; }";
+
+// small red image
+const IMG = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+function handleRequest(request, response) {
+ const query = new URLSearchParams(request.queryString);
+
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // set the nosniff header
+ response.setHeader("X-Content-Type-Options", " NoSniFF , foo ", false);
+
+ if (query.has("cssCorrectType")) {
+ response.setHeader("Content-Type", "teXt/cSs", false);
+ response.write(CSS);
+ return;
+ }
+
+ if (query.has("cssWrongType")) {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write(CSS);
+ return;
+ }
+
+ if (query.has("scriptCorrectType")) {
+ response.setHeader("Content-Type", "appLIcation/jAvaScriPt;blah", false);
+ response.write(SCRIPT);
+ return;
+ }
+
+ if (query.has("scriptWrongType")) {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write(SCRIPT);
+ return;
+ }
+
+ if (query.has("imgCorrectType")) {
+ response.setHeader("Content-Type", "iMaGe/pnG;blah", false);
+ response.write(IMG);
+ return;
+ }
+
+ if (query.has("imgWrongType")) {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write(IMG);
+ return;
+ }
+
+ // we should never get here, but just in case
+ response.setHeader("Content-Type", "text/html", false);
+ response.write("do'h");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_about.sjs b/dom/security/test/general/file_same_site_cookies_about.sjs
new file mode 100644
index 0000000000..877ce7024a
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_about.sjs
@@ -0,0 +1,89 @@
+// Custom *.sjs file specifically for the needs of Bug 1454721
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const IFRAME_INC =
+ `<iframe src='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?inclusion'></iframe>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // using startsWith and discard the math random
+ if (request.queryString.startsWith("setSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=mySameSiteAboutCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ // navigation tests
+ if (request.queryString.includes("loadsrcdocframeNav")) {
+ let FRAME = `
+ <iframe srcdoc="foo"
+ onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'">
+ </iframe>`;
+ response.write(FRAME);
+ return;
+ }
+
+ if (request.queryString.includes("loadblankframeNav")) {
+ let FRAME = `
+ <iframe src="about:blank"
+ onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'">
+ </iframe>`;
+ response.write(FRAME);
+ return;
+ }
+
+ // inclusion tets
+ if (request.queryString.includes("loadsrcdocframeInc")) {
+ response.write("<iframe srcdoc=\"" + IFRAME_INC + "\"></iframe>");
+ return;
+ }
+
+ if (request.queryString.includes("loadblankframeInc")) {
+ let FRAME = `
+ <iframe id="blankframe" src="about:blank"></iframe>
+ <script>
+ document.getElementById("blankframe").contentDocument.write(\"` + IFRAME_INC +`\");
+ <\/script>`;
+ response.write(FRAME);
+ return;
+ }
+
+ if (request.queryString.includes("navigation")) {
+ const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : "";
+ response.write(`
+ <!DOCTYPE html>
+ <html>
+ <body>
+ <script type="application/javascript">
+ window.parent.postMessage({result: "${cookies}" }, '*');
+ </script>
+ </body>
+ </html>
+ `);
+ }
+
+ if (request.queryString.includes("inclusion")) {
+ const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : "";
+ response.write(`
+ <!DOCTYPE html>
+ <html>
+ <body>
+ <script type="application/javascript">
+ window.parent.parent.parent.postMessage({result: "${cookies}" }, '*');
+ </script>
+ </body>
+ </html>
+ `);
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html b/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html
new file mode 100644
index 0000000000..b3456f0b90
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html
@@ -0,0 +1,34 @@
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script type="application/javascript">
+
+ // simply passing on the message from the child to parent
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ window.parent.postMessage({result: event.data.result}, '*');
+ }
+
+ const NESTED_IFRAME_INCLUSION = `
+ <html>
+ <body>
+ <script type="application/javascript">
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ window.parent.postMessage({result: event.data.result}, '*');
+ }
+ <\/script>
+ <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe>
+ </body>
+ </html>`;
+
+ let NESTED_BLOB_IFRAME_INCLUSION = new Blob([NESTED_IFRAME_INCLUSION], {type:'text/html'});
+
+ // query the testframe and set blob URL
+ let testframe = document.getElementById("testframe");
+ testframe.src = window.URL.createObjectURL(NESTED_BLOB_IFRAME_INCLUSION);
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html b/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html
new file mode 100644
index 0000000000..815c6a6bfc
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html
@@ -0,0 +1,30 @@
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script type="application/javascript">
+
+ // simply passing on the message from the child to parent
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ window.parent.postMessage({result: event.data.result}, '*');
+ }
+
+ const NESTED_IFRAME_NAVIGATION = `
+ <html>
+ <body>
+ <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a>
+ <script type="application/javascript">
+ let link = document.getElementById("testlink");
+ link.click();
+ <\/script>
+ </body>
+ </html>`;
+ let NESTED_BLOB_IFRAME_NAVIGATION = new Blob([NESTED_IFRAME_NAVIGATION], {type:'text/html'});
+
+ // query the testframe and set blob URL
+ let testframe = document.getElementById("testframe");
+ testframe.src = window.URL.createObjectURL(NESTED_BLOB_IFRAME_NAVIGATION);
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs
new file mode 100644
index 0000000000..560a6c3f21
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs
@@ -0,0 +1,50 @@
+// Custom *.sjs file specifically for the needs of Bug 1452496
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ let cookie = document.cookie;
+ // now reset the cookie for the next test
+ document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT";
+ window.parent.postMessage({result: cookie}, 'http://mochi.test:8888');
+ </script>
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString.includes("setSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString.includes("setRegularCookie")) {
+ response.setHeader("Set-Cookie", "myKey=regularCookie;", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString.includes("loadFrame")) {
+ response.write(FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_from_script.sjs b/dom/security/test/general/file_same_site_cookies_from_script.sjs
new file mode 100644
index 0000000000..c4818df812
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_from_script.sjs
@@ -0,0 +1,49 @@
+// Custom *.sjs file specifically for the needs of Bug 1452496
+
+const SET_COOKIE_FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ document.cookie = "myKey=sameSiteCookieInlineScript;SameSite=strict";
+ </script>
+ </body>
+ </html>`;
+
+const GET_COOKIE_FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ let cookie = document.cookie;
+ // now reset the cookie for the next test
+ document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT";
+ window.parent.postMessage({result: cookie}, 'http://mochi.test:8888');
+ </script>
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString.includes("setSameSiteCookieUsingInlineScript")) {
+ response.write(SET_COOKIE_FRAME);
+ return;
+ }
+
+ if (request.queryString.includes("getCookieFrame")) {
+ response.write(GET_COOKIE_FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_iframe.sjs b/dom/security/test/general/file_same_site_cookies_iframe.sjs
new file mode 100644
index 0000000000..d919250392
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_iframe.sjs
@@ -0,0 +1,85 @@
+// Custom *.sjs file specifically for the needs of Bug 1454027
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const NESTED_IFRAME_NAVIGATION = `
+ <html>
+ <body>
+ <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a>
+ <script type="application/javascript">
+ let link = document.getElementById("testlink");
+ link.click();
+ <\/script>
+ </body>
+ </html>`;
+
+const NESTED_IFRAME_INCLUSION = `
+ <html>
+ <body>
+ <script type="application/javascript">
+ // simply passing on the message from the child to parent
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ window.parent.postMessage({result: event.data.result}, '*');
+ }
+ <\/script>
+ <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe>
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ // using startsWith and discard the math random
+ if (request.queryString.startsWith("setSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=mySameSiteIframeTestCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ // navigation tests
+ if (request.queryString === "nestedIframeNavigation") {
+ response.write(NESTED_IFRAME_NAVIGATION);
+ return;
+ }
+
+ if (request.queryString === "nestedSandboxIframeNavigation") {
+ response.setHeader("Content-Security-Policy", "sandbox allow-scripts", false);
+ response.write(NESTED_IFRAME_NAVIGATION);
+ return;
+ }
+
+ // inclusion tests
+ if (request.queryString === "nestedIframeInclusion") {
+ response.write(NESTED_IFRAME_INCLUSION);
+ return;
+ }
+
+ if (request.queryString === "nestedSandboxIframeInclusion") {
+ response.setHeader("Content-Security-Policy", "sandbox allow-scripts", false);
+ response.write(NESTED_IFRAME_INCLUSION);
+ return;
+ }
+
+ const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : "";
+ response.write(`
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1454027 - Update SameSite cookie handling inside iframes</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ window.parent.postMessage({result: "${cookies}" }, '*');
+ </script>
+ </body>
+ </html>
+ `);
+}
diff --git a/dom/security/test/general/file_same_site_cookies_redirect.sjs b/dom/security/test/general/file_same_site_cookies_redirect.sjs
new file mode 100644
index 0000000000..7e4d0a0532
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_redirect.sjs
@@ -0,0 +1,90 @@
+// Custom *.sjs file specifically for the needs of Bug 1453814
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1453814 - Do not allow same-site cookies for cross origin redirect</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ let cookie = document.cookie;
+ // now reset the cookie for the next test
+ document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT";
+ window.parent.postMessage({result: cookie}, 'http://mochi.test:8888');
+ </script>
+ </body>
+ </html>`;
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs";
+
+const FRAME_META_REFRESH_SAME = `
+ <html><head>
+ <meta http-equiv="refresh" content="0;
+ url='` + SAME_ORIGIN + PATH + `?loadFrame'">
+ </head></html>`;
+
+const FRAME_META_REFRESH_CROSS = `
+ <html><head>
+ <meta http-equiv="refresh" content="0;
+ url='` + CROSS_ORIGIN + PATH + `?loadFrame'">
+ </head></html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString === "setSameSiteCookie") {
+ response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString === "sameToSameRedirect") {
+ let URL = SAME_ORIGIN + PATH + "?loadFrame";
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", URL, false);
+ return;
+ }
+
+ if (request.queryString === "sameToCrossRedirect") {
+ let URL = CROSS_ORIGIN + PATH + "?loadFrame";
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", URL, false);
+ return;
+ }
+
+ if (request.queryString === "crossToSameRedirect") {
+ let URL = SAME_ORIGIN + PATH + "?loadFrame";
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", URL, false);
+ return;
+ }
+
+ if (request.queryString === "sameToCrossRedirectMeta") {
+ response.write(FRAME_META_REFRESH_CROSS);
+ return;
+ }
+
+ if (request.queryString === "crossToSameRedirectMeta") {
+ response.write(FRAME_META_REFRESH_SAME);
+ return;
+ }
+
+ if (request.queryString === "loadFrame") {
+ response.write(FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_subrequest.sjs b/dom/security/test/general/file_same_site_cookies_subrequest.sjs
new file mode 100644
index 0000000000..0f663c5836
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_subrequest.sjs
@@ -0,0 +1,75 @@
+// Custom *.sjs file specifically for the needs of Bug 1286861
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1286861 - Add support for same site cookies</title>
+ </head>
+ <body>
+ <img src = "http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_subrequest.sjs?checkCookie">
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString.includes("setStrictSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString.includes("setLaxSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ // save the object state of the initial request, which returns
+ // async once the server has processed the img request.
+ if (request.queryString.includes("queryresult")) {
+ response.processAsync();
+ setObjectState("queryResult", response);
+ return;
+ }
+
+ if (request.queryString.includes("loadFrame")) {
+ response.write(FRAME);
+ return;
+ }
+
+ if (request.queryString.includes("checkCookie")) {
+ var cookie = "unitialized";
+ if (request.hasHeader("Cookie")) {
+ cookie = request.getHeader("Cookie");
+ }
+ else {
+ cookie = "myKey=noCookie";
+ }
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+
+ // return the result
+ getObjectState("queryResult", function(queryResponse) {
+ if (!queryResponse) {
+ return;
+ }
+ queryResponse.write(cookie);
+ queryResponse.finish();
+ });
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs b/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs
new file mode 100644
index 0000000000..c21b219acf
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs
@@ -0,0 +1,89 @@
+// Custom *.sjs file specifically for the needs of Bug 1286861
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const FRAME = `
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Bug 1286861 - Add support for same site cookies</title>
+ </head>
+ <body>
+ <script type="application/javascript">
+ let myWin = window.open("http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs?loadWin");
+ </script>
+ </body>
+ </html>`;
+
+const WIN = `
+ <!DOCTYPE html>
+ <html>
+ <body>
+ just a dummy window
+ <script>
+ window.addEventListener("load",()=>{
+ window.close();
+ });
+ </script>
+ </body>
+ </html>`;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString.includes("setStrictSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString.includes("setLaxSameSiteCookie")) {
+ response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ // save the object state of the initial request, which returns
+ // async once the server has processed the img request.
+ if (request.queryString.includes("queryresult")) {
+ response.processAsync();
+ setObjectState("queryResult", response);
+ return;
+ }
+
+ if (request.queryString.includes("loadFrame")) {
+ response.write(FRAME);
+ return;
+ }
+
+ if (request.queryString.includes("loadWin")) {
+ var cookie = "unitialized";
+ if (request.hasHeader("Cookie")) {
+ cookie = request.getHeader("Cookie");
+ }
+ else {
+ cookie = "myKey=noCookie";
+ }
+ response.write(WIN);
+
+ // return the result
+ getObjectState("queryResult", function(queryResponse) {
+ if (!queryResponse) {
+ return;
+ }
+ queryResponse.write(cookie);
+ queryResponse.finish();
+ });
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs b/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs
new file mode 100644
index 0000000000..1643aa857b
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs
@@ -0,0 +1,64 @@
+// Custom *.sjs file specifically for the needs of Bug 1454242
+
+const WIN = `
+ <html>
+ <body>
+ <script type="application/javascript">
+ let newWin = window.open("http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs?loadWinAndSetCookie");
+ newWin.onload = function() {
+ newWin.close();
+ }
+ </script>
+ </body>
+ </html>`;
+
+const DUMMY_WIN = `
+ <html>
+ <body>
+ just a dummy window that sets a same-site=lax cookie
+ <script type="application/javascript">
+ window.opener.opener.postMessage({value: 'testSetupComplete'}, '*');
+ </script>
+ </body>
+ </html>`;
+
+const FRAME = `
+ <html>
+ <body>
+ <script type="application/javascript">
+ let cookie = document.cookie;
+ // now reset the cookie for the next test
+ document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT";
+ window.parent.postMessage({value: cookie}, 'http://mochi.test:8888');
+ </script>
+ </body>
+ </html>`;
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs";
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString === "loadWin") {
+ response.write(WIN);
+ return;
+ }
+
+ if (request.queryString === "loadWinAndSetCookie") {
+ response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true);
+ response.write(DUMMY_WIN);
+ return;
+ }
+
+ if (request.queryString === "checkCookie") {
+ response.write(FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/file_sec_fetch_websocket_wsh.py b/dom/security/test/general/file_sec_fetch_websocket_wsh.py
new file mode 100644
index 0000000000..b7159c742b
--- /dev/null
+++ b/dom/security/test/general/file_sec_fetch_websocket_wsh.py
@@ -0,0 +1,6 @@
+def web_socket_do_extra_handshake(request):
+ pass
+
+
+def web_socket_transfer_data(request):
+ pass
diff --git a/dom/security/test/general/file_toplevel_data_meta_redirect.html b/dom/security/test/general/file_toplevel_data_meta_redirect.html
new file mode 100644
index 0000000000..e94a61ed48
--- /dev/null
+++ b/dom/security/test/general/file_toplevel_data_meta_redirect.html
@@ -0,0 +1,10 @@
+<html>
+<body>
+<head>
+ <meta http-equiv="refresh"
+ content="0; url='data:text/html,<body>toplevel meta redirect to data: URI should be blocked</body>'">
+</head>
+<body>
+Meta Redirect to data: URI
+</body>
+</html>
diff --git a/dom/security/test/general/file_toplevel_data_navigations.sjs b/dom/security/test/general/file_toplevel_data_navigations.sjs
new file mode 100644
index 0000000000..501b833e5d
--- /dev/null
+++ b/dom/security/test/general/file_toplevel_data_navigations.sjs
@@ -0,0 +1,14 @@
+// Custom *.sjs file specifically for the needs of Bug:
+// Bug 1394554 - Block toplevel data: URI navigations after redirect
+
+var DATA_URI =
+ "data:text/html,<body>toplevel data: URI navigations after redirect should be blocked</body>";
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", DATA_URI, false);
+}
diff --git a/dom/security/test/general/file_view_bg_image_data_navigation.html b/dom/security/test/general/file_view_bg_image_data_navigation.html
new file mode 100644
index 0000000000..d9aa6ca8b6
--- /dev/null
+++ b/dom/security/test/general/file_view_bg_image_data_navigation.html
@@ -0,0 +1,16 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1658244: Test navigation for right-click view-bg-image on ");
+ color: #ccc;
+}
+</style>
+</head>
+<body id="testbody">
+ This page has an inline SVG image as a background.
+</body>
+</html>
diff --git a/dom/security/test/general/file_view_image_data_navigation.html b/dom/security/test/general/file_view_image_data_navigation.html
new file mode 100644
index 0000000000..a3f9acfb4d
--- /dev/null
+++ b/dom/security/test/general/file_view_image_data_navigation.html
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1407891: Test navigation for right-click view-image on "></img>
+
+</body>
+</html>
diff --git a/dom/security/test/general/file_xfo_error_page.sjs b/dom/security/test/general/file_xfo_error_page.sjs
new file mode 100644
index 0000000000..b1fa33cbd4
--- /dev/null
+++ b/dom/security/test/general/file_xfo_error_page.sjs
@@ -0,0 +1,8 @@
+"use strict";
+
+function handleRequest(request, response) {
+ response.setHeader("Cache-Control", "no-cache", false);
+ response.setHeader("Content-Type", "text/html", false);
+ response.setHeader("x-frame-options", "deny", false);
+ response.write("<html>xfo test loaded</html>");
+}
diff --git a/dom/security/test/general/mochitest.ini b/dom/security/test/general/mochitest.ini
new file mode 100644
index 0000000000..b6ebeae148
--- /dev/null
+++ b/dom/security/test/general/mochitest.ini
@@ -0,0 +1,66 @@
+[DEFAULT]
+support-files =
+ file_contentpolicytype_targeted_link_iframe.sjs
+ file_nosniff_testserver.sjs
+ file_nosniff_navigation.sjs
+ file_nosniff_navigation_mismatch.sjs
+ file_nosniff_navigation_garbage.sjs
+ file_block_script_wrong_mime_server.sjs
+ file_block_toplevel_data_navigation.html
+ file_block_toplevel_data_navigation2.html
+ file_block_toplevel_data_navigation3.html
+ file_block_toplevel_data_redirect.sjs
+ file_block_subresource_redir_to_data.sjs
+ file_same_site_cookies_subrequest.sjs
+ file_same_site_cookies_toplevel_nav.sjs
+ file_same_site_cookies_cross_origin_context.sjs
+ file_same_site_cookies_from_script.sjs
+ file_same_site_cookies_redirect.sjs
+ file_same_site_cookies_toplevel_set_cookie.sjs
+ file_same_site_cookies_blob_iframe_navigation.html
+ file_same_site_cookies_blob_iframe_inclusion.html
+ file_same_site_cookies_iframe.sjs
+ file_same_site_cookies_about.sjs
+ file_cache_splitting_server.sjs
+ file_cache_splitting_isloaded.sjs
+ file_cache_splitting_window.html
+ window_nosniff_navigation.html
+
+
+[test_contentpolicytype_targeted_link_iframe.html]
+[test_nosniff.html]
+[test_cache_split.html]
+[test_nosniff_navigation.html]
+[test_block_script_wrong_mime.html]
+[test_block_toplevel_data_navigation.html]
+[test_block_toplevel_data_img_navigation.html]
+[test_allow_opening_data_pdf.html]
+skip-if = toolkit == 'android' # no pdf reader on Android
+[test_allow_opening_data_json.html]
+[test_block_subresource_redir_to_data.html]
+[test_same_site_cookies_subrequest.html]
+fail-if = xorigin # Cookies set incorrectly
+[test_same_site_cookies_toplevel_nav.html]
+fail-if = xorigin
+[test_same_site_cookies_cross_origin_context.html]
+[test_same_site_cookies_from_script.html]
+fail-if = xorigin
+[test_same_site_cookies_redirect.html]
+fail-if = xorigin
+[test_same_site_cookies_toplevel_set_cookie.html]
+fail-if = xorigin # Cookies not set
+[test_same_site_cookies_iframe.html]
+fail-if = xorigin
+[test_same_site_cookies_about.html]
+fail-if = xorigin
+[test_assert_about_page_no_csp.html]
+skip-if = !debug
+[test_same_site_cookies_laxByDefault.html]
+skip-if = debug
+support-files = closeWindow.sjs
+[test_xfo_error_page.html]
+support-files = file_xfo_error_page.sjs
+[test_sec_fetch_websocket.html]
+skip-if = toolkit == 'android' # no websocket support Bug 982828
+support-files = file_sec_fetch_websocket_wsh.py
+[test_bug1450853.html] \ No newline at end of file
diff --git a/dom/security/test/general/test_allow_opening_data_json.html b/dom/security/test/general/test_allow_opening_data_json.html
new file mode 100644
index 0000000000..4b37931e1f
--- /dev/null
+++ b/dom/security/test/general/test_allow_opening_data_json.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1403814: Allow toplevel data URI navigation data:application/json</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+function test_toplevel_data_json() {
+ const DATA_JSON = "data:application/json,{'my_json_key':'my_json_value'}";
+
+ let win = window.open(DATA_JSON);
+ let wrappedWin = SpecialPowers.wrap(win);
+
+ // Unfortunately we can't detect whether the JSON has loaded or not using some
+ // event, hence we are constantly polling location.href till we see that
+ // the data: URI appears. Test times out on failure.
+ var jsonLoaded = setInterval(function() {
+ if (wrappedWin.document.location.href.startsWith("data:application/json")) {
+ clearInterval(jsonLoaded);
+ ok(true, "navigating to data:application/json allowed");
+ wrappedWin.close();
+ SimpleTest.finish();
+ }
+ }, 200);
+}
+
+SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]]
+}, test_toplevel_data_json);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_allow_opening_data_pdf.html b/dom/security/test/general/test_allow_opening_data_pdf.html
new file mode 100644
index 0000000000..007b3e8801
--- /dev/null
+++ b/dom/security/test/general/test_allow_opening_data_pdf.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1398692: Allow toplevel navigation to a data:application/pdf</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+function test_toplevel_data_pdf() {
+ // The PDF contains one page and it is a 3/72" square, the minimum allowed by the spec
+ const DATA_PDF =
+ "data:application/pdf;base64,JVBERi0xLjANCjEgMCBvYmo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFI+PmVuZG9iaiAyIDAgb2JqPDwvVHlwZS9QYWdlcy9LaWRzWzMgMCBSXS9Db3VudCAxPj5lbmRvYmogMyAwIG9iajw8L1R5cGUvUGFnZS9NZWRpYUJveFswIDAgMyAzXT4+ZW5kb2JqDQp4cmVmDQowIDQNCjAwMDAwMDAwMDAgNjU1MzUgZg0KMDAwMDAwMDAxMCAwMDAwMCBuDQowMDAwMDAwMDUzIDAwMDAwIG4NCjAwMDAwMDAxMDIgMDAwMDAgbg0KdHJhaWxlcjw8L1NpemUgNC9Sb290IDEgMCBSPj4NCnN0YXJ0eHJlZg0KMTQ5DQolRU9G";
+
+ let win = window.open(DATA_PDF);
+ let wrappedWin = SpecialPowers.wrap(win);
+
+ // Unfortunately we can't detect whether the PDF has loaded or not using some
+ // event, hence we are constantly polling location.href till we see that
+ // the data: URI appears. Test times out on failure.
+ var pdfLoaded = setInterval(function() {
+ if (wrappedWin.document.location.href.startsWith("data:application/pdf")) {
+ clearInterval(pdfLoaded);
+ ok(true, "navigating to data:application/pdf allowed");
+ wrappedWin.close();
+ SimpleTest.finish();
+ }
+ }, 200);
+}
+
+SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", true]]
+}, test_toplevel_data_pdf);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_assert_about_page_no_csp.html b/dom/security/test/general/test_assert_about_page_no_csp.html
new file mode 100644
index 0000000000..06be4ce460
--- /dev/null
+++ b/dom/security/test/general/test_assert_about_page_no_csp.html
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1490977: Test Assertion if content privileged about: page has no CSP</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe id="testframe"></iframe>
+<script class="testbody" type="text/javascript">
+
+ // Test Setup: The test overrules the allowlist of about: pages that are allowed to load
+ // without a CSP and makes sure to hit the assertion within AssertAboutPageHasCSP().
+
+ SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", true);
+
+ SimpleTest.waitForExplicitFinish();
+ SimpleTest.expectAssertions(0, 1);
+
+ ok(true, "sanity: prefs flipped and test runs");
+ let myFrame = document.getElementById("testframe");
+ myFrame.src = "about:blank";
+ // booom :-)
+
+ SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", false);
+ SimpleTest.finish();
+</script>
+</pre>
+</body>
+</html>
diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html
new file mode 100644
index 0000000000..93a4b9d220
--- /dev/null
+++ b/dom/security/test/general/test_block_script_wrong_mime.html
@@ -0,0 +1,92 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1288361 - Block scripts with incorrect MIME type</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<script class="testbody" type="text/javascript">
+
+const MIMETypes = [
+ ["application/javascript", true],
+ ["text/javascript", true],
+
+ ["audio/mpeg", false],
+ ["audio/", false],
+ ["image/jpeg", false],
+ ["image/", false],
+ ["video/mpeg", false],
+ ["video/", false],
+ ["text/csv", false],
+];
+
+// <script src="">
+function testScript([mime, shouldLoad]) {
+ return new Promise((resolve, reject) => {
+ let script = document.createElement("script");
+ script.onload = () => {
+ document.body.removeChild(script);
+ ok(shouldLoad, `script with mime '${mime}' should load`);
+ resolve();
+ };
+ script.onerror = () => {
+ document.body.removeChild(script);
+ ok(!shouldLoad, `script with wrong mime '${mime}' should be blocked`);
+ resolve();
+ };
+ script.src = "file_block_script_wrong_mime_server.sjs?type=script&mime="+mime;
+ document.body.appendChild(script);
+ });
+}
+
+// new Worker()
+function testWorker([mime, shouldLoad]) {
+ return new Promise((resolve, reject) => {
+ let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime);
+ worker.onmessage = (event) => {
+ ok(shouldLoad, `worker with mime '${mime}' should load`)
+ is(event.data, "worker-loaded", "worker should send correct message");
+ resolve();
+ };
+ worker.onerror = (error) => {
+ ok(!shouldLoad, `worker with wrong mime '${mime}' should be blocked`);
+ error.preventDefault();
+ resolve();
+ }
+ worker.postMessage("dummy");
+ });
+}
+
+// new Worker() with importScripts()
+function testWorkerImportScripts([mime, shouldLoad]) {
+ return new Promise((resolve, reject) => {
+ let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime);
+ worker.onmessage = (event) => {
+ ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`)
+ is(event.data, "worker-loaded", "worker should send correct message");
+ resolve();
+ };
+ worker.onerror = (error) => {
+ ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`);
+ error.preventDefault();
+ resolve();
+ }
+ worker.postMessage("dummy");
+ });
+}
+
+SimpleTest.waitForExplicitFinish();
+Promise.all(MIMETypes.map(testScript)).then(() => {
+ return Promise.all(MIMETypes.map(testWorker));
+}).then(() => {
+ return Promise.all(MIMETypes.map(testWorkerImportScripts));
+}).then(() => {
+ return SpecialPowers.popPrefEnv();
+}).then(SimpleTest.finish);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_block_subresource_redir_to_data.html b/dom/security/test/general/test_block_subresource_redir_to_data.html
new file mode 100644
index 0000000000..eafb6b5d83
--- /dev/null
+++ b/dom/security/test/general/test_block_subresource_redir_to_data.html
@@ -0,0 +1,68 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1428793: Block insecure redirects to data: URIs</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<script id="testScriptRedirectToData"></script>
+<script id="testModuleScriptRedirectToData" type="module"></script>
+
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+const NUM_TESTS = 3;
+
+var testCounter = 0;
+function checkFinish() {
+ testCounter++;
+ if (testCounter === NUM_TESTS) {
+ SimpleTest.finish();
+ }
+}
+
+// --- test regular scripts
+let testScriptRedirectToData = document.getElementById("testScriptRedirectToData");
+testScriptRedirectToData.onerror = function() {
+ ok(true, "script that redirects to data: URI should not load");
+ checkFinish();
+}
+testScriptRedirectToData.onload = function() {
+ ok(false, "script that redirects to data: URI should not load");
+ checkFinish();
+}
+testScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?script";
+
+// --- test workers
+let worker = new Worker("file_block_subresource_redir_to_data.sjs?worker");
+worker.onerror = function() {
+ // please note that workers need to be same origin, hence the data: URI
+ // redirect is blocked by worker code and not the content security manager!
+ ok(true, "worker script that redirects to data: URI should not load");
+ checkFinish();
+}
+worker.onmessage = function() {
+ ok(false, "worker script that redirects to data: URI should not load");
+ checkFinish();
+};
+worker.postMessage("dummy");
+
+// --- test script modules
+SpecialPowers.pushPrefEnv({set: [["dom.moduleScripts.enabled", true]]}, function() {
+ let testModuleScriptRedirectToData = document.getElementById("testModuleScriptRedirectToData");
+ testModuleScriptRedirectToData.onerror = function() {
+ ok(true, "module script that redirects to data: URI should not load");
+ checkFinish();
+ }
+ testModuleScriptRedirectToData.onload = function() {
+ ok(false, "module script that redirects to data: URI should not load");
+ checkFinish();
+ }
+ testModuleScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?modulescript";
+});
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_block_toplevel_data_img_navigation.html b/dom/security/test/general/test_block_toplevel_data_img_navigation.html
new file mode 100644
index 0000000000..07e46b1f2f
--- /dev/null
+++ b/dom/security/test/general/test_block_toplevel_data_img_navigation.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1396798: Do not block toplevel data: navigation to image (except svgs)</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true);
+SimpleTest.registerCleanupFunction(() => {
+ SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations");
+});
+
+SimpleTest.waitForExplicitFinish();
+SimpleTest.requestFlakyTimeout("have to test that top level data:image loading is blocked/allowed");
+
+function test_toplevel_data_image() {
+ const DATA_PNG =
+ "";
+ let win1 = window.open(DATA_PNG);
+ let wrappedWin1 = SpecialPowers.wrap(win1);
+ setTimeout(function () {
+ let images = wrappedWin1.document.getElementsByTagName('img');
+ is(images.length, 1, "Loading data:image/png should be allowed");
+ is(images[0].src, DATA_PNG, "Sanity: img src matches");
+ wrappedWin1.close();
+ test_toplevel_data_image_svg();
+ }, 1000);
+}
+
+function test_toplevel_data_image_svg() {
+ const DATA_SVG =
+ "";
+ let win2 = window.open(DATA_SVG);
+ // Unfortunately we can't detect whether the window was closed using some event,
+ // hence we are constantly polling till we see that win == null.
+ // Test times out on failure.
+ var win2Closed = setInterval(function() {
+ if (win2 == null || win2.closed) {
+ clearInterval(win2Closed);
+ ok(true, "Loading data:image/svg+xml should be blocked");
+ SimpleTest.finish();
+ }
+ }, 200);
+}
+// fire up the tests
+test_toplevel_data_image();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_block_toplevel_data_navigation.html b/dom/security/test/general/test_block_toplevel_data_navigation.html
new file mode 100644
index 0000000000..54105f4196
--- /dev/null
+++ b/dom/security/test/general/test_block_toplevel_data_navigation.html
@@ -0,0 +1,148 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1331351 - Block top level window data: URI navigations</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true);
+SimpleTest.registerCleanupFunction(() => {
+ SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations");
+});
+
+SimpleTest.waitForExplicitFinish();
+SimpleTest.requestFlakyTimeout("have to test that top level data: URI navgiation is blocked");
+
+var testsToRun = {
+ test1: false,
+ test3: false,
+};
+
+// test1 and test3 event messages will not be received if toplevel data: URI
+// is blocked.
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ switch (event.data) {
+ case "test1":
+ testsToRun.test1 = true;
+ break;
+ case "test3":
+ testsToRun.test3 = true;
+ break;
+ }
+}
+
+function test1() {
+ // simple data: URI click navigation should be prevented
+ let TEST_FILE = "file_block_toplevel_data_navigation.html";
+ let win1 = window.open(TEST_FILE);
+ // testsToRun["test1"] will be false if toplevel data: URI is blocked
+ setTimeout(function () {
+ is(testsToRun.test1, false,
+ "toplevel data: URI navigation through click() should be blocked");
+ win1.close();
+ test2();
+ }, 1000);
+}
+
+function test2() {
+ // data: URI in iframe which opens data: URI in _blank should be blocked
+ let win2 = window.open("file_block_toplevel_data_navigation2.html");
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ is(event.data, "blocked",
+ "data: URI navigation using _blank from data: URI should be blocked");
+ win2.close();
+ test3();
+ }
+}
+
+function test3() {
+ // navigating to a data: URI using window.location.href should be blocked
+ let win3 = window.open("file_block_toplevel_data_navigation3.html");
+ // testsToRun["test3"] will be false if toplevel data: URI is blocked
+ setTimeout(function () {
+ is(testsToRun.test3, false,
+ "data: URI navigation through win.loc.href should be blocked");
+ win3.close();
+ test4();
+ }, 1000);
+}
+
+function test4() {
+ // navigating to a data: URI using window.open() should be blocked
+ let win4 = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>");
+ setTimeout(function () {
+ // Please note that the data: URI will be displayed in the URL-Bar but not
+ // loaded, hence we rather rely on document.body than document.location
+ // GeckoView displays an error page for invalid navigations,
+ // so catch the case where we're not allowed to access to (cross-origin)
+ // error document and treat that as blocked.
+ let body = "Error";
+ try {
+ body = win4.document.body.innerHTML;
+ } catch (e) {
+ if (e instanceof DOMException && e.name === "SecurityError") {
+ body = "";
+ } else {
+ throw e;
+ }
+ }
+ is(body, "", "navigating to a data: URI using window.open() should be blocked");
+ test5();
+ }, 1000);
+}
+
+function test5() {
+ // navigating to a URI which redirects to a data: URI using window.open() should be blocked
+ let win5 = window.open("file_block_toplevel_data_redirect.sjs");
+ setTimeout(function () {
+ // Please note that the data: URI will be displayed in the URL-Bar but not
+ // loaded, hence we rather rely on document.body than document.location
+ let body = "Error";
+ try {
+ body = win5.document.body.innerHTML;
+ } catch (e) {
+ if (e instanceof DOMException && e.name === "SecurityError") {
+ body = "";
+ } else {
+ throw e;
+ }
+ }
+ is(body, "", "navigating to URI which redirects to a data: URI using window.open() should be blocked");
+ win5.close();
+ test6();
+ }, 1000);
+}
+
+function test6() {
+ // navigating to a data: URI without a Content Type should be blocked
+ let win6 = window.open("data:DataURIsWithNoContentTypeShouldBeBlocked");
+ setTimeout(function () {
+ let body = "Error";
+ try {
+ body = win6.document.body.innerHTML;
+ } catch (e) {
+ if (e instanceof DOMException && e.name === "SecurityError") {
+ body = "";
+ } else {
+ throw e;
+ }
+ }
+ is(body, "", "navigating to a data: URI without a Content Type should be blocked");
+ win6.close();
+ SimpleTest.finish();
+ }, 1000);
+}
+
+// fire up the tests
+test1();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_bug1277803.xhtml b/dom/security/test/general/test_bug1277803.xhtml
new file mode 100644
index 0000000000..482dd6b916
--- /dev/null
+++ b/dom/security/test/general/test_bug1277803.xhtml
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
+<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
+
+<window title="Bug 1277803 test"
+ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+ width="600"
+ height="600"
+ onload="runTest();">
+
+ <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ </body>
+
+ <script type="application/javascript"><![CDATA[
+ SimpleTest.requestCompleteLog();
+ let makeURI = ChromeUtils.import("resource://gre/modules/BrowserUtils.jsm", {}).BrowserUtils.makeURI;
+
+ const BASE_URI = "http://mochi.test:8888/chrome/dom/security/test/general/";
+ const FAVICON_URI = BASE_URI + "favicon_bug1277803.ico";
+ const LOADING_URI = BASE_URI + "bug1277803.html";
+ let testWindow; //will be used to trigger favicon load
+
+ let securityManager = Cc["@mozilla.org/scriptsecuritymanager;1"].
+ getService(Ci.nsIScriptSecurityManager);
+ let expectedPrincipal = securityManager.createContentPrincipal(makeURI(LOADING_URI), {});
+ let systemPrincipal = Cc["@mozilla.org/systemprincipal;1"].createInstance();
+
+ function runTest() {
+ // Register our observer to intercept favicon requests.
+ let os = Cc["@mozilla.org/observer-service;1"].
+ getService(Ci.nsIObserverService);
+ let observer = {
+ observe: function(aSubject, aTopic, aData)
+ {
+ // Make sure this is a favicon request.
+ let httpChannel = aSubject.QueryInterface(Ci.nsIHttpChannel);
+ if (FAVICON_URI != httpChannel.URI.spec) {
+ return;
+ }
+
+ // Ensure the topic is the one we set an observer for.
+ is(aTopic, "http-on-modify-request", "Expected observer topic");
+
+ // Check for the correct loadingPrincipal, triggeringPrincipal.
+ let triggeringPrincipal = httpChannel.loadInfo.triggeringPrincipal;
+ let loadingPrincipal = httpChannel.loadInfo.loadingPrincipal;
+
+ ok(loadingPrincipal.equals(expectedPrincipal), "Should be loading with the expected principal.");
+ ok(triggeringPrincipal.equals(expectedPrincipal), "Should be triggered with the expected principal.");
+
+ os.removeObserver(this, "http-on-modify-request");
+ SimpleTest.finish();
+ }
+ }
+ os.addObserver(observer, "http-on-modify-request");
+
+ // Now that the observer is set up, trigger a favicon load with navigation
+ testWindow = window.open(LOADING_URI);
+ }
+
+ SimpleTest.waitForExplicitFinish();
+ SimpleTest.registerCleanupFunction(function() {
+ if (testWindow) {
+ testWindow.close();
+ }
+ });
+ ]]></script>
+
+ <browser type="content" primary="true" flex="1" id="content" src="about:blank"/>
+</window>
diff --git a/dom/security/test/general/test_bug1450853.html b/dom/security/test/general/test_bug1450853.html
new file mode 100644
index 0000000000..ffbc654d8f
--- /dev/null
+++ b/dom/security/test/general/test_bug1450853.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1450853
+-->
+<head>
+<meta charset="utf-8">
+<title>Test for Cross-origin resouce status leak via MediaError</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<script src="/tests/SimpleTest/ChromeTask.js"></script>
+<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+<audio autoplay id="audio"></audio>
+
+<script type="application/javascript">
+
+/** Test for Bug 1450853 **/
+CONST_GENERIC_ERROR_MESSAGE = "Failed to open media";
+
+add_task(function() {
+ return new Promise((resolve) => {
+ let audioElement = document.getElementById("audio");
+
+ audioElement.onerror = function() {
+ let err = this.error;
+ let message = err.message;
+ info(`Got Audio Error -> ${message}`);
+ ok(message.includes("404"), "Same-Origin Error Message may contain status data");
+ resolve();
+ };
+ audioElement.src = "/media/test.mp3";
+ });
+});
+
+add_task(function() {
+ return new Promise((resolve) => {
+ let audioElement = document.getElementById("audio");
+
+ audioElement.onerror = function() {
+ let err = this.error;
+ let message = err.message;
+
+ info(`Got Audio Error -> ${message}`);
+ is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic");
+ resolve();
+ };
+ audioElement.src = "https://example.com/media/test.mp3";
+ });
+});
+
+</script>
+</head>
+
+<body>
+ <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a>
+ <iframe width="0" height="0"></iframe>
+ </body>
+</html>
diff --git a/dom/security/test/general/test_cache_split.html b/dom/security/test/general/test_cache_split.html
new file mode 100644
index 0000000000..0696b9f2ca
--- /dev/null
+++ b/dom/security/test/general/test_cache_split.html
@@ -0,0 +1,159 @@
+<!DOCTYPE HTML>
+<html>
+
+<head>
+ <title>Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script src="/tests/SimpleTest/ChromeTask.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+ <img id="cookieImage">
+ <script class="testbody" type="text/javascript">
+ SimpleTest.requestLongerTimeout(2);
+
+ const SAME_ORIGIN = "http://mochi.test:8888/"
+ const CROSS_ORIGIN = "http://example.com/";
+ const PATH = "file_cache_splitting_server.sjs";
+
+ const Ci = SpecialPowers.Ci;
+
+ async function getCount() {
+ return fetch(`${PATH}?state`).then(r => r.text());
+ }
+ async function resetCount() {
+ return fetch(`${PATH}?flush`).then(r => r.text());
+ }
+ async function ensureLoaded() {
+ // This Fetch is geting the Response "1", once file_cache_splitting_isloaded
+ // gets a request without a query String issued from the cache_splitting_window.html
+ info("Waiting for Pageload");
+ let result = await fetch("file_cache_splitting_isloaded.sjs?wait").then(r => r.text);
+ info("Page has been Loaded");
+ return result;
+ }
+
+
+ async function openAndLoadWindow(origin) {
+ let isLoaded = ensureLoaded();
+ let url = `${origin}tests/dom/security/test/general/file_cache_splitting_window.html`;
+ let w = window.open(url);
+ let ew = SpecialPowers.wrap(w);
+ await isLoaded;
+ return w;
+ }
+
+ async function checkStep(step = [SAME_ORIGIN, 1], name) {
+ info(`Doing Step ${JSON.stringify(step)}`);
+ let url = step[0];
+ let should_count = step[1];
+ let w = await openAndLoadWindow(url);
+ let count = await getCount();
+ ok(
+ count == should_count,
+ `${name} req to: ${
+ url == SAME_ORIGIN ? "Same Origin" : "Cross Origin"
+ } expected ${should_count} request to Server, got ${count}`
+ );
+ w.close()
+ }
+ async function clearCache(){
+ info("Clearing Cache");
+ SpecialPowers.DOMWindowUtils.clearSharedStyleSheetCache();
+ await ChromeTask.spawn(null,(()=>{
+ Services.cache2.clear();
+ }));
+ }
+ async function runTest(test) {
+ info(`Starting Job with - ${test.steps.length} - Requests`);
+ await resetCount();
+ let { prefs, steps, name } = test;
+ await SpecialPowers.pushPrefEnv(prefs);
+ for (let step of steps) {
+ await checkStep(step, name);
+ }
+ await clearCache();
+ };
+
+
+ add_task(
+ async () =>
+ await runTest({
+ name: `Isolated Cache`,
+ steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]],
+ prefs: {
+ set: [
+ ["browser.cache.cache_isolation", true],
+ ["privacy.partition.network_state", false]
+ ],
+ },
+ })
+ );
+ // Negative Test: The CROSS_ORIGIN should be able to
+ // acess the cache of SAME_ORIGIN
+ add_task(
+ async () =>
+ await runTest({
+ name: `Non Isolated Cache`,
+ steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 1]],
+ prefs: {
+ set: [
+ ["browser.cache.cache_isolation", false],
+ ["privacy.partition.network_state", false]
+ ],
+ },
+ })
+ );
+ // Test that FPI does not affect Cache Isolation
+ add_task(
+ async () =>
+ await runTest({
+ name: `FPI interaction`,
+ steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]],
+ prefs: {
+ set: [
+ ["privacy.firstparty.isolate", true],
+ ["browser.cache.cache_isolation", true],
+ ["privacy.partition.network_state", false],
+ ],
+ },
+ })
+ );
+ // Test that cookieBehavior does not affect Cache Isolation
+ for (let i = 0; i < Ci.nsICookieService.BEHAVIOR_LAST ; i++) {
+ add_task(
+ async () =>
+ await runTest({
+ name: `cookieBehavior interaction ${i}`,
+ steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]],
+ prefs: {
+ set: [
+ ["privacy.firstparty.isolate", false],
+ ["browser.cache.cache_isolation", true],
+ ["network.cookie.cookieBehavior", i],
+ ["privacy.partition.network_state", false],
+ ],
+ },
+ })
+ );
+ }
+ add_task(
+ async () =>
+ await runTest({
+ name: `FPI interaction - 2`,
+ steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]],
+ prefs: {
+ set: [
+ ["privacy.firstparty.isolate", true],
+ ["browser.cache.cache_isolation", false],
+ ["privacy.partition.network_state", false],
+ ],
+ },
+ })
+ );
+
+ </script>
+</body>
+
+</html>
diff --git a/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html b/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html
new file mode 100644
index 0000000000..b972854b79
--- /dev/null
+++ b/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html
@@ -0,0 +1,106 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1255240 - Test content policy types within content policies for targeted links in iframes</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * Let's load a link into a targeted iframe and make sure the content policy
+ * type used for content policy checks is of TYPE_SUBDOCUMENT.
+ */
+
+function createChromeScript() {
+ var categoryManager = Cc["@mozilla.org/categorymanager;1"].getService(
+ Ci.nsICategoryManager
+ );
+
+ const POLICYNAME = "@mozilla.org/testpolicy;1";
+ const POLICYID = Components.ID("{6cc95ef3-40e1-4d59-87f0-86f100373227}");
+ const EXPECTED_URL =
+ "http://mochi.test:8888/tests/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs?innerframe";
+
+ var policy = {
+ // nsISupports implementation
+ QueryInterface: ChromeUtils.generateQI([
+ "nsIFactory",
+ "nsIContentPolicy",
+ ]),
+
+ // nsIFactory implementation
+ createInstance(outer, iid) {
+ return this.QueryInterface(iid);
+ },
+
+ // nsIContentPolicy implementation
+ shouldLoad(contentLocation, loadInfo, mimeTypeGuess) {
+ if (contentLocation.asciiSpec === EXPECTED_URL) {
+ sendAsyncMessage("loadBlocked", { policyType: loadInfo.externalContentPolicyType});
+ categoryManager.deleteCategoryEntry(
+ "content-policy",
+ POLICYNAME,
+ false
+ );
+ componentManager.unregisterFactory(POLICYID, policy);
+ return Ci.nsIContentPolicy.REJECT_REQUEST;
+ }
+ return Ci.nsIContentPolicy.ACCEPT;
+ },
+
+ shouldProcess(contentLocation, loadInfo, mimeTypeGuess) {
+ return Ci.nsIContentPolicy.ACCEPT;
+ }
+ };
+
+ // Register content policy
+ var componentManager = Components.manager.QueryInterface(
+ Ci.nsIComponentRegistrar
+ );
+
+ componentManager.registerFactory(
+ POLICYID,
+ "Test content policy",
+ POLICYNAME,
+ policy
+ );
+ categoryManager.addCategoryEntry(
+ "content-policy",
+ POLICYNAME,
+ POLICYNAME,
+ false,
+ true
+ );
+
+ // Adding a new category dispatches an event to update
+ // caches, so we need to also dispatch an event to make
+ // sure we don't start the load until after that happens.
+ Services.tm.dispatchToMainThread(() => {
+ sendAsyncMessage("setupComplete");
+ });
+}
+
+add_task(async function() {
+ let chromeScript = SpecialPowers.loadChromeScript(createChromeScript);
+ await chromeScript.promiseOneMessage("setupComplete");
+
+ var testframe = document.getElementById("testframe");
+ testframe.src =
+ "file_contentpolicytype_targeted_link_iframe.sjs?testframe";
+
+ let result = await chromeScript.promiseOneMessage("loadBlocked");
+
+ is(result.policyType, SpecialPowers.Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
+ "content policy type should TYPESUBDOCUMENT");
+
+ chromeScript.destroy();
+});
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_innerhtml_sanitizer.html b/dom/security/test/general/test_innerhtml_sanitizer.html
new file mode 100644
index 0000000000..4a4e4efed1
--- /dev/null
+++ b/dom/security/test/general/test_innerhtml_sanitizer.html
@@ -0,0 +1,74 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Test for Bug 1667113</title>
+ <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
+<div></div>
+<script>
+SimpleTest.waitForExplicitFinish();
+
+// Please note that 'fakeServer' does not exist because the test relies
+// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
+// which fire if either the request is blocked or fires. The test does
+// not rely on the result of the load.
+
+function fail() {
+ ok(false, "Should not call this")
+}
+
+function examiner() {
+ SpecialPowers.addObserver(this, "csp-on-violate-policy");
+ SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
+}
+examiner.prototype = {
+ observe(subject, topic, data) {
+ if (topic === "csp-on-violate-policy") {
+ let asciiSpec = SpecialPowers.getPrivilegedProps(
+ SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+ "asciiSpec");
+ if (asciiSpec.includes("fakeServer")) {
+ ok (false, "Should not attempt fetch, not even blocked by CSP.");
+ }
+ }
+
+ if (topic === "specialpowers-http-notify-request") {
+ if (data.includes("fakeServer")) {
+ ok (false, "Should not try fetch");
+ }
+ }
+ },
+ remove() {
+ SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+ SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+ }
+}
+
+window.examiner = new examiner();
+
+let div = document.getElementsByTagName("div")[0];
+div.innerHTML = "<svg><style><title><audio src=fakeServer onerror=fail() onload=fail()>";
+
+let svg = div.firstChild;
+is(svg.nodeName, "svg", "Node name should be svg");
+
+let style = svg.firstChild;
+if (style) {
+ is(style.firstChild, null, "Style should not have child nodes.");
+} else {
+ ok(false, "Should have gotten a node.");
+}
+
+
+SimpleTest.executeSoon(function() {
+ window.examiner.remove();
+ SimpleTest.finish();
+});
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_innerhtml_sanitizer.xhtml b/dom/security/test/general/test_innerhtml_sanitizer.xhtml
new file mode 100644
index 0000000000..4d938bc23b
--- /dev/null
+++ b/dom/security/test/general/test_innerhtml_sanitizer.xhtml
@@ -0,0 +1,73 @@
+<!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <title>Test for Bug 1667113</title>
+ <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
+<div></div>
+<script><![CDATA[
+SimpleTest.waitForExplicitFinish();
+
+// Please note that 'fakeServer' does not exist because the test relies
+// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
+// which fire if either the request is blocked or fires. The test does
+// not rely on the result of the load.
+
+function fail() {
+ ok(false, "Should not call this")
+}
+
+function examiner() {
+ SpecialPowers.addObserver(this, "csp-on-violate-policy");
+ SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
+}
+examiner.prototype = {
+ observe(subject, topic, data) {
+ if (topic === "csp-on-violate-policy") {
+ let asciiSpec = SpecialPowers.getPrivilegedProps(
+ SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+ "asciiSpec");
+ if (asciiSpec.includes("fakeServer")) {
+ ok (false, "Should not attempt fetch, not even blocked by CSP.");
+ }
+ }
+
+ if (topic === "specialpowers-http-notify-request") {
+ if (data.includes("fakeServer")) {
+ ok (false, "Should not try fetch");
+ }
+ }
+ },
+ remove() {
+ SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+ SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+ }
+}
+
+window.examiner = new examiner();
+
+let div = document.getElementsByTagName("div")[0];
+div.innerHTML = "<svg xmlns='http://www.w3.org/2000/svg'><style><title><audio xmlns='http://www.w3.org/1999/xhtml' src='fakeServer' onerror='fail()' onload='fail()'></audio></title></style></svg>";
+
+let svg = div.firstChild;
+is(svg.nodeName, "svg", "Node name should be svg");
+
+let style = svg.firstChild;
+if (style) {
+ is(style.firstChild, null, "Style should not have child nodes.");
+} else {
+ ok(false, "Should have gotten a node.");
+}
+
+
+SimpleTest.executeSoon(function() {
+ window.examiner.remove();
+ SimpleTest.finish();
+});
+
+]]></script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_nosniff.html b/dom/security/test/general/test_nosniff.html
new file mode 100644
index 0000000000..a22386aea0
--- /dev/null
+++ b/dom/security/test/general/test_nosniff.html
@@ -0,0 +1,88 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 471020 - Add X-Content-Type-Options: nosniff support to Firefox</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <!-- add the two css tests -->
+ <link rel="stylesheet" id="cssCorrectType">
+ <link rel="stylesheet" id="cssWrongType">
+</head>
+<body>
+
+<!-- add the two script tests -->
+<script id="scriptCorrectType"></script>
+<script id="scriptWrongType"></script>
+
+<script class="testbody" type="text/javascript">
+/* Description of the test:
+ * We load 2 css files, 2 script files and 2 image files, where
+ * the sever either responds with the right mime type or
+ * the wrong mime type for each test.
+ */
+
+SimpleTest.waitForExplicitFinish();
+const NUM_TESTS = 4;
+
+var testCounter = 0;
+function checkFinish() {
+ testCounter++;
+ if (testCounter === NUM_TESTS) {
+ SimpleTest.finish();
+ }
+}
+
+ // 1) Test CSS with correct mime type
+ var cssCorrectType = document.getElementById("cssCorrectType");
+ cssCorrectType.onload = function() {
+ ok(true, "style nosniff correct type should load");
+ checkFinish();
+ }
+ cssCorrectType.onerror = function() {
+ ok(false, "style nosniff correct type should load");
+ checkFinish();
+ }
+ cssCorrectType.href = "file_nosniff_testserver.sjs?cssCorrectType";
+
+ // 2) Test CSS with wrong mime type
+ var cssWrongType = document.getElementById("cssWrongType");
+ cssWrongType.onload = function() {
+ ok(false, "style nosniff wrong type should not load");
+ checkFinish();
+ }
+ cssWrongType.onerror = function() {
+ ok(true, "style nosniff wrong type should not load");
+ checkFinish();
+ }
+ cssWrongType.href = "file_nosniff_testserver.sjs?cssWrongType";
+
+ // 3) Test SCRIPT with correct mime type
+ var scriptCorrectType = document.getElementById("scriptCorrectType");
+ scriptCorrectType.onload = function() {
+ ok(true, "script nosniff correct type should load");
+ checkFinish();
+ }
+ scriptCorrectType.onerror = function() {
+ ok(false, "script nosniff correct type should load");
+ checkFinish();
+ }
+ scriptCorrectType.src = "file_nosniff_testserver.sjs?scriptCorrectType";
+
+ // 4) Test SCRIPT with wrong mime type
+ var scriptWrongType = document.getElementById("scriptWrongType");
+ scriptWrongType.onload = function() {
+ ok(false, "script nosniff wrong type should not load");
+ checkFinish();
+ }
+ scriptWrongType.onerror = function() {
+ ok(true, "script nosniff wrong type should not load");
+ checkFinish();
+ }
+ scriptWrongType.src = "file_nosniff_testserver.sjs?scriptWrongType";
+
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_nosniff_navigation.html b/dom/security/test/general/test_nosniff_navigation.html
new file mode 100644
index 0000000000..6710f4f5b9
--- /dev/null
+++ b/dom/security/test/general/test_nosniff_navigation.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+
+<head>
+ <title>Bug 1428473 Support X-Content-Type-Options: nosniff when navigating</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+
+ <!-- add the two script tests -->
+ <script id="scriptCorrectType"></script>
+ <script id="scriptWrongType"></script>
+
+ <script class="testbody" type="text/javascript">
+ /* Description of the test:
+ * We're testing if Firefox respects the nosniff Header for Top-Level
+ * Navigations.
+ * If Firefox cant Display the Page, it will prompt a download
+ * and the URL of the Page will be about:blank.
+ * So we will try to open different content send with
+ * no-mime, mismatched-mime and garbage-mime types.
+ *
+ */
+
+ SimpleTest.waitForExplicitFinish();
+
+ window.addEventListener("load", async () => {
+ window.open("window_nosniff_navigation.html");
+ });
+ </script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_about.html b/dom/security/test/general/test_same_site_cookies_about.html
new file mode 100644
index 0000000000..faf2caab9a
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_about.html
@@ -0,0 +1,116 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which sets a same site cookie
+ * 2) We then load the following iframes:
+ * (a) cross-origin iframe
+ * (b) same-origin iframe
+ * which both load a:
+ * * nested about:srcdoc frame and nested about:blank frame
+ * * navigate about:srcdoc frame and navigate about:blank frame
+ * 3) We evaluate that the same-site cookie is available in the same-origin case.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_about.sjs";
+
+let curTest = 0;
+
+var tests = [
+ // NAVIGATION TESTS
+ {
+ description: "nested same origin iframe about:srcdoc navigation [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeNav",
+ result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe about:srcdoc navigation [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeNav",
+ result: "", // no same-site cookie should be available
+ },
+ {
+ description: "nested same origin iframe about:blank navigation [mochi.test -> mochi.test -> about:blank -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "?loadblankframeNav",
+ result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe about:blank navigation [mochi.test -> example.com -> about:blank -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeNav",
+ result: "", // no same-site cookie should be available
+ },
+ // INCLUSION TESTS
+ {
+ description: "nested same origin iframe about:srcdoc inclusion [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeInc",
+ result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe about:srcdoc inclusion [mochi.test -> example.com -> about:srcdoc -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeInc",
+ result: "", // no same-site cookie should be available
+ },
+ {
+ description: "nested same origin iframe about:blank inclusion [mochi.test -> mochi.test -> about:blank -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "?loadblankframeInc",
+ result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe about:blank inclusion [mochi.test -> example.com -> about:blank -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeInc",
+ result: "", // no same-site cookie should be available
+ },
+];
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ is(event.data.result, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ let testframe = document.getElementById("testframe");
+ testframe.src = tests[curTest].frameSRC + curTest;
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not load image for test (" + tests[curTest].description + ")");
+ }
+ cookieImage.src = SAME_ORIGIN + PATH + "?setSameSiteCookie" + curTest;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_cross_origin_context.html b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
new file mode 100644
index 0000000000..495cfaf801
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
@@ -0,0 +1,87 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://example.com which tries to
+ * a) a same site cookie
+ * b) a regular cookie
+ * in the context of http://mochi.test
+ * 2) We load an iframe from http://example.com and check if the cookie
+ * is available.
+ * 3) We observe that:
+ * (a) same site cookie has been discarded in a cross origin context.
+ * (b) the regular cookie is available.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs";
+
+let curTest = 0;
+
+var tests = [
+ {
+ description: "regular cookie in cross origin context",
+ imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=regularCookie",
+ },
+ {
+ description: "same-site cookie in cross origin context",
+ imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "", // no cookie should be set
+ },
+];
+
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ is(event.data.result, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ let testframe = document.getElementById("testframe");
+ testframe.src = tests[curTest].frameSRC + curTest;
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not load image for test (" + tests[curTest].description + ")");
+ }
+ cookieImage.src = tests[curTest].imgSRC + curTest;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_from_script.html b/dom/security/test/general/test_same_site_cookies_from_script.html
new file mode 100644
index 0000000000..548fcfa954
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_from_script.html
@@ -0,0 +1,86 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<iframe id="setCookieFrame"></iframe>
+<iframe id="getCookieFrame"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an iframe which tries to set a same site cookie using an
+ * inline script in top-level context of http://mochi.test.
+ * 2) We load an iframe from http://example.com and check if the cookie
+ * is available.
+ * 3) We observe that:
+ * (a) same site cookie is available in same origin context.
+ * (a) same site cookie has been discarded in a cross origin context.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/";
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_from_script.sjs";
+
+let curTest = 0;
+
+var tests = [
+ {
+ description: "same-site cookie inline script within same-site context",
+ setCookieSrc: SAME_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
+ getCookieSrc: SAME_ORIGIN + PATH + "?getCookieFrame",
+ result: "myKey=sameSiteCookieInlineScript",
+ },
+ {
+ description: "same-site cookie inline script within cross-site context",
+ setCookieSrc: CROSS_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
+ getCookieSrc: CROSS_ORIGIN + PATH + "?getCookieFrame",
+ result: "", // same-site cookie should be discarded in cross site context
+ },
+];
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ is(event.data.result, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ let getCookieFrame = document.getElementById("getCookieFrame");
+ getCookieFrame.src = tests[curTest].getCookieSrc + curTest;
+}
+
+function setCookieAndInitTest() {
+ var cookieFrame = document.getElementById("setCookieFrame");
+ setCookieFrame.onload = function() {
+ ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ setCookieFrame.onerror = function() {
+ ok(false, "could not load image for test (" + tests[curTest].description + ")");
+ }
+ cookieFrame.src = tests[curTest].setCookieSrc + curTest;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_iframe.html b/dom/security/test/general/test_same_site_cookies_iframe.html
new file mode 100644
index 0000000000..45d5d5830a
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_iframe.html
@@ -0,0 +1,168 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1454027 - Update SameSite cookie handling inside iframes</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which sets a same site cookie
+ * 2) We then load the following iframes:
+ * (a) cross-origin iframe
+ * (b) sandboxed iframe
+ * (c) data: URI iframe
+ * (d) same origin iframe which loads blob: URI iframe (to simulate same origin blobs)
+ * (e) cross origin iframe which loads blob: URI iframe (to simulate cross origin blobs)
+ * which all:
+ * * navigate the iframe to http://mochi.test
+ * * include another iframe from http://mochi.test
+ * 3) We observe that none of the nested iframes have access to the same-site cookie.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/";
+const SERVER_FILE = "file_same_site_cookies_iframe.sjs";
+
+const NESTED_DATA_IFRAME_NAVIGATION = `
+ data:text/html,
+ <html>
+ <body>
+ <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a>
+ <script type="application/javascript">
+ let link = document.getElementById("testlink");
+ link.click();
+ <\/script>
+ </body>
+ </html>`;
+
+const NESTED_DATA_IFRAME_INCLUSION = `
+ data:text/html,
+ <html>
+ <body>
+ <script type="application/javascript">
+ window.addEventListener("message", receiveMessage);
+ function receiveMessage(event) {
+ window.removeEventListener("message", receiveMessage);
+ window.parent.postMessage({result: event.data.result}, '*');
+ }
+ <\/script>
+ <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe>
+ </body>
+ </html>`;
+
+let curTest = 0;
+
+var tests = [
+ // NAVIGATION TESTS
+ {
+ description: "nested same origin iframe navigation [mochi.test -> mochi.test -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + SERVER_FILE + "?nestedIframeNavigation",
+ result: "myKey=mySameSiteIframeTestCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe navigation [mochi.test -> example.com -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedIframeNavigation",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested sandboxed iframe navigation [mochi.test -> sandbox -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedSandboxIframeNavigation",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested data iframe navigation [mochi.test -> data: -> mochi.test]",
+ frameSRC: NESTED_DATA_IFRAME_NAVIGATION,
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested same site blob iframe navigation [mochi.test -> mochi.test -> blob: -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_navigation.html",
+ result: "myKey=mySameSiteIframeTestCookie", // cookie should be set, blobs inherit security context
+ },
+ {
+ description: "nested cross site blob iframe navigation [mochi.test -> example.com -> blob: -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_navigation.html",
+ result: "", // no cookie should be set
+ },
+ // INCLUSION TESTS
+ {
+ description: "nested same origin iframe inclusion [mochi.test -> mochi.test -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + SERVER_FILE + "?nestedIframeInclusion",
+ result: "myKey=mySameSiteIframeTestCookie", // cookie should be set for baseline test
+ },
+ {
+ description: "nested cross origin iframe inclusion [mochi.test -> example.com -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedIframeInclusion",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested sandboxed iframe inclusion [mochi.test -> sandbox -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedSandboxIframeInclusion",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested data iframe inclusion [mochi.test -> data: -> mochi.test]",
+ frameSRC: NESTED_DATA_IFRAME_INCLUSION,
+ result: "", // no cookie should be set
+ },
+ {
+ description: "nested same site blob iframe inclusion [mochi.test -> mochi.test -> blob: -> mochi.test]",
+ frameSRC: SAME_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_inclusion.html",
+ result: "myKey=mySameSiteIframeTestCookie", // cookie should be set, blobs inherit security context
+ },
+ {
+ description: "same-site cookie, nested cross site blob iframe inclusion [mochi.test -> example.com -> blob: -> mochi.test]",
+ frameSRC: CROSS_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_inclusion.html",
+ result: "", // no cookie should be set
+ },
+];
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ is(event.data.result, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ let testframe = document.getElementById("testframe");
+ testframe.src = tests[curTest].frameSRC;
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not load image for test (" + tests[curTest].description + ")");
+ }
+ // appending math.random to avoid any unexpected caching behavior
+ cookieImage.src = SAME_ORIGIN + PATH + SERVER_FILE + "?setSameSiteCookie" + Math.random();
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_laxByDefault.html b/dom/security/test/general/test_same_site_cookies_laxByDefault.html
new file mode 100644
index 0000000000..1da9cc71a5
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_laxByDefault.html
@@ -0,0 +1,86 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1551798 - SameSite=lax by default</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/closeWindow.sjs";
+
+async function realTest(noneRequiresSecure) {
+ let types = ["unset", "lax", "none"];
+ for (let i = 0; i < types.length; ++i) {
+ info("Loading a new top-level page (" + types[i] + ")");
+ await new Promise(resolve => {
+ window.addEventListener("message", _ => {
+ resolve();
+ }, { once: true });
+ window.open(CROSS_ORIGIN + PATH + "?" + types[i]);
+ });
+ }
+
+ info("Check cookies");
+ let chromeScript = SpecialPowers.loadChromeScript(() => {
+ const {sendAsyncMessage} = this;
+ const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+ let cookies = { test: null, test2: null, test3: null };
+
+ for (let cookie of Services.cookies.cookies) {
+ if (cookie.host != "example.com") continue;
+
+ if (cookie.name == "test" && cookie.value == "wow") {
+ cookies.test = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none';
+ }
+
+ if (cookie.name == "test2" && cookie.value == "wow2") {
+ cookies.test2 = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none';
+ }
+
+ if (cookie.name == "test3" && cookie.value == "wow3") {
+ cookies.test3 = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none';
+ }
+ }
+
+ Services.cookies.removeAll();
+ sendAsyncMessage('result', cookies);
+ });
+
+ let cookies = await new Promise(resolve => {
+ chromeScript.addMessageListener('result', cookies => {
+ chromeScript.destroy();
+ resolve(cookies);
+ });
+ });
+
+ is(cookies.test, "lax", "Cookie set without samesite is lax by default");
+ if (noneRequiresSecure) {
+ is(cookies.test2, null, "Cookie set with samesite none, but not secure");
+ } else {
+ is(cookies.test2, "none", "Cookie set with samesite none");
+ }
+ is(cookies.test3, "lax", "Cookie set with samesite lax");
+}
+
+SpecialPowers.pushPrefEnv({"set": [
+ ["network.cookie.sameSite.laxByDefault", true],
+ ["network.cookie.sameSite.noneRequiresSecure", false],
+]}).then(_ => {
+ return realTest(false);
+}).then(_ => {
+ return SpecialPowers.pushPrefEnv({"set": [
+ ["network.cookie.sameSite.laxByDefault", true],
+ ["network.cookie.sameSite.noneRequiresSecure", true]]});
+}).then(_ => {
+ return realTest(true);
+}).then(SimpleTest.finish);
+
+SimpleTest.waitForExplicitFinish();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_redirect.html b/dom/security/test/general/test_same_site_cookies_redirect.html
new file mode 100644
index 0000000000..59f98b2263
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_redirect.html
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1453814 - Do not allow same-site cookies for cross origin redirect</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which set a same site cookie
+ * 2) We then load an iframe that redirects
+ * (a) from same-origin to cross-origin
+ * (b) from cross-origin to same-origin
+ * 3) We observe that in both cases same-site cookies should not be send
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = location.origin + "/";
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs";
+
+let curTest = 0;
+
+var tests = [
+ {
+ description: "baseline: same-site cookie, redirect same-site to same-site",
+ imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?sameToSameRedirect",
+ result: "myKey=strictSameSiteCookie",
+ },
+ {
+ description: "same-site cookie, redirect same-site to cross-site",
+ imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?sameToCrossRedirect",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "same-site cookie, redirect cross-site to same-site",
+ imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?crossToSameRedirect",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "same-site cookie, meta redirect same-site to cross-site",
+ imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?sameToCrossRedirectMeta",
+ result: "", // no cookie should be set
+ },
+ {
+ description: "same-site cookie, meta redirect cross-site to same-site",
+ imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?crossToSameRedirectMeta",
+ result: "", // no cookie should be set
+ },
+];
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ is(event.data.result, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ let testframe = document.getElementById("testframe");
+ testframe.src = tests[curTest].frameSRC;
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not load image for test (" + tests[curTest].description + ")");
+ }
+ cookieImage.src = tests[curTest].imgSRC;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_subrequest.html b/dom/security/test/general/test_same_site_cookies_subrequest.html
new file mode 100644
index 0000000000..304dbafa9a
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_subrequest.html
@@ -0,0 +1,113 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1286861 - Test same site cookies on subrequests</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which sets a same site cookie
+ * 2) We load an iframe from:
+ * * http://mochi.test which loads another image from http://mochi.test
+ * * http://example.com which loads another image from http://mochi.test
+ * 3) We observe that the same site cookie is sent in the same origin case,
+ * but not in the cross origin case.
+ *
+ * In detail:
+ * We perform an XHR request to the *.sjs file which is processed async on
+ * the server and waits till the image request has been processed by the server.
+ * Once the image requets was processed, the server responds to the initial
+ * XHR request with the expecuted result (the cookie value).
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/";
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_subrequest.sjs";
+
+let curTest = 0;
+
+var tests = [
+ {
+ description: "same origin site using cookie policy 'samesite=strict'",
+ imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=strictSameSiteCookie",
+ },
+ {
+ description: "cross origin site using cookie policy 'samesite=strict'",
+ imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=noCookie",
+ },
+ {
+ description: "same origin site using cookie policy 'samesite=lax'",
+ imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=laxSameSiteCookie",
+ },
+ {
+ description: "cross origin site using cookie policy 'samesite=lax'",
+ imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=noCookie",
+ },
+];
+
+function checkResult(aCookieVal) {
+ is(aCookieVal, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ var myXHR = new XMLHttpRequest();
+ myXHR.open("GET", "file_same_site_cookies_subrequest.sjs?queryresult" + curTest);
+ myXHR.onload = function(e) {
+ checkResult(myXHR.responseText);
+ }
+ myXHR.onerror = function(e) {
+ ok(false, "could not query results from server (" + e.message + ")");
+ }
+ myXHR.send();
+
+ // give it some time and load the test frame
+ SimpleTest.executeSoon(function() {
+ let testframe = document.getElementById("testframe");
+ testframe.src = tests[curTest].frameSRC + curTest;
+ });
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not set cookie for test (" + tests[curTest].description + ")");
+ }
+ cookieImage.src = tests[curTest].imgSRC + curTest;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_toplevel_nav.html b/dom/security/test/general/test_same_site_cookies_toplevel_nav.html
new file mode 100644
index 0000000000..aba825916b
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_toplevel_nav.html
@@ -0,0 +1,117 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1286861 - Test same site cookies on top-level navigations</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://mochi.test which sets a same site cookie
+ * 2) We open a new window to
+ * * a same origin location
+ * * a cross origin location
+ * 3) We observe that the same site cookie is sent in the same origin case,
+ * but not in the cross origin case, unless the policy = 'lax', which should
+ * send the cookie in a top-level navigation case.
+ *
+ * In detail:
+ * We perform an XHR request to the *.sjs file which is processed async on
+ * the server and waits till the image request has been processed by the server.
+ * Once the image requets was processed, the server responds to the initial
+ * XHR request with the expecuted result (the cookie value).
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/";
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs";
+
+let curTest = 0;
+
+let currentWindow;
+var tests = [
+ {
+ description: "same origin navigation using cookie policy 'samesite=strict'",
+ imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=strictSameSiteCookie",
+ },
+ {
+ description: "cross origin navigation using cookie policy 'samesite=strict'",
+ imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=noCookie",
+ },
+ {
+ description: "same origin navigation using cookie policy 'samesite=lax'",
+ imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
+ frameSRC: SAME_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=laxSameSiteCookie",
+ },
+ {
+ description: "cross origin navigation using cookie policy 'samesite=lax'",
+ imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie",
+ frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+ result: "myKey=laxSameSiteCookie",
+ },
+];
+
+function checkResult(aCookieVal) {
+ if(currentWindow){
+ currentWindow.close();
+ currentWindow= null;
+ }
+ is(aCookieVal, tests[curTest].result, tests[curTest].description);
+ curTest += 1;
+
+ // lets see if we ran all the tests
+ if (curTest == tests.length) {
+ SimpleTest.finish();
+ return;
+ }
+ // otherwise it's time to run the next test
+ setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+ var myXHR = new XMLHttpRequest();
+ myXHR.open("GET", "file_same_site_cookies_toplevel_nav.sjs?queryresult" + curTest);
+ myXHR.onload = function(e) {
+ checkResult( myXHR.responseText);
+ }
+ myXHR.onerror = function(e) {
+ ok(false, "could not query results from server (" + e.message + ")");
+ }
+ myXHR.send();
+
+ // give it some time and load the test window
+ SimpleTest.executeSoon(function() {
+ currentWindow = window.open(tests[curTest].frameSRC + curTest);
+ });
+}
+
+function setCookieAndInitTest() {
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ ok(true, "set cookie for test (" + tests[curTest].description + ")");
+ setupQueryResultAndRunTest();
+ }
+ cookieImage.onerror = function() {
+ ok(false, "could not set cookie for test (" + tests[curTest].description + ")");
+ }
+ cookieImage.src = tests[curTest].imgSRC + curTest;
+}
+
+// fire up the test
+setCookieAndInitTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html b/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html
new file mode 100644
index 0000000000..cae2a6174e
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html
@@ -0,0 +1,57 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1454242: Setting samesite cookie should not rely on CookieCommons::IsSameSiteForeign</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load a window from example.com which loads a window from mochi.test
+ * which then sets a same-site cookie for mochi.test.
+ * 2) We load an iframe from mochi.test.
+ * 3) We observe that the cookie within (1) was allowed to be set and
+ * is available for mochi.test.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN = "http://mochi.test:8888/"
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs";
+
+let testWin = null;
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ // once the second window (which sets the cookie) loaded, we get a notification
+ // that the test setup is correct and we can now try to query the same-site cookie
+ if (event.data.value === "testSetupComplete") {
+ ok(true, "cookie setup worked");
+ let testframe = document.getElementById("testframe");
+ testframe.src = SAME_ORIGIN + PATH + "?checkCookie";
+ return;
+ }
+
+ // thie second message is the cookie value from verifying the
+ // cookie has been set correctly.
+ is(event.data.value, "myKey=laxSameSiteCookie",
+ "setting same-site cookie on cross origin top-level page");
+
+ window.removeEventListener("message", receiveMessage);
+ testWin.close();
+ SimpleTest.finish();
+}
+
+// fire up the test
+testWin = window.open(CROSS_ORIGIN + PATH + "?loadWin");
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_sec_fetch_websocket.html b/dom/security/test/general/test_sec_fetch_websocket.html
new file mode 100644
index 0000000000..bc01e5e509
--- /dev/null
+++ b/dom/security/test/general/test_sec_fetch_websocket.html
@@ -0,0 +1,81 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1628605: Test Sec-Fetch-* header for websockets</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script type="application/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+let testsSucceeded = 0;
+
+function checkTestsDone() {
+ testsSucceeded++;
+ if (testsSucceeded == 2) {
+ SimpleTest.finish();
+ }
+}
+
+var script = SpecialPowers.loadChromeScript(() => {
+ const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+ Services.obs.addObserver(function onExamResp(subject, topic, data) {
+ let channel = subject.QueryInterface(Ci.nsIHttpChannel);
+ if (!channel.URI.spec.startsWith("https://example.com/tests/dom/security/test/general/file_sec_fetch_websocket")) {
+ return;
+ }
+
+ // Sec-Fetch-* Headers should be present for Dest, Mode, Site
+ try {
+ let secFetchDest = channel.getRequestHeader("Sec-Fetch-Dest");
+ is(secFetchDest, "websocket", "testing sec-fetch-dest");
+
+ let secFetchMode = channel.getRequestHeader("Sec-Fetch-Mode");
+ is(secFetchMode, "websocket", "testing sec-fetch-mode");
+
+ let secFetchSite = channel.getRequestHeader("Sec-Fetch-Site");
+ is(secFetchSite, "cross-site", "testing sec-fetch-site");
+ }
+ catch (e) {
+ ok(false, "testing sec-fetch-*");
+ }
+
+ // Sec-Fetch-User should not be present
+ try {
+ let secFetchSite = channel.getRequestHeader("Sec-Fetch-User");
+ ok(false, "testing sec-fetch-user");
+ }
+ catch (e) {
+ ok(true, "testing sec-fetch-user");
+ }
+ Services.obs.removeObserver(onExamResp, "http-on-stop-request");
+
+ sendAsyncMessage("test-end");
+ }, "http-on-stop-request");
+});
+
+script.addMessageListener("test-end", () => {
+ checkTestsDone();
+});
+
+function test_sec_fetch_websocket() {
+ var wssSocket = new WebSocket("wss://example.com/tests/dom/security/test/general/file_sec_fetch_websocket");
+ wssSocket.onopen = function(e) {
+ ok(true, "sanity: wssSocket onopen");
+ checkTestsDone();
+ };
+ wssSocket.onerror = function(e) {
+ ok(false, "sanity: wssSocket onerror");
+ };
+}
+
+SpecialPowers.pushPrefEnv({
+ set: [["dom.security.secFetch.enabled", true]]
+}, test_sec_fetch_websocket);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/test_xfo_error_page.html b/dom/security/test/general/test_xfo_error_page.html
new file mode 100644
index 0000000000..218413b4f9
--- /dev/null
+++ b/dom/security/test/general/test_xfo_error_page.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1626249: Ensure correct display of neterror page for XFO</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="xfo_testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+const XFO_ERROR_PAGE_MSG = "This page has an X-Frame-Options policy that prevents it from being loaded in this context";
+
+let xfo_testframe = document.getElementById("xfo_testframe");
+
+xfo_testframe.onload = function() {
+ let wrappedXFOFrame = SpecialPowers.wrap(xfo_testframe.contentWindow);
+ let frameContentXFO = wrappedXFOFrame.document.body.innerHTML;
+ ok(frameContentXFO.includes(XFO_ERROR_PAGE_MSG), "xfo error page correct");
+ SimpleTest.finish();
+}
+
+xfo_testframe.onerror = function() {
+ ok(false, "sanity: should not fire onerror for xfo_testframe");
+ SimpleTest.finish();
+}
+
+xfo_testframe.src = "file_xfo_error_page.sjs";
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/general/window_nosniff_navigation.html b/dom/security/test/general/window_nosniff_navigation.html
new file mode 100644
index 0000000000..cae2b15c65
--- /dev/null
+++ b/dom/security/test/general/window_nosniff_navigation.html
@@ -0,0 +1,95 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1428473 Support X-Content-Type-Options: nosniff when navigating</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+ <style>
+ iframe{
+ border: 1px solid orange;
+ }
+ </style>
+
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs?xml"> </iframe>
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs?html"></iframe>
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs?css" ></iframe>
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs?json"></iframe>
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs?img"></iframe>
+ <iframe class="no-mime" src="file_nosniff_navigation.sjs"></iframe>
+
+ <hr>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?html"></iframe>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?xml"></iframe>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?css"></iframe>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?json"></iframe>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?img"></iframe>
+ <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs"></iframe>
+ <hr>
+
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?xml"> </iframe>
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?html"></iframe>
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?css" ></iframe>
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?json"></iframe>
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?img"></iframe>
+ <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs"></iframe>
+
+
+</head>
+
+<body>
+
+<!-- add the two script tests -->
+<script id="scriptCorrectType"></script>
+<script id="scriptWrongType"></script>
+
+<script class="testbody" type="text/javascript">
+/* Description of the test:
+ * We're testing if Firefox respects the nosniff Header for Top-Level
+ * Navigations.
+ * If Firefox cant Display the Page, it will prompt a download
+ * and the URL of the Page will be about:blank.
+ * So we will try to open different content send with
+ * no-mime, mismatched-mime and garbage-mime types.
+ *
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+window.addEventListener("load", ()=>{
+ let noMimeFrames = Array.from(document.querySelectorAll(".no-mime"));
+
+ noMimeFrames.forEach( frame => {
+ // In case of no Provided Content Type, not rendering or assuming text/plain is valid
+ let result = frame.contentWindow.document.URL == "about:blank" || frame.contentWindow.document.contentType == "text/plain";
+ let sniffTarget = (new URL(frame.src)).search;
+ window.opener.ok(result, `${sniffTarget} without MIME - was not Sniffed`);
+ });
+
+ let mismatchedMimes = Array.from(document.querySelectorAll(".mismatch-mime"));
+ mismatchedMimes.forEach(frame => {
+ // In case the Server mismatches the Mime Type (sends content X as image/png)
+ // assert that we do not sniff and correct this.
+ let result = frame.contentWindow.document.contentType == "image/png";
+ let sniffTarget = (new URL(frame.src)).search;
+ window.opener.ok(result, `${sniffTarget} send as image/png - was not Sniffed`);
+ });
+
+ let badMimeFrames = Array.from(document.querySelectorAll(".garbage-mime"));
+
+ badMimeFrames.forEach( frame => {
+ // In the case we got a bogous mime, assert that we dont sniff.
+ // We must not default here to text/plain
+ // as the Server at least provided a mime type.
+ let result = frame.contentWindow.document.URL == "about:blank";
+ let sniffTarget = (new URL(frame.src)).search;
+ window.opener.ok(result, `${sniffTarget} send as garbage/garbage - was not Sniffed`);
+ });
+
+ window.opener.SimpleTest.finish();
+ this.close();
+});
+</script>
+</body>
+
+</html> \ No newline at end of file