diff options
Diffstat (limited to '')
84 files changed, 4510 insertions, 0 deletions
diff --git a/dom/security/test/general/browser.ini b/dom/security/test/general/browser.ini new file mode 100644 index 0000000000..62caee52af --- /dev/null +++ b/dom/security/test/general/browser.ini @@ -0,0 +1,40 @@ +[DEFAULT] +[browser_test_toplevel_data_navigations.js] +skip-if = (verify && debug && (os == 'mac')) || (debug && (os == 'mac' || os == 'linux')) # Bug 1403815 +support-files = + file_toplevel_data_navigations.sjs + file_toplevel_data_meta_redirect.html +[browser_test_data_download.js] +support-files = + file_data_download.html +[browser_test_data_text_csv.js] +support-files = + file_data_text_csv.html +[browser_test_view_image_data_navigation.js] +support-files = + file_view_image_data_navigation.html + file_view_bg_image_data_navigation.html +[browser_test_FTP_console_warning.js] +support-files = + file_FTP_console_warning.html +[browser_test_assert_systemprincipal_documents.js] +skip-if = !nightly_build +support-files = + file_assert_systemprincipal_documents.html + file_assert_systemprincipal_documents_iframe.html +[browser_test_referrer_loadInOtherProcess.js] +[browser_test_framing_error_pages.js] +support-files = + file_framing_error_pages_csp.html + file_framing_error_pages_xfo.html + file_framing_error_pages.sjs +[browser_test_xfo_embed_object.js] +support-files = + file_framing_xfo_embed.html + file_framing_xfo_object.html + file_framing_xfo_embed_object.sjs +[browser_test_report_blocking.js] +support-files = + file_framing_error_pages_xfo.html + file_framing_error_pages_csp.html + file_framing_error_pages.sjs diff --git a/dom/security/test/general/browser_test_FTP_console_warning.js b/dom/security/test/general/browser_test_FTP_console_warning.js new file mode 100644 index 0000000000..f39048537d --- /dev/null +++ b/dom/security/test/general/browser_test_FTP_console_warning.js @@ -0,0 +1,45 @@ +// Description of the test: +// Ensure that FTP subresource loads trigger a warning in the webconsole. +"use strict"; + +function scopedCuImport(path) { + const scope = {}; + ChromeUtils.import(path, scope); + return scope; +} + +// These files don't actually exist, we are just looking for messages +// that indicate that loading those files would have been blocked. +var seen_files = ["a.html", "b.html", "c.html", "d.png"]; + +function on_new_message(msgObj) { + let text = msgObj.message; + if ( + text.includes("Loading FTP subresource within http(s) page not allowed") + ) { + // Remove the file in the message from the list. + seen_files = seen_files.filter(file => { + return !text.includes(file); + }); + } +} + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://mochi.test:8888" +); +const kTestURI = kTestPath + "file_FTP_console_warning.html"; + +add_task(async function() { + // A longer timeout is necessary for this test than the plain mochitests + // due to opening a new tab with the web console. + requestLongerTimeout(4); + + Services.console.registerListener(on_new_message); + + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, kTestURI); + await BrowserTestUtils.waitForCondition(() => seen_files.length === 0); + is(seen_files.length, 0, "All FTP subresources should be blocked"); + + Services.console.unregisterListener(on_new_message); +}); diff --git a/dom/security/test/general/browser_test_assert_systemprincipal_documents.js b/dom/security/test/general/browser_test_assert_systemprincipal_documents.js new file mode 100644 index 0000000000..25fb2db735 --- /dev/null +++ b/dom/security/test/general/browser_test_assert_systemprincipal_documents.js @@ -0,0 +1,41 @@ +//"use strict" + +const kTestPath = getRootDirectory(gTestPath); +const kTestURI = kTestPath + "file_assert_systemprincipal_documents.html"; + +add_task(async function setup() { + // We expect the assertion in function + // CheckSystemPrincipalLoads as defined in + // file dom/security/nsContentSecurityManager.cpp + SimpleTest.expectAssertions(1); + + await SpecialPowers.pushPrefEnv({ + set: [ + ["security.disallow_non_local_systemprincipal_in_tests", true], + ["security.allow_unsafe_parent_loads", true], + ], + }); +}); + +add_task(async function open_test_iframe_in_tab() { + // This looks at the iframe (load type SUBDOCUMENT) + await BrowserTestUtils.withNewTab( + { gBrowser, url: kTestURI }, + async browser => { + await SpecialPowers.spawn(browser, [], async function() { + let outerPrincipal = content.document.nodePrincipal; + ok( + outerPrincipal.isSystemPrincipal, + "Sanity: Using SystemPrincipal for test file on chrome://" + ); + const iframeDoc = content.document.getElementById("testframe") + .contentDocument; + is( + iframeDoc.body.innerHTML, + "", + "iframe with systemprincipal should be empty document" + ); + }); + } + ); +}); diff --git a/dom/security/test/general/browser_test_data_download.js b/dom/security/test/general/browser_test_data_download.js new file mode 100644 index 0000000000..387572c125 --- /dev/null +++ b/dom/security/test/general/browser_test_data_download.js @@ -0,0 +1,52 @@ +"use strict"; + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); +const kTestURI = kTestPath + "file_data_download.html"; + +function addWindowListener(aURL, aCallback) { + Services.wm.addListener({ + onOpenWindow(aXULWindow) { + info("window opened, waiting for focus"); + Services.wm.removeListener(this); + var domwindow = aXULWindow.docShell.domWindow; + waitForFocus(function() { + is( + domwindow.document.location.href, + aURL, + "should have seen the right window open" + ); + aCallback(domwindow); + }, domwindow); + }, + onCloseWindow(aXULWindow) {}, + }); +} + +function test() { + waitForExplicitFinish(); + Services.prefs.setBoolPref( + "security.data_uri.block_toplevel_data_uri_navigations", + true + ); + registerCleanupFunction(function() { + Services.prefs.clearUserPref( + "security.data_uri.block_toplevel_data_uri_navigations" + ); + }); + addWindowListener( + "chrome://mozapps/content/downloads/unknownContentType.xhtml", + function(win) { + is( + win.document.getElementById("location").value, + "data-foo.html", + "file name of download should match" + ); + win.close(); + finish(); + } + ); + BrowserTestUtils.loadURI(gBrowser, kTestURI); +} diff --git a/dom/security/test/general/browser_test_data_text_csv.js b/dom/security/test/general/browser_test_data_text_csv.js new file mode 100644 index 0000000000..6a116491e6 --- /dev/null +++ b/dom/security/test/general/browser_test_data_text_csv.js @@ -0,0 +1,47 @@ +"use strict"; + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); +const kTestURI = kTestPath + "file_data_text_csv.html"; + +function addWindowListener(aURL, aCallback) { + return new Promise(resolve => { + Services.wm.addListener({ + onOpenWindow(aXULWindow) { + info("window opened, waiting for focus"); + Services.wm.removeListener(this); + var domwindow = aXULWindow.docShell.domWindow; + waitForFocus(function() { + is( + domwindow.document.location.href, + aURL, + "should have seen the right window open" + ); + resolve(domwindow); + }, domwindow); + }, + onCloseWindow(aXULWindow) {}, + }); + }); +} + +add_task(async function() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let windowPromise = addWindowListener( + "chrome://mozapps/content/downloads/unknownContentType.xhtml" + ); + BrowserTestUtils.loadURI(gBrowser, kTestURI); + let win = await windowPromise; + + let expectedValue = "text/csv;foo,bar,foobar"; + is( + win.document.getElementById("location").value, + expectedValue, + "file name of download should match" + ); + win.close(); +}); diff --git a/dom/security/test/general/browser_test_framing_error_pages.js b/dom/security/test/general/browser_test_framing_error_pages.js new file mode 100644 index 0000000000..5087f25119 --- /dev/null +++ b/dom/security/test/general/browser_test_framing_error_pages.js @@ -0,0 +1,63 @@ +"use strict"; + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); +const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html"; +const kTestXFrameOptionsURIFrame = + kTestPath + "file_framing_error_pages.sjs?xfo"; + +const kTestFrameAncestorsURI = kTestPath + "file_framing_error_pages_csp.html"; +const kTestFrameAncestorsURIFrame = + kTestPath + "file_framing_error_pages.sjs?csp"; + +add_task(async function open_test_xfo_error_page() { + await BrowserTestUtils.withNewTab("about:blank", async function(browser) { + let loaded = BrowserTestUtils.browserLoaded( + browser, + true, + kTestXFrameOptionsURIFrame, + true + ); + BrowserTestUtils.loadURI(browser, kTestXFrameOptionsURI); + await loaded; + + await SpecialPowers.spawn(browser, [], async function() { + const iframeDoc = content.document.getElementById("testframe") + .contentDocument; + let errorPage = iframeDoc.body.innerHTML; + ok( + errorPage.includes( + "This page has an X-Frame-Options policy that prevents it from being loaded in this context" + ), + "xfo error page correct" + ); + }); + }); +}); + +add_task(async function open_test_csp_frame_ancestor_error_page() { + await BrowserTestUtils.withNewTab("about:blank", async function(browser) { + let loaded = BrowserTestUtils.browserLoaded( + browser, + true, + kTestFrameAncestorsURIFrame, + true + ); + BrowserTestUtils.loadURI(browser, kTestFrameAncestorsURI); + await loaded; + + await SpecialPowers.spawn(browser, [], async function() { + const iframeDoc = content.document.getElementById("testframe") + .contentDocument; + let errorPage = iframeDoc.body.innerHTML; + ok( + errorPage.includes( + "This page has a content security policy that prevents it from being loaded in this way" + ), + "csp error page correct" + ); + }); + }); +}); diff --git a/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js b/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js new file mode 100644 index 0000000000..dab8d0d057 --- /dev/null +++ b/dom/security/test/general/browser_test_referrer_loadInOtherProcess.js @@ -0,0 +1,151 @@ +const TEST_PAGE = + "http://example.org/browser/browser/base/content/test/general/dummy_page.html"; +const TEST_REFERRER = "http://mochi.test:8888/"; + +const ReferrerInfo = Components.Constructor( + "@mozilla.org/referrer-info;1", + "nsIReferrerInfo", + "init" +); + +let referrerInfo = new ReferrerInfo( + Ci.nsIReferrerInfo.ORIGIN, + true, + Services.io.newURI(TEST_REFERRER) +); +let deReferrerInfo = E10SUtils.serializeReferrerInfo(referrerInfo); + +var checkResult = async function(isRemote, browserKey, uri) { + is( + gBrowser.selectedBrowser.isRemoteBrowser, + isRemote, + "isRemoteBrowser should be correct" + ); + + is( + gBrowser.selectedBrowser.permanentKey, + browserKey, + "browser.permanentKey should be correct" + ); + + if (SpecialPowers.Services.appinfo.sessionHistoryInParent) { + let sessionHistory = + gBrowser.selectedBrowser.browsingContext.sessionHistory; + let entry = sessionHistory.getEntryAtIndex(sessionHistory.count - 1); + let args = { uri, referrerInfo: deReferrerInfo, isRemote }; + Assert.equal(entry.URI.spec, args.uri, "Uri should be correct"); + + // Main process like about:mozilla does not trigger the real network request. + // So we don't store referrerInfo in sessionHistory in that case. + // Besides, the referrerInfo stored in sessionHistory was computed, we only + // check pre-computed things. + if (args.isRemote) { + let resultReferrerInfo = entry.referrerInfo; + let expectedReferrerInfo = E10SUtils.deserializeReferrerInfo( + args.referrerInfo + ); + + Assert.equal( + resultReferrerInfo.originalReferrer.spec, + expectedReferrerInfo.originalReferrer.spec, + "originalReferrer should be correct" + ); + Assert.equal( + resultReferrerInfo.sendReferrer, + expectedReferrerInfo.sendReferrer, + "sendReferrer should be correct" + ); + Assert.equal( + resultReferrerInfo.referrerPolicy, + expectedReferrerInfo.referrerPolicy, + "referrerPolicy should be correct" + ); + } else { + Assert.equal(entry.referrerInfo, null, "ReferrerInfo should be correct"); + } + + return; + } + + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [{ uri, referrerInfo: deReferrerInfo, isRemote }], + async function(args) { + let webNav = content.docShell.QueryInterface(Ci.nsIWebNavigation); + let sessionHistory = webNav.sessionHistory; + let entry = sessionHistory.legacySHistory.getEntryAtIndex( + sessionHistory.count - 1 + ); + + var { E10SUtils } = SpecialPowers.Cu.import( + "resource://gre/modules/E10SUtils.jsm" + ); + + Assert.equal(entry.URI.spec, args.uri, "Uri should be correct"); + + // Main process like about:mozilla does not trigger the real network request. + // So we don't store referrerInfo in sessionHistory in that case. + // Besides, the referrerInfo stored in sessionHistory was computed, we only + // check pre-computed things. + if (args.isRemote) { + let resultReferrerInfo = entry.referrerInfo; + let expectedReferrerInfo = E10SUtils.deserializeReferrerInfo( + args.referrerInfo + ); + + Assert.equal( + resultReferrerInfo.originalReferrer.spec, + expectedReferrerInfo.originalReferrer.spec, + "originalReferrer should be correct" + ); + Assert.equal( + resultReferrerInfo.sendReferrer, + expectedReferrerInfo.sendReferrer, + "sendReferrer should be correct" + ); + Assert.equal( + resultReferrerInfo.referrerPolicy, + expectedReferrerInfo.referrerPolicy, + "referrerPolicy should be correct" + ); + } else { + Assert.equal( + entry.referrerInfo, + null, + "ReferrerInfo should be correct" + ); + } + } + ); +}; +var waitForLoad = async function(uri) { + info("waitForLoad " + uri); + let loadURIOptions = { + triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), + referrerInfo, + }; + gBrowser.selectedBrowser.webNavigation.loadURI(uri, loadURIOptions); + + await BrowserTestUtils.browserStopped(gBrowser, uri); +}; + +// Tests referrerInfo when navigating from a page in the remote process to main +// process and vice versa. +add_task(async function test_navigation() { + // Navigate from non remote to remote + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank"); + let testURI = TEST_PAGE; + let { permanentKey } = gBrowser.selectedBrowser; + await waitForLoad(testURI); + await checkResult(true, permanentKey, testURI); + gBrowser.removeCurrentTab(); + + // Navigate from remote to non-remote + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TEST_PAGE); + testURI = "about:mozilla"; + permanentKey = gBrowser.selectedBrowser.permanentKey; + await waitForLoad(testURI); + await checkResult(false, permanentKey, testURI); + + gBrowser.removeCurrentTab(); +}); diff --git a/dom/security/test/general/browser_test_report_blocking.js b/dom/security/test/general/browser_test_report_blocking.js new file mode 100644 index 0000000000..5431d635d5 --- /dev/null +++ b/dom/security/test/general/browser_test_report_blocking.js @@ -0,0 +1,225 @@ +"use strict"; + +const { TelemetryArchiveTesting } = ChromeUtils.import( + "resource://testing-common/TelemetryArchiveTesting.jsm" +); + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); + +const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html"; +const kTestCspURI = kTestPath + "file_framing_error_pages_csp.html"; +const kTestXFrameOptionsURIFrame = + kTestPath + "file_framing_error_pages.sjs?xfo"; +const kTestCspURIFrame = kTestPath + "file_framing_error_pages.sjs?csp"; + +const kTestExpectedPingXFO = [ + [["payload", "error_type"], "xfo"], + [["payload", "xfo_header"], "deny"], + [["payload", "csp_header"], ""], + [["payload", "frame_hostname"], "example.com"], + [["payload", "top_hostname"], "example.com"], + [ + ["payload", "frame_uri"], + "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs", + ], + [ + ["payload", "top_uri"], + "http//example.com/browser/dom/security/test/general/file_framing_error_pages_xfo.html", + ], +]; + +const kTestExpectedPingCSP = [ + [["payload", "error_type"], "csp"], + [["payload", "xfo_header"], ""], + [["payload", "csp_header"], "'none'"], + [["payload", "frame_hostname"], "example.com"], + [["payload", "top_hostname"], "example.com"], + [ + ["payload", "frame_uri"], + "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs", + ], + [ + ["payload", "top_uri"], + "http//example.com/browser/dom/security/test/general/file_framing_error_pages_csp.html", + ], +]; + +const TEST_CASES = [ + { + type: "xfo", + test_uri: kTestXFrameOptionsURI, + frame_uri: kTestXFrameOptionsURIFrame, + expected_msg: + "This page has an X-Frame-Options policy that prevents it from being loaded in this context", + expected_ping: kTestExpectedPingXFO, + }, + { + type: "csp", + test_uri: kTestCspURI, + frame_uri: kTestCspURIFrame, + expected_msg: + "This page has a content security policy that prevents it from being loaded in this way", + expected_ping: kTestExpectedPingCSP, + }, +]; + +add_task(async function setup() { + Services.telemetry.setEventRecordingEnabled("security.ui.xfocsperror", true); + + await SpecialPowers.pushPrefEnv({ + set: [ + ["security.xfocsp.errorReporting.enabled", true], + ["security.xfocsp.errorReporting.automatic", false], + ], + }); +}); + +add_task(async function testReportingCases() { + for (const test of TEST_CASES) { + await testReporting(test); + } +}); + +async function testReporting(test) { + // Clear telemetry event before testing. + Services.telemetry.clearEvents(); + + let telemetryChecker = new TelemetryArchiveTesting.Checker(); + await telemetryChecker.promiseInit(); + + let tab = await BrowserTestUtils.openNewForegroundTab( + gBrowser, + "about:blank" + ); + let browser = tab.linkedBrowser; + + let loaded = BrowserTestUtils.browserLoaded( + browser, + true, + test.frame_uri, + true + ); + BrowserTestUtils.loadURI(browser, test.test_uri); + await loaded; + + let { type, expected_msg } = test; + + let frameBC = await SpecialPowers.spawn(browser, [], async _ => { + const iframe = content.document.getElementById("testframe"); + return iframe.browsingContext; + }); + + await SpecialPowers.spawn(frameBC, [{ type, expected_msg }], async obj => { + // Wait until the reporting UI is visible. + await ContentTaskUtils.waitForCondition(() => { + let reportUI = content.document.getElementById("blockingErrorReporting"); + return ContentTaskUtils.is_visible(reportUI); + }); + + let errorPage = content.document.body.innerHTML; + ok(errorPage.includes(obj.expected_msg), `${obj.type} error page correct`); + + let reportCheckBox = content.document.getElementById( + "automaticallyReportBlockingInFuture" + ); + is( + reportCheckBox.checked, + false, + "The checkbox of the reporting ui should be not checked." + ); + + // Click on the checkbox. + await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content); + }); + BrowserTestUtils.removeTab(tab); + + // Open the error page again + tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank"); + browser = tab.linkedBrowser; + + loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true); + BrowserTestUtils.loadURI(browser, test.test_uri); + await loaded; + + frameBC = await SpecialPowers.spawn(browser, [], async _ => { + const iframe = content.document.getElementById("testframe"); + return iframe.browsingContext; + }); + + await SpecialPowers.spawn(frameBC, [], async _ => { + // Wait until the reporting UI is visible. + await ContentTaskUtils.waitForCondition(() => { + let reportUI = content.document.getElementById("blockingErrorReporting"); + return ContentTaskUtils.is_visible(reportUI); + }); + + let reportCheckBox = content.document.getElementById( + "automaticallyReportBlockingInFuture" + ); + is( + reportCheckBox.checked, + true, + "The checkbox of the reporting ui should be checked." + ); + + // Click on the checkbox again to disable the reporting. + await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content); + + is( + reportCheckBox.checked, + false, + "The checkbox of the reporting ui should be unchecked." + ); + }); + BrowserTestUtils.removeTab(tab); + + // Open the error page again to see if the reporting is disabled. + tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank"); + browser = tab.linkedBrowser; + + loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true); + BrowserTestUtils.loadURI(browser, test.test_uri); + await loaded; + + frameBC = await SpecialPowers.spawn(browser, [], async _ => { + const iframe = content.document.getElementById("testframe"); + return iframe.browsingContext; + }); + + await SpecialPowers.spawn(frameBC, [], async _ => { + // Wait until the reporting UI is visible. + await ContentTaskUtils.waitForCondition(() => { + let reportUI = content.document.getElementById("blockingErrorReporting"); + return ContentTaskUtils.is_visible(reportUI); + }); + + let reportCheckBox = content.document.getElementById( + "automaticallyReportBlockingInFuture" + ); + is( + reportCheckBox.checked, + false, + "The checkbox of the reporting ui should be unchecked." + ); + }); + BrowserTestUtils.removeTab(tab); + + // Finally, check if the ping has been archived. + await new Promise(resolve => { + telemetryChecker + .promiseFindPing("xfocsp-error-report", test.expected_ping) + .then( + found => { + ok(found, "Telemetry ping submitted successfully"); + resolve(); + }, + err => { + ok(false, "Exception finding telemetry ping: " + err); + resolve(); + } + ); + }); +} diff --git a/dom/security/test/general/browser_test_toplevel_data_navigations.js b/dom/security/test/general/browser_test_toplevel_data_navigations.js new file mode 100644 index 0000000000..9219047eac --- /dev/null +++ b/dom/security/test/general/browser_test_toplevel_data_navigations.js @@ -0,0 +1,70 @@ +/* eslint-disable mozilla/no-arbitrary-setTimeout */ + +"use strict"; + +const kDataBody = "toplevel navigation to data: URI allowed"; +const kDataURI = "data:text/html,<body>" + kDataBody + "</body>"; +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); +const kRedirectURI = kTestPath + "file_toplevel_data_navigations.sjs"; +const kMetaRedirectURI = kTestPath + "file_toplevel_data_meta_redirect.html"; + +add_task(async function test_nav_data_uri() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + await BrowserTestUtils.withNewTab(kDataURI, async function(browser) { + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [{ kDataBody }], + async function({ kDataBody }) { + // eslint-disable-line + is( + content.document.body.innerHTML, + kDataBody, + "data: URI navigation from system should be allowed" + ); + } + ); + }); +}); + +add_task(async function test_nav_data_uri_redirect() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kRedirectURI); + registerCleanupFunction(async function() { + BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function() { + is( + content.document.body.innerHTML, + "", + "data: URI navigation after server redirect should be blocked" + ); + }); +}); + +add_task(async function test_nav_data_uri_meta_redirect() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kMetaRedirectURI); + registerCleanupFunction(async function() { + BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function() { + is( + content.document.body.innerHTML, + "", + "data: URI navigation after meta redirect should be blocked" + ); + }); +}); diff --git a/dom/security/test/general/browser_test_view_image_data_navigation.js b/dom/security/test/general/browser_test_view_image_data_navigation.js new file mode 100644 index 0000000000..19548b63aa --- /dev/null +++ b/dom/security/test/general/browser_test_view_image_data_navigation.js @@ -0,0 +1,73 @@ +"use strict"; + +add_task(async function test_principal_right_click_open_link_in_new_tab() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + + const TEST_PAGE = + getRootDirectory(gTestPath) + "file_view_image_data_navigation.html"; + + await BrowserTestUtils.withNewTab(TEST_PAGE, async function(browser) { + let loadPromise = BrowserTestUtils.browserLoaded( + gBrowser.selectedBrowser, + true + ); + + // simulate right-click->view-image + BrowserTestUtils.waitForEvent(document, "popupshown", false, event => { + // These are operations that must be executed synchronously with the event. + document.getElementById("context-viewimage").doCommand(); + event.target.hidePopup(); + return true; + }); + BrowserTestUtils.synthesizeMouseAtCenter( + "#testimage", + { type: "contextmenu", button: 2 }, + gBrowser.selectedBrowser + ); + await loadPromise; + + let spec = gBrowser.selectedBrowser.currentURI.spec; + ok( + spec.startsWith("data:image/svg+xml;"), + "data:image/svg navigation allowed through right-click view-image" + ); + }); +}); + +add_task(async function test_right_click_open_bg_image() { + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + + const TEST_PAGE = + getRootDirectory(gTestPath) + "file_view_bg_image_data_navigation.html"; + + await BrowserTestUtils.withNewTab(TEST_PAGE, async function(browser) { + let loadPromise = BrowserTestUtils.browserLoaded( + gBrowser.selectedBrowser, + true + ); + + // simulate right-click->view-bg-image + BrowserTestUtils.waitForEvent(document, "popupshown", false, event => { + // These are operations that must be executed synchronously with the event. + document.getElementById("context-viewbgimage").doCommand(); + event.target.hidePopup(); + return true; + }); + BrowserTestUtils.synthesizeMouseAtCenter( + "#testbody", + { type: "contextmenu", button: 2 }, + gBrowser.selectedBrowser + ); + await loadPromise; + + let spec = gBrowser.selectedBrowser.currentURI.spec; + ok( + spec.startsWith("data:image/svg+xml;"), + "data:image/svg navigation allowed through right-click view-bg-image" + ); + }); +}); diff --git a/dom/security/test/general/browser_test_xfo_embed_object.js b/dom/security/test/general/browser_test_xfo_embed_object.js new file mode 100644 index 0000000000..23ccf609e7 --- /dev/null +++ b/dom/security/test/general/browser_test_xfo_embed_object.js @@ -0,0 +1,42 @@ +"use strict"; + +const kTestPath = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://example.com" +); +const kTestXFOEmbedURI = kTestPath + "file_framing_xfo_embed.html"; +const kTestXFOObjectURI = kTestPath + "file_framing_xfo_object.html"; + +const errorMessage = `The loading of “http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs” in a frame is denied by “X-Frame-Options“ directive set to “deny“`; + +let xfoBlocked = false; + +function onXFOMessage(msgObj) { + const message = msgObj.message; + const logLevel = msgObj.logLevel; + + if (message.includes(errorMessage)) { + ok(true, "XFO error message logged"); + xfoBlocked = true; + } +} + +add_task(async function open_test_xfo_embed_blocked() { + xfoBlocked = false; + await BrowserTestUtils.withNewTab("about:blank", async function(browser) { + Services.console.registerListener(onXFOMessage); + BrowserTestUtils.loadURI(browser, kTestXFOEmbedURI); + await BrowserTestUtils.waitForCondition(() => xfoBlocked == true); + Services.console.unregisterListener(onXFOMessage); + }); +}); + +add_task(async function open_test_xfo_object_blocked() { + xfoBlocked = false; + await BrowserTestUtils.withNewTab("about:blank", async function(browser) { + Services.console.registerListener(onXFOMessage); + BrowserTestUtils.loadURI(browser, kTestXFOObjectURI); + await BrowserTestUtils.waitForCondition(() => xfoBlocked == true); + Services.console.unregisterListener(onXFOMessage); + }); +}); diff --git a/dom/security/test/general/bug1277803.html b/dom/security/test/general/bug1277803.html new file mode 100644 index 0000000000..c8033551a0 --- /dev/null +++ b/dom/security/test/general/bug1277803.html @@ -0,0 +1,11 @@ +<html> + +<head> + <link rel='icon' href='favicon_bug1277803.ico'> +</head> + +<body> +Nothing to see here... +</body> + +</html> diff --git a/dom/security/test/general/chrome.ini b/dom/security/test/general/chrome.ini new file mode 100644 index 0000000000..76608b1e26 --- /dev/null +++ b/dom/security/test/general/chrome.ini @@ -0,0 +1,10 @@ +[DEFAULT] +support-files = + favicon_bug1277803.ico + bug1277803.html + +[test_innerhtml_sanitizer.html] +[test_innerhtml_sanitizer.xhtml] +[test_bug1277803.xhtml] +skip-if = os == 'android' || verify + diff --git a/dom/security/test/general/closeWindow.sjs b/dom/security/test/general/closeWindow.sjs new file mode 100644 index 0000000000..996db36f6f --- /dev/null +++ b/dom/security/test/general/closeWindow.sjs @@ -0,0 +1,24 @@ +const BODY = ` + <script> + opener.postMessage("ok!", "*"); + close(); + </script>`; + +function handleRequest(request, response) { + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("unset")) { + response.setHeader("Set-Cookie", "test=wow", true); + } + + if (request.queryString.includes("none")) { + response.setHeader("Set-Cookie", "test2=wow2; samesite=none", true); + } + + if (request.queryString.includes("lax")) { + response.setHeader("Set-Cookie", "test3=wow3; samesite=lax", true); + } + + response.write(BODY); +} diff --git a/dom/security/test/general/favicon_bug1277803.ico b/dom/security/test/general/favicon_bug1277803.ico Binary files differnew file mode 100644 index 0000000000..d44438903b --- /dev/null +++ b/dom/security/test/general/favicon_bug1277803.ico diff --git a/dom/security/test/general/file_FTP_console_warning.html b/dom/security/test/general/file_FTP_console_warning.html new file mode 100644 index 0000000000..ef711f923f --- /dev/null +++ b/dom/security/test/general/file_FTP_console_warning.html @@ -0,0 +1,14 @@ +<!DOCTYPE HTML> +<html> +<body> +<head> + <meta charset="utf-8"> + <title>FTP subresources</title> +</head> +<body> + <iframe src="ftp://blocked.test/a.html"></iframe> + <iframe srcdoc='<iframe src="ftp://blocked.test/b.html"></iframe>'></iframe> + <iframe src='data:text/html,<iframe src="ftp://blocked.test/c.html"></iframe>'></iframe> + <img src="ftp://blocked.test/d.png"> +</body> +</html>
\ No newline at end of file diff --git a/dom/security/test/general/file_assert_systemprincipal_documents.html b/dom/security/test/general/file_assert_systemprincipal_documents.html new file mode 100644 index 0000000000..2d7ff4d253 --- /dev/null +++ b/dom/security/test/general/file_assert_systemprincipal_documents.html @@ -0,0 +1,11 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1543579: Block web documents loading into system land </title> +</head> +<body> +<h1>This page loads documents from the SystemPrincipal (which should be blocked)</h1> +<iframe type="chrome" id="testframe" src="http://example.com/browser/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html"></iframe> +</body> +</html> + diff --git a/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html b/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html new file mode 100644 index 0000000000..704625a1da --- /dev/null +++ b/dom/security/test/general/file_assert_systemprincipal_documents_iframe.html @@ -0,0 +1,9 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1543579: Block web documents loading into system land </title> +</head> +<body> +<h1>This is the iframe that should not load.</h1> +</body> +</html> diff --git a/dom/security/test/general/file_block_script_wrong_mime_server.sjs b/dom/security/test/general/file_block_script_wrong_mime_server.sjs new file mode 100644 index 0000000000..d6d27796cb --- /dev/null +++ b/dom/security/test/general/file_block_script_wrong_mime_server.sjs @@ -0,0 +1,34 @@ +// Custom *.sjs specifically for the needs of: +// Bug 1288361 - Block scripts with wrong MIME type + +"use strict"; +Components.utils.importGlobalProperties(["URLSearchParams"]); + +const WORKER = ` + onmessage = function(event) { + postMessage("worker-loaded"); + };`; + +function handleRequest(request, response) { + const query = new URLSearchParams(request.queryString); + + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + // Set MIME type + response.setHeader("Content-Type", query.get("mime"), false); + + // Deliver response + switch (query.get("type")) { + case "script": + response.write(""); + break; + case "worker": + response.write(WORKER); + break; + case "worker-import": + response.write(`importScripts("file_block_script_wrong_mime_server.sjs?type=script&mime=${query.get("mime")}");`); + response.write(WORKER); + break; + } +} diff --git a/dom/security/test/general/file_block_subresource_redir_to_data.sjs b/dom/security/test/general/file_block_subresource_redir_to_data.sjs new file mode 100644 index 0000000000..f8a6e9bf6d --- /dev/null +++ b/dom/security/test/general/file_block_subresource_redir_to_data.sjs @@ -0,0 +1,25 @@ +"use strict"; + +let SCRIPT_DATA = "alert('this alert should be blocked');"; +let WORKER_DATA = "onmessage = function(event) { postMessage('worker-loaded'); }"; + +function handleRequest(request, response) +{ + const query = request.queryString; + + response.setHeader("Cache-Control", "no-cache", false); + response.setStatusLine("1.1", 302, "Found"); + + if (query === "script" || query === "modulescript") { + response.setHeader("Location", "data:text/javascript," + escape(SCRIPT_DATA), false); + return; + } + + if (query === "worker") { + response.setHeader("Location", "data:text/javascript," + escape(WORKER_DATA), false); + return; + } + + // we should never get here; just in case return something unexpected + response.write("do'h"); +} diff --git a/dom/security/test/general/file_block_toplevel_data_navigation.html b/dom/security/test/general/file_block_toplevel_data_navigation.html new file mode 100644 index 0000000000..3d83b7ff63 --- /dev/null +++ b/dom/security/test/general/file_block_toplevel_data_navigation.html @@ -0,0 +1,17 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Toplevel data navigation</title> +</head> +<body> +test1: clicking data: URI tries to navigate window<br/> +<!-- postMessage will not be sent if data: URI is blocked --> +<a id="testlink" href="data:text/html,<body><script +window.opener.postMessage('test1','*');</script>toplevel data: URI navigations +should be blocked</body>">click me</a> +<script> + document.getElementById('testlink').click(); +</script> +</body> +</html> diff --git a/dom/security/test/general/file_block_toplevel_data_navigation2.html b/dom/security/test/general/file_block_toplevel_data_navigation2.html new file mode 100644 index 0000000000..3753d23d31 --- /dev/null +++ b/dom/security/test/general/file_block_toplevel_data_navigation2.html @@ -0,0 +1,41 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Toplevel data navigation</title> +</head> +<body> +test2: data: URI in iframe tries to window.open(data:, _blank);<br/> +<iframe id="testFrame" src=""></iframe> +<script> + // GeckoView displays an error page for invalid navigations, + // so catch the security error trying to access the cross-origin error + // document and treat that as blocked. + let DATA_URI = `data:text/html,<body><script> + var win = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>", "_blank"); + setTimeout(function () { + let result = "navigated"; + try { + result = win.document.body.innerHTML === "" ? "blocked" : "navigated"; + } catch (e) { + if (e instanceof DOMException && e.name === "SecurityError") { + result = "blocked"; + } else { + throw e; + } + } + parent.postMessage(result, "*"); + win.close(); + }, 1000); + <\/script></body>`; + + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + // propagate the information back to the caller + window.opener.postMessage(event.data, "*"); + } + document.getElementById('testFrame').src = DATA_URI; +</script> +</body> +</html> diff --git a/dom/security/test/general/file_block_toplevel_data_navigation3.html b/dom/security/test/general/file_block_toplevel_data_navigation3.html new file mode 100644 index 0000000000..3743a72034 --- /dev/null +++ b/dom/security/test/general/file_block_toplevel_data_navigation3.html @@ -0,0 +1,16 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Toplevel data navigation</title> +</head> +<body> +test3: performing data: URI navigation through win.loc.href<br/> +<script> + // postMessage will not be sent if data: URI is blocked + window.location.href = "data:text/html,<body><script>" + + "window.opener.postMessage('test3','*');<\/script>toplevel data: URI " + + "navigations should be blocked</body>"; +</script> +</body> +</html> diff --git a/dom/security/test/general/file_block_toplevel_data_redirect.sjs b/dom/security/test/general/file_block_toplevel_data_redirect.sjs new file mode 100644 index 0000000000..64e294cab1 --- /dev/null +++ b/dom/security/test/general/file_block_toplevel_data_redirect.sjs @@ -0,0 +1,14 @@ +// Custom *.sjs file specifically for the needs of Bug: +// Bug 1394554 - Block toplevel data: URI navigations after redirect + +var DATA_URI = + "<body>toplevel data: URI navigations after redirect should be blocked</body>"; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", "data:text/html," + escape(DATA_URI), false); +} diff --git a/dom/security/test/general/file_cache_splitting_isloaded.sjs b/dom/security/test/general/file_cache_splitting_isloaded.sjs new file mode 100644 index 0000000000..b5eefb5492 --- /dev/null +++ b/dom/security/test/general/file_cache_splitting_isloaded.sjs @@ -0,0 +1,36 @@ +/* + Helper Server - + Send a Request with ?queryResult - response will be the + queryString of the next request. + +*/ +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" +); + +function handleRequest(request, response) { + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + // save the object state of the initial request, which returns + // async once the server has processed the img request. + if (request.queryString.includes("wait")) { + response.processAsync(); + setObjectState("wait", response); + return; + } + + response.write(IMG_BYTES); + + // return the result + getObjectState("wait", function(queryResponse) { + if (!queryResponse) { + return; + } + queryResponse.write("1"); + queryResponse.finish(); + }); + return; +} diff --git a/dom/security/test/general/file_cache_splitting_server.sjs b/dom/security/test/general/file_cache_splitting_server.sjs new file mode 100644 index 0000000000..da75986f74 --- /dev/null +++ b/dom/security/test/general/file_cache_splitting_server.sjs @@ -0,0 +1,27 @@ +function handleRequest(request, response) { + var receivedRequests = parseInt(getState("requests")); + if (isNaN(receivedRequests)) { + receivedRequests = 0; + } + if (request.queryString.includes("state")) { + response.write(receivedRequests); + return; + } + if (request.queryString.includes("flush")) { + setState("requests", "0"); + response.write("OK"); + return; + } + response.setHeader("Cache-Control", "max-age=999999"); // Force caching + response.setHeader("Content-Type", "text/css"); + receivedRequests = receivedRequests + 1; + setState("requests", "" + receivedRequests); + response.write(` + .test{ + color:red; + } + .test h1{ + font-size:200px; + } + `); +} diff --git a/dom/security/test/general/file_cache_splitting_window.html b/dom/security/test/general/file_cache_splitting_window.html new file mode 100644 index 0000000000..2421118e31 --- /dev/null +++ b/dom/security/test/general/file_cache_splitting_window.html @@ -0,0 +1,16 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <title>Document</title> + <link rel="stylesheet" href="http://mochi.test:8888/tests/dom/security/test/general/file_cache_splitting_server.sjs"> +</head> +<body> + <h1>HELLO WORLD!</h1> + + <script> + window.addEventListener("load",()=>{ + fetch("file_cache_splitting_isloaded.sjs"); + }); + </script> +</body> +</html> diff --git a/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs b/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs new file mode 100644 index 0000000000..f0084410a2 --- /dev/null +++ b/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs @@ -0,0 +1,46 @@ +// custom *.sjs for Bug 1255240 + +const TEST_FRAME = ` + <!DOCTYPE HTML> + <html> + <head><meta charset='utf-8'></head> + <body> + <a id='testlink' target='innerframe' href='file_contentpolicytype_targeted_link_iframe.sjs?innerframe'>click me</a> + <iframe name='innerframe'></iframe> + <script type='text/javascript'> + var link = document.getElementById('testlink'); + testlink.click(); + </script> + </body> + </html> `; + +const INNER_FRAME = ` + <!DOCTYPE HTML> + <html> + <head><meta charset='utf-8'></head> + hello world! + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + var queryString = request.queryString; + + if (queryString === "testframe") { + response.write(TEST_FRAME); + return; + } + + if (queryString === "innerframe") { + response.write(INNER_FRAME); + return; + } + + // we should never get here, but just in case + // return something unexpected + response.write("do'h"); +} diff --git a/dom/security/test/general/file_data_download.html b/dom/security/test/general/file_data_download.html new file mode 100644 index 0000000000..4cc92fe8f5 --- /dev/null +++ b/dom/security/test/general/file_data_download.html @@ -0,0 +1,14 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test download attribute for data: URI</title> +</head> +<body> + <a href="data:text/html,<body>data download</body>" download="data-foo.html" id="testlink">download data</a> + <script> + // click the link to have the downoad panel appear + let testlink = document.getElementById("testlink"); + testlink.click(); + </script> + </body> +</html> diff --git a/dom/security/test/general/file_data_text_csv.html b/dom/security/test/general/file_data_text_csv.html new file mode 100644 index 0000000000..a9ac369d16 --- /dev/null +++ b/dom/security/test/general/file_data_text_csv.html @@ -0,0 +1,14 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test open data:text/csv</title> +</head> +<body> + <a href="data:text/csv;foo,bar,foobar" id="testlink">test text/csv</a> + <script> + // click the link to have the downoad panel appear + let testlink = document.getElementById("testlink"); + testlink.click(); + </script> + </body> +</html> diff --git a/dom/security/test/general/file_framing_error_pages.sjs b/dom/security/test/general/file_framing_error_pages.sjs new file mode 100644 index 0000000000..bf669283cc --- /dev/null +++ b/dom/security/test/general/file_framing_error_pages.sjs @@ -0,0 +1,24 @@ +"use strict"; + +function handleRequest(request, response) { + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + let query = request.queryString; + if (query === "xfo") { + response.setHeader("x-frame-options", "deny", false); + response.write("<html>xfo test loaded</html>"); + return; + } + + if (query === "csp") { + response.setHeader("content-security-policy", "frame-ancestors 'none'", false); + response.write("<html>csp test loaded</html>"); + return; + } + + // we should never get here, but just in case + // return something unexpected + response.write("do'h"); +} diff --git a/dom/security/test/general/file_framing_error_pages_csp.html b/dom/security/test/general/file_framing_error_pages_csp.html new file mode 100644 index 0000000000..2817722539 --- /dev/null +++ b/dom/security/test/general/file_framing_error_pages_csp.html @@ -0,0 +1,7 @@ +<!DOCTYPE HTML> +<html> +<body> +iframe should be blocked <br/> +<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?csp" height=800 width=800></iframe> +</body> +</html> diff --git a/dom/security/test/general/file_framing_error_pages_xfo.html b/dom/security/test/general/file_framing_error_pages_xfo.html new file mode 100644 index 0000000000..95dc649fa4 --- /dev/null +++ b/dom/security/test/general/file_framing_error_pages_xfo.html @@ -0,0 +1,7 @@ +<!DOCTYPE HTML> +<html> +<body> +iframe should be blocked <br/> +<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?xfo" height=800 width=800></iframe> +</body> +</html> diff --git a/dom/security/test/general/file_framing_xfo_embed.html b/dom/security/test/general/file_framing_xfo_embed.html new file mode 100644 index 0000000000..2083a31a37 --- /dev/null +++ b/dom/security/test/general/file_framing_xfo_embed.html @@ -0,0 +1,7 @@ +<!DOCTYPE HTML> +<html> +<body> + embed should be blocked <br/> + <embed src="http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs"></embed> +</body> +</html> diff --git a/dom/security/test/general/file_framing_xfo_embed_object.sjs b/dom/security/test/general/file_framing_xfo_embed_object.sjs new file mode 100644 index 0000000000..56616b7930 --- /dev/null +++ b/dom/security/test/general/file_framing_xfo_embed_object.sjs @@ -0,0 +1,7 @@ +"use strict"; + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("x-frame-options", "deny", false); + response.write("<html>doc with x-frame-options: deny</html>"); +} diff --git a/dom/security/test/general/file_framing_xfo_object.html b/dom/security/test/general/file_framing_xfo_object.html new file mode 100644 index 0000000000..1bb79a67f5 --- /dev/null +++ b/dom/security/test/general/file_framing_xfo_object.html @@ -0,0 +1,7 @@ +<!DOCTYPE HTML> +<html> +<body> + object should be blocked <br/> + <object data="http://example.com/browser/dom/security/test/general/file_framing_xfo_embed_object.sjs"></object> +</body> +</html> diff --git a/dom/security/test/general/file_nosniff_navigation.sjs b/dom/security/test/general/file_nosniff_navigation.sjs new file mode 100644 index 0000000000..8d1de13828 --- /dev/null +++ b/dom/security/test/general/file_nosniff_navigation.sjs @@ -0,0 +1,32 @@ +// Custom *.sjs file specifically for the needs of Bug 1286861 + +// small red image +const IMG = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +function getSniffableContent(selector){ + switch(selector){ + case "xml": + return `<?xml version="1.0"?><test/>`; + case "html": + return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`; + case "css": + return `*{ color: pink !important; }`; + case 'json': + return `{ 'test':'yes' }`; + case 'img': + return IMG; + } + return "Basic UTF-8 Text"; +} + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing + response.setHeader("Content-Type","*/*"); // Try Browser to force sniffing. + response.write(getSniffableContent(request.queryString)); + return; +} + diff --git a/dom/security/test/general/file_nosniff_navigation_garbage.sjs b/dom/security/test/general/file_nosniff_navigation_garbage.sjs new file mode 100644 index 0000000000..726c6ecf9e --- /dev/null +++ b/dom/security/test/general/file_nosniff_navigation_garbage.sjs @@ -0,0 +1,33 @@ +// Custom *.sjs file specifically for the needs of Bug 1286861 + +// small red image +const IMG = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +function getSniffableContent(selector){ + switch(selector){ + case "xml": + return `<?xml version="1.0"?><test/>`; + case "html": + return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`; + case 'js': + return `<script> alert("This shouldt not be executed"); </script>` + case "css": + return `*{ color: pink !important; }`; + case 'json': + return `{ 'test':'yes' }`; + case 'img': + return IMG; + } + return "Basic UTF-8 Text"; +} + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing + response.setHeader("Content-Type","garbage/garbage"); // Try Browser to force sniffing. + response.write(getSniffableContent(request.queryString)); + return; +} diff --git a/dom/security/test/general/file_nosniff_navigation_mismatch.sjs b/dom/security/test/general/file_nosniff_navigation_mismatch.sjs new file mode 100644 index 0000000000..3b34389c4b --- /dev/null +++ b/dom/security/test/general/file_nosniff_navigation_mismatch.sjs @@ -0,0 +1,33 @@ +// Custom *.sjs file specifically for the needs of Bug 1286861 + +// small red image +const IMG = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +function getSniffableContent(selector){ + switch(selector){ + case "xml": + return `<?xml version="1.0"?><test/>`; + case "html": + return `<!Doctype html> <html> <head></head> <body> Test test </body></html>`; + case 'js': + return `<script> alert("This shouldt not be executed"); </script>` + case "css": + return `*{ color: pink !important; }`; + case 'json': + return `{ 'test':'yes' }`; + case 'img': + return IMG; + } + return "Basic UTF-8 Text"; +} + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader('X-Content-Type-Options', 'nosniff'); // Disable Sniffing + response.setHeader("Content-Type","image/png"); // Send a wrong mime type + response.write(getSniffableContent(request.queryString)); + return; +} diff --git a/dom/security/test/general/file_nosniff_testserver.sjs b/dom/security/test/general/file_nosniff_testserver.sjs new file mode 100644 index 0000000000..0cf168a3c7 --- /dev/null +++ b/dom/security/test/general/file_nosniff_testserver.sjs @@ -0,0 +1,60 @@ +"use strict"; +Components.utils.importGlobalProperties(["URLSearchParams"]); + +const SCRIPT = "var foo = 24;"; +const CSS = "body { background-color: green; }"; + +// small red image +const IMG = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +function handleRequest(request, response) { + const query = new URLSearchParams(request.queryString); + + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + // set the nosniff header + response.setHeader("X-Content-Type-Options", " NoSniFF , foo ", false); + + if (query.has("cssCorrectType")) { + response.setHeader("Content-Type", "teXt/cSs", false); + response.write(CSS); + return; + } + + if (query.has("cssWrongType")) { + response.setHeader("Content-Type", "text/html", false); + response.write(CSS); + return; + } + + if (query.has("scriptCorrectType")) { + response.setHeader("Content-Type", "appLIcation/jAvaScriPt;blah", false); + response.write(SCRIPT); + return; + } + + if (query.has("scriptWrongType")) { + response.setHeader("Content-Type", "text/html", false); + response.write(SCRIPT); + return; + } + + if (query.has("imgCorrectType")) { + response.setHeader("Content-Type", "iMaGe/pnG;blah", false); + response.write(IMG); + return; + } + + if (query.has("imgWrongType")) { + response.setHeader("Content-Type", "text/html", false); + response.write(IMG); + return; + } + + // we should never get here, but just in case + response.setHeader("Content-Type", "text/html", false); + response.write("do'h"); +} diff --git a/dom/security/test/general/file_same_site_cookies_about.sjs b/dom/security/test/general/file_same_site_cookies_about.sjs new file mode 100644 index 0000000000..877ce7024a --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_about.sjs @@ -0,0 +1,89 @@ +// Custom *.sjs file specifically for the needs of Bug 1454721 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const IFRAME_INC = + `<iframe src='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?inclusion'></iframe>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + // using startsWith and discard the math random + if (request.queryString.startsWith("setSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=mySameSiteAboutCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + // navigation tests + if (request.queryString.includes("loadsrcdocframeNav")) { + let FRAME = ` + <iframe srcdoc="foo" + onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'"> + </iframe>`; + response.write(FRAME); + return; + } + + if (request.queryString.includes("loadblankframeNav")) { + let FRAME = ` + <iframe src="about:blank" + onload="document.location='http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_about.sjs?navigation'"> + </iframe>`; + response.write(FRAME); + return; + } + + // inclusion tets + if (request.queryString.includes("loadsrcdocframeInc")) { + response.write("<iframe srcdoc=\"" + IFRAME_INC + "\"></iframe>"); + return; + } + + if (request.queryString.includes("loadblankframeInc")) { + let FRAME = ` + <iframe id="blankframe" src="about:blank"></iframe> + <script> + document.getElementById("blankframe").contentDocument.write(\"` + IFRAME_INC +`\"); + <\/script>`; + response.write(FRAME); + return; + } + + if (request.queryString.includes("navigation")) { + const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : ""; + response.write(` + <!DOCTYPE html> + <html> + <body> + <script type="application/javascript"> + window.parent.postMessage({result: "${cookies}" }, '*'); + </script> + </body> + </html> + `); + } + + if (request.queryString.includes("inclusion")) { + const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : ""; + response.write(` + <!DOCTYPE html> + <html> + <body> + <script type="application/javascript"> + window.parent.parent.parent.postMessage({result: "${cookies}" }, '*'); + </script> + </body> + </html> + `); + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html b/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html new file mode 100644 index 0000000000..b3456f0b90 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_blob_iframe_inclusion.html @@ -0,0 +1,34 @@ +<html> +<body> +<iframe id="testframe"></iframe> +<script type="application/javascript"> + + // simply passing on the message from the child to parent + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + window.parent.postMessage({result: event.data.result}, '*'); + } + + const NESTED_IFRAME_INCLUSION = ` + <html> + <body> + <script type="application/javascript"> + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + window.parent.postMessage({result: event.data.result}, '*'); + } + <\/script> + <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe> + </body> + </html>`; + + let NESTED_BLOB_IFRAME_INCLUSION = new Blob([NESTED_IFRAME_INCLUSION], {type:'text/html'}); + + // query the testframe and set blob URL + let testframe = document.getElementById("testframe"); + testframe.src = window.URL.createObjectURL(NESTED_BLOB_IFRAME_INCLUSION); +</script> +</body> +</html> diff --git a/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html b/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html new file mode 100644 index 0000000000..815c6a6bfc --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_blob_iframe_navigation.html @@ -0,0 +1,30 @@ +<html> +<body> +<iframe id="testframe"></iframe> +<script type="application/javascript"> + + // simply passing on the message from the child to parent + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + window.parent.postMessage({result: event.data.result}, '*'); + } + + const NESTED_IFRAME_NAVIGATION = ` + <html> + <body> + <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a> + <script type="application/javascript"> + let link = document.getElementById("testlink"); + link.click(); + <\/script> + </body> + </html>`; + let NESTED_BLOB_IFRAME_NAVIGATION = new Blob([NESTED_IFRAME_NAVIGATION], {type:'text/html'}); + + // query the testframe and set blob URL + let testframe = document.getElementById("testframe"); + testframe.src = window.URL.createObjectURL(NESTED_BLOB_IFRAME_NAVIGATION); +</script> +</body> +</html> diff --git a/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs new file mode 100644 index 0000000000..560a6c3f21 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs @@ -0,0 +1,50 @@ +// Custom *.sjs file specifically for the needs of Bug 1452496 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + </head> + <body> + <script type="application/javascript"> + let cookie = document.cookie; + // now reset the cookie for the next test + document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; + window.parent.postMessage({result: cookie}, 'http://mochi.test:8888'); + </script> + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("setSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString.includes("setRegularCookie")) { + response.setHeader("Set-Cookie", "myKey=regularCookie;", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString.includes("loadFrame")) { + response.write(FRAME); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_from_script.sjs b/dom/security/test/general/file_same_site_cookies_from_script.sjs new file mode 100644 index 0000000000..c4818df812 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_from_script.sjs @@ -0,0 +1,49 @@ +// Custom *.sjs file specifically for the needs of Bug 1452496 + +const SET_COOKIE_FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + </head> + <body> + <script type="application/javascript"> + document.cookie = "myKey=sameSiteCookieInlineScript;SameSite=strict"; + </script> + </body> + </html>`; + +const GET_COOKIE_FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + </head> + <body> + <script type="application/javascript"> + let cookie = document.cookie; + // now reset the cookie for the next test + document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; + window.parent.postMessage({result: cookie}, 'http://mochi.test:8888'); + </script> + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("setSameSiteCookieUsingInlineScript")) { + response.write(SET_COOKIE_FRAME); + return; + } + + if (request.queryString.includes("getCookieFrame")) { + response.write(GET_COOKIE_FRAME); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_iframe.sjs b/dom/security/test/general/file_same_site_cookies_iframe.sjs new file mode 100644 index 0000000000..d919250392 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_iframe.sjs @@ -0,0 +1,85 @@ +// Custom *.sjs file specifically for the needs of Bug 1454027 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const NESTED_IFRAME_NAVIGATION = ` + <html> + <body> + <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a> + <script type="application/javascript"> + let link = document.getElementById("testlink"); + link.click(); + <\/script> + </body> + </html>`; + +const NESTED_IFRAME_INCLUSION = ` + <html> + <body> + <script type="application/javascript"> + // simply passing on the message from the child to parent + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + window.parent.postMessage({result: event.data.result}, '*'); + } + <\/script> + <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe> + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + // using startsWith and discard the math random + if (request.queryString.startsWith("setSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=mySameSiteIframeTestCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + // navigation tests + if (request.queryString === "nestedIframeNavigation") { + response.write(NESTED_IFRAME_NAVIGATION); + return; + } + + if (request.queryString === "nestedSandboxIframeNavigation") { + response.setHeader("Content-Security-Policy", "sandbox allow-scripts", false); + response.write(NESTED_IFRAME_NAVIGATION); + return; + } + + // inclusion tests + if (request.queryString === "nestedIframeInclusion") { + response.write(NESTED_IFRAME_INCLUSION); + return; + } + + if (request.queryString === "nestedSandboxIframeInclusion") { + response.setHeader("Content-Security-Policy", "sandbox allow-scripts", false); + response.write(NESTED_IFRAME_INCLUSION); + return; + } + + const cookies = request.hasHeader("Cookie") ? request.getHeader("Cookie") : ""; + response.write(` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1454027 - Update SameSite cookie handling inside iframes</title> + </head> + <body> + <script type="application/javascript"> + window.parent.postMessage({result: "${cookies}" }, '*'); + </script> + </body> + </html> + `); +} diff --git a/dom/security/test/general/file_same_site_cookies_redirect.sjs b/dom/security/test/general/file_same_site_cookies_redirect.sjs new file mode 100644 index 0000000000..7e4d0a0532 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_redirect.sjs @@ -0,0 +1,90 @@ +// Custom *.sjs file specifically for the needs of Bug 1453814 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1453814 - Do not allow same-site cookies for cross origin redirect</title> + </head> + <body> + <script type="application/javascript"> + let cookie = document.cookie; + // now reset the cookie for the next test + document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; + window.parent.postMessage({result: cookie}, 'http://mochi.test:8888'); + </script> + </body> + </html>`; + +const SAME_ORIGIN = "http://mochi.test:8888/" +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs"; + +const FRAME_META_REFRESH_SAME = ` + <html><head> + <meta http-equiv="refresh" content="0; + url='` + SAME_ORIGIN + PATH + `?loadFrame'"> + </head></html>`; + +const FRAME_META_REFRESH_CROSS = ` + <html><head> + <meta http-equiv="refresh" content="0; + url='` + CROSS_ORIGIN + PATH + `?loadFrame'"> + </head></html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString === "setSameSiteCookie") { + response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString === "sameToSameRedirect") { + let URL = SAME_ORIGIN + PATH + "?loadFrame"; + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", URL, false); + return; + } + + if (request.queryString === "sameToCrossRedirect") { + let URL = CROSS_ORIGIN + PATH + "?loadFrame"; + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", URL, false); + return; + } + + if (request.queryString === "crossToSameRedirect") { + let URL = SAME_ORIGIN + PATH + "?loadFrame"; + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", URL, false); + return; + } + + if (request.queryString === "sameToCrossRedirectMeta") { + response.write(FRAME_META_REFRESH_CROSS); + return; + } + + if (request.queryString === "crossToSameRedirectMeta") { + response.write(FRAME_META_REFRESH_SAME); + return; + } + + if (request.queryString === "loadFrame") { + response.write(FRAME); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_subrequest.sjs b/dom/security/test/general/file_same_site_cookies_subrequest.sjs new file mode 100644 index 0000000000..0f663c5836 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_subrequest.sjs @@ -0,0 +1,75 @@ +// Custom *.sjs file specifically for the needs of Bug 1286861 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1286861 - Add support for same site cookies</title> + </head> + <body> + <img src = "http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_subrequest.sjs?checkCookie"> + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("setStrictSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString.includes("setLaxSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + // save the object state of the initial request, which returns + // async once the server has processed the img request. + if (request.queryString.includes("queryresult")) { + response.processAsync(); + setObjectState("queryResult", response); + return; + } + + if (request.queryString.includes("loadFrame")) { + response.write(FRAME); + return; + } + + if (request.queryString.includes("checkCookie")) { + var cookie = "unitialized"; + if (request.hasHeader("Cookie")) { + cookie = request.getHeader("Cookie"); + } + else { + cookie = "myKey=noCookie"; + } + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + + // return the result + getObjectState("queryResult", function(queryResponse) { + if (!queryResponse) { + return; + } + queryResponse.write(cookie); + queryResponse.finish(); + }); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs b/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs new file mode 100644 index 0000000000..c21b219acf --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs @@ -0,0 +1,89 @@ +// Custom *.sjs file specifically for the needs of Bug 1286861 + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); + +const FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1286861 - Add support for same site cookies</title> + </head> + <body> + <script type="application/javascript"> + let myWin = window.open("http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs?loadWin"); + </script> + </body> + </html>`; + +const WIN = ` + <!DOCTYPE html> + <html> + <body> + just a dummy window + <script> + window.addEventListener("load",()=>{ + window.close(); + }); + </script> + </body> + </html>`; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("setStrictSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + if (request.queryString.includes("setLaxSameSiteCookie")) { + response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true); + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + return; + } + + // save the object state of the initial request, which returns + // async once the server has processed the img request. + if (request.queryString.includes("queryresult")) { + response.processAsync(); + setObjectState("queryResult", response); + return; + } + + if (request.queryString.includes("loadFrame")) { + response.write(FRAME); + return; + } + + if (request.queryString.includes("loadWin")) { + var cookie = "unitialized"; + if (request.hasHeader("Cookie")) { + cookie = request.getHeader("Cookie"); + } + else { + cookie = "myKey=noCookie"; + } + response.write(WIN); + + // return the result + getObjectState("queryResult", function(queryResponse) { + if (!queryResponse) { + return; + } + queryResponse.write(cookie); + queryResponse.finish(); + }); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs b/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs new file mode 100644 index 0000000000..1643aa857b --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs @@ -0,0 +1,64 @@ +// Custom *.sjs file specifically for the needs of Bug 1454242 + +const WIN = ` + <html> + <body> + <script type="application/javascript"> + let newWin = window.open("http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs?loadWinAndSetCookie"); + newWin.onload = function() { + newWin.close(); + } + </script> + </body> + </html>`; + +const DUMMY_WIN = ` + <html> + <body> + just a dummy window that sets a same-site=lax cookie + <script type="application/javascript"> + window.opener.opener.postMessage({value: 'testSetupComplete'}, '*'); + </script> + </body> + </html>`; + +const FRAME = ` + <html> + <body> + <script type="application/javascript"> + let cookie = document.cookie; + // now reset the cookie for the next test + document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; + window.parent.postMessage({value: cookie}, 'http://mochi.test:8888'); + </script> + </body> + </html>`; + +const SAME_ORIGIN = "http://mochi.test:8888/" +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs"; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString === "loadWin") { + response.write(WIN); + return; + } + + if (request.queryString === "loadWinAndSetCookie") { + response.setHeader("Set-Cookie", "myKey=laxSameSiteCookie; samesite=lax", true); + response.write(DUMMY_WIN); + return; + } + + if (request.queryString === "checkCookie") { + response.write(FRAME); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} diff --git a/dom/security/test/general/file_sec_fetch_websocket_wsh.py b/dom/security/test/general/file_sec_fetch_websocket_wsh.py new file mode 100644 index 0000000000..b7159c742b --- /dev/null +++ b/dom/security/test/general/file_sec_fetch_websocket_wsh.py @@ -0,0 +1,6 @@ +def web_socket_do_extra_handshake(request): + pass + + +def web_socket_transfer_data(request): + pass diff --git a/dom/security/test/general/file_toplevel_data_meta_redirect.html b/dom/security/test/general/file_toplevel_data_meta_redirect.html new file mode 100644 index 0000000000..e94a61ed48 --- /dev/null +++ b/dom/security/test/general/file_toplevel_data_meta_redirect.html @@ -0,0 +1,10 @@ +<html> +<body> +<head> + <meta http-equiv="refresh" + content="0; url='data:text/html,<body>toplevel meta redirect to data: URI should be blocked</body>'"> +</head> +<body> +Meta Redirect to data: URI +</body> +</html> diff --git a/dom/security/test/general/file_toplevel_data_navigations.sjs b/dom/security/test/general/file_toplevel_data_navigations.sjs new file mode 100644 index 0000000000..501b833e5d --- /dev/null +++ b/dom/security/test/general/file_toplevel_data_navigations.sjs @@ -0,0 +1,14 @@ +// Custom *.sjs file specifically for the needs of Bug: +// Bug 1394554 - Block toplevel data: URI navigations after redirect + +var DATA_URI = + "data:text/html,<body>toplevel data: URI navigations after redirect should be blocked</body>"; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", DATA_URI, false); +} diff --git a/dom/security/test/general/file_view_bg_image_data_navigation.html b/dom/security/test/general/file_view_bg_image_data_navigation.html new file mode 100644 index 0000000000..d9aa6ca8b6 --- /dev/null +++ b/dom/security/test/general/file_view_bg_image_data_navigation.html @@ -0,0 +1,16 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1658244: Test navigation for right-click view-bg-image on "); + color: #ccc; +} +</style> +</head> +<body id="testbody"> + This page has an inline SVG image as a background. +</body> +</html> diff --git a/dom/security/test/general/file_view_image_data_navigation.html b/dom/security/test/general/file_view_image_data_navigation.html new file mode 100644 index 0000000000..a3f9acfb4d --- /dev/null +++ b/dom/security/test/general/file_view_image_data_navigation.html @@ -0,0 +1,12 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1407891: Test navigation for right-click view-image on "></img> + +</body> +</html> diff --git a/dom/security/test/general/file_xfo_error_page.sjs b/dom/security/test/general/file_xfo_error_page.sjs new file mode 100644 index 0000000000..b1fa33cbd4 --- /dev/null +++ b/dom/security/test/general/file_xfo_error_page.sjs @@ -0,0 +1,8 @@ +"use strict"; + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + response.setHeader("x-frame-options", "deny", false); + response.write("<html>xfo test loaded</html>"); +} diff --git a/dom/security/test/general/mochitest.ini b/dom/security/test/general/mochitest.ini new file mode 100644 index 0000000000..b6ebeae148 --- /dev/null +++ b/dom/security/test/general/mochitest.ini @@ -0,0 +1,66 @@ +[DEFAULT] +support-files = + file_contentpolicytype_targeted_link_iframe.sjs + file_nosniff_testserver.sjs + file_nosniff_navigation.sjs + file_nosniff_navigation_mismatch.sjs + file_nosniff_navigation_garbage.sjs + file_block_script_wrong_mime_server.sjs + file_block_toplevel_data_navigation.html + file_block_toplevel_data_navigation2.html + file_block_toplevel_data_navigation3.html + file_block_toplevel_data_redirect.sjs + file_block_subresource_redir_to_data.sjs + file_same_site_cookies_subrequest.sjs + file_same_site_cookies_toplevel_nav.sjs + file_same_site_cookies_cross_origin_context.sjs + file_same_site_cookies_from_script.sjs + file_same_site_cookies_redirect.sjs + file_same_site_cookies_toplevel_set_cookie.sjs + file_same_site_cookies_blob_iframe_navigation.html + file_same_site_cookies_blob_iframe_inclusion.html + file_same_site_cookies_iframe.sjs + file_same_site_cookies_about.sjs + file_cache_splitting_server.sjs + file_cache_splitting_isloaded.sjs + file_cache_splitting_window.html + window_nosniff_navigation.html + + +[test_contentpolicytype_targeted_link_iframe.html] +[test_nosniff.html] +[test_cache_split.html] +[test_nosniff_navigation.html] +[test_block_script_wrong_mime.html] +[test_block_toplevel_data_navigation.html] +[test_block_toplevel_data_img_navigation.html] +[test_allow_opening_data_pdf.html] +skip-if = toolkit == 'android' # no pdf reader on Android +[test_allow_opening_data_json.html] +[test_block_subresource_redir_to_data.html] +[test_same_site_cookies_subrequest.html] +fail-if = xorigin # Cookies set incorrectly +[test_same_site_cookies_toplevel_nav.html] +fail-if = xorigin +[test_same_site_cookies_cross_origin_context.html] +[test_same_site_cookies_from_script.html] +fail-if = xorigin +[test_same_site_cookies_redirect.html] +fail-if = xorigin +[test_same_site_cookies_toplevel_set_cookie.html] +fail-if = xorigin # Cookies not set +[test_same_site_cookies_iframe.html] +fail-if = xorigin +[test_same_site_cookies_about.html] +fail-if = xorigin +[test_assert_about_page_no_csp.html] +skip-if = !debug +[test_same_site_cookies_laxByDefault.html] +skip-if = debug +support-files = closeWindow.sjs +[test_xfo_error_page.html] +support-files = file_xfo_error_page.sjs +[test_sec_fetch_websocket.html] +skip-if = toolkit == 'android' # no websocket support Bug 982828 +support-files = file_sec_fetch_websocket_wsh.py +[test_bug1450853.html]
\ No newline at end of file diff --git a/dom/security/test/general/test_allow_opening_data_json.html b/dom/security/test/general/test_allow_opening_data_json.html new file mode 100644 index 0000000000..4b37931e1f --- /dev/null +++ b/dom/security/test/general/test_allow_opening_data_json.html @@ -0,0 +1,39 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1403814: Allow toplevel data URI navigation data:application/json</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script class="testbody" type="text/javascript"> + +SimpleTest.waitForExplicitFinish(); + +function test_toplevel_data_json() { + const DATA_JSON = "data:application/json,{'my_json_key':'my_json_value'}"; + + let win = window.open(DATA_JSON); + let wrappedWin = SpecialPowers.wrap(win); + + // Unfortunately we can't detect whether the JSON has loaded or not using some + // event, hence we are constantly polling location.href till we see that + // the data: URI appears. Test times out on failure. + var jsonLoaded = setInterval(function() { + if (wrappedWin.document.location.href.startsWith("data:application/json")) { + clearInterval(jsonLoaded); + ok(true, "navigating to data:application/json allowed"); + wrappedWin.close(); + SimpleTest.finish(); + } + }, 200); +} + +SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]] +}, test_toplevel_data_json); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_allow_opening_data_pdf.html b/dom/security/test/general/test_allow_opening_data_pdf.html new file mode 100644 index 0000000000..007b3e8801 --- /dev/null +++ b/dom/security/test/general/test_allow_opening_data_pdf.html @@ -0,0 +1,41 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1398692: Allow toplevel navigation to a data:application/pdf</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script class="testbody" type="text/javascript"> + +SimpleTest.waitForExplicitFinish(); + +function test_toplevel_data_pdf() { + // The PDF contains one page and it is a 3/72" square, the minimum allowed by the spec + const DATA_PDF = + "data:application/pdf;base64,JVBERi0xLjANCjEgMCBvYmo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFI+PmVuZG9iaiAyIDAgb2JqPDwvVHlwZS9QYWdlcy9LaWRzWzMgMCBSXS9Db3VudCAxPj5lbmRvYmogMyAwIG9iajw8L1R5cGUvUGFnZS9NZWRpYUJveFswIDAgMyAzXT4+ZW5kb2JqDQp4cmVmDQowIDQNCjAwMDAwMDAwMDAgNjU1MzUgZg0KMDAwMDAwMDAxMCAwMDAwMCBuDQowMDAwMDAwMDUzIDAwMDAwIG4NCjAwMDAwMDAxMDIgMDAwMDAgbg0KdHJhaWxlcjw8L1NpemUgNC9Sb290IDEgMCBSPj4NCnN0YXJ0eHJlZg0KMTQ5DQolRU9G"; + + let win = window.open(DATA_PDF); + let wrappedWin = SpecialPowers.wrap(win); + + // Unfortunately we can't detect whether the PDF has loaded or not using some + // event, hence we are constantly polling location.href till we see that + // the data: URI appears. Test times out on failure. + var pdfLoaded = setInterval(function() { + if (wrappedWin.document.location.href.startsWith("data:application/pdf")) { + clearInterval(pdfLoaded); + ok(true, "navigating to data:application/pdf allowed"); + wrappedWin.close(); + SimpleTest.finish(); + } + }, 200); +} + +SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", true]] +}, test_toplevel_data_pdf); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_assert_about_page_no_csp.html b/dom/security/test/general/test_assert_about_page_no_csp.html new file mode 100644 index 0000000000..06be4ce460 --- /dev/null +++ b/dom/security/test/general/test_assert_about_page_no_csp.html @@ -0,0 +1,30 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1490977: Test Assertion if content privileged about: page has no CSP</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe id="testframe"></iframe> +<script class="testbody" type="text/javascript"> + + // Test Setup: The test overrules the allowlist of about: pages that are allowed to load + // without a CSP and makes sure to hit the assertion within AssertAboutPageHasCSP(). + + SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", true); + + SimpleTest.waitForExplicitFinish(); + SimpleTest.expectAssertions(0, 1); + + ok(true, "sanity: prefs flipped and test runs"); + let myFrame = document.getElementById("testframe"); + myFrame.src = "about:blank"; + // booom :-) + + SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", false); + SimpleTest.finish(); +</script> +</pre> +</body> +</html> diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html new file mode 100644 index 0000000000..93a4b9d220 --- /dev/null +++ b/dom/security/test/general/test_block_script_wrong_mime.html @@ -0,0 +1,92 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1288361 - Block scripts with incorrect MIME type</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<script class="testbody" type="text/javascript"> + +const MIMETypes = [ + ["application/javascript", true], + ["text/javascript", true], + + ["audio/mpeg", false], + ["audio/", false], + ["image/jpeg", false], + ["image/", false], + ["video/mpeg", false], + ["video/", false], + ["text/csv", false], +]; + +// <script src=""> +function testScript([mime, shouldLoad]) { + return new Promise((resolve, reject) => { + let script = document.createElement("script"); + script.onload = () => { + document.body.removeChild(script); + ok(shouldLoad, `script with mime '${mime}' should load`); + resolve(); + }; + script.onerror = () => { + document.body.removeChild(script); + ok(!shouldLoad, `script with wrong mime '${mime}' should be blocked`); + resolve(); + }; + script.src = "file_block_script_wrong_mime_server.sjs?type=script&mime="+mime; + document.body.appendChild(script); + }); +} + +// new Worker() +function testWorker([mime, shouldLoad]) { + return new Promise((resolve, reject) => { + let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime); + worker.onmessage = (event) => { + ok(shouldLoad, `worker with mime '${mime}' should load`) + is(event.data, "worker-loaded", "worker should send correct message"); + resolve(); + }; + worker.onerror = (error) => { + ok(!shouldLoad, `worker with wrong mime '${mime}' should be blocked`); + error.preventDefault(); + resolve(); + } + worker.postMessage("dummy"); + }); +} + +// new Worker() with importScripts() +function testWorkerImportScripts([mime, shouldLoad]) { + return new Promise((resolve, reject) => { + let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime); + worker.onmessage = (event) => { + ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`) + is(event.data, "worker-loaded", "worker should send correct message"); + resolve(); + }; + worker.onerror = (error) => { + ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`); + error.preventDefault(); + resolve(); + } + worker.postMessage("dummy"); + }); +} + +SimpleTest.waitForExplicitFinish(); +Promise.all(MIMETypes.map(testScript)).then(() => { + return Promise.all(MIMETypes.map(testWorker)); +}).then(() => { + return Promise.all(MIMETypes.map(testWorkerImportScripts)); +}).then(() => { + return SpecialPowers.popPrefEnv(); +}).then(SimpleTest.finish); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_block_subresource_redir_to_data.html b/dom/security/test/general/test_block_subresource_redir_to_data.html new file mode 100644 index 0000000000..eafb6b5d83 --- /dev/null +++ b/dom/security/test/general/test_block_subresource_redir_to_data.html @@ -0,0 +1,68 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1428793: Block insecure redirects to data: URIs</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<script id="testScriptRedirectToData"></script> +<script id="testModuleScriptRedirectToData" type="module"></script> + +<script class="testbody" type="text/javascript"> + +SimpleTest.waitForExplicitFinish(); +const NUM_TESTS = 3; + +var testCounter = 0; +function checkFinish() { + testCounter++; + if (testCounter === NUM_TESTS) { + SimpleTest.finish(); + } +} + +// --- test regular scripts +let testScriptRedirectToData = document.getElementById("testScriptRedirectToData"); +testScriptRedirectToData.onerror = function() { + ok(true, "script that redirects to data: URI should not load"); + checkFinish(); +} +testScriptRedirectToData.onload = function() { + ok(false, "script that redirects to data: URI should not load"); + checkFinish(); +} +testScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?script"; + +// --- test workers +let worker = new Worker("file_block_subresource_redir_to_data.sjs?worker"); +worker.onerror = function() { + // please note that workers need to be same origin, hence the data: URI + // redirect is blocked by worker code and not the content security manager! + ok(true, "worker script that redirects to data: URI should not load"); + checkFinish(); +} +worker.onmessage = function() { + ok(false, "worker script that redirects to data: URI should not load"); + checkFinish(); +}; +worker.postMessage("dummy"); + +// --- test script modules +SpecialPowers.pushPrefEnv({set: [["dom.moduleScripts.enabled", true]]}, function() { + let testModuleScriptRedirectToData = document.getElementById("testModuleScriptRedirectToData"); + testModuleScriptRedirectToData.onerror = function() { + ok(true, "module script that redirects to data: URI should not load"); + checkFinish(); + } + testModuleScriptRedirectToData.onload = function() { + ok(false, "module script that redirects to data: URI should not load"); + checkFinish(); + } + testModuleScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?modulescript"; +}); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_block_toplevel_data_img_navigation.html b/dom/security/test/general/test_block_toplevel_data_img_navigation.html new file mode 100644 index 0000000000..07e46b1f2f --- /dev/null +++ b/dom/security/test/general/test_block_toplevel_data_img_navigation.html @@ -0,0 +1,53 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1396798: Do not block toplevel data: navigation to image (except svgs)</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script class="testbody" type="text/javascript"> +SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true); +SimpleTest.registerCleanupFunction(() => { + SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations"); +}); + +SimpleTest.waitForExplicitFinish(); +SimpleTest.requestFlakyTimeout("have to test that top level data:image loading is blocked/allowed"); + +function test_toplevel_data_image() { + const DATA_PNG = + ""; + let win1 = window.open(DATA_PNG); + let wrappedWin1 = SpecialPowers.wrap(win1); + setTimeout(function () { + let images = wrappedWin1.document.getElementsByTagName('img'); + is(images.length, 1, "Loading data:image/png should be allowed"); + is(images[0].src, DATA_PNG, "Sanity: img src matches"); + wrappedWin1.close(); + test_toplevel_data_image_svg(); + }, 1000); +} + +function test_toplevel_data_image_svg() { + const DATA_SVG = + ""; + let win2 = window.open(DATA_SVG); + // Unfortunately we can't detect whether the window was closed using some event, + // hence we are constantly polling till we see that win == null. + // Test times out on failure. + var win2Closed = setInterval(function() { + if (win2 == null || win2.closed) { + clearInterval(win2Closed); + ok(true, "Loading data:image/svg+xml should be blocked"); + SimpleTest.finish(); + } + }, 200); +} +// fire up the tests +test_toplevel_data_image(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_block_toplevel_data_navigation.html b/dom/security/test/general/test_block_toplevel_data_navigation.html new file mode 100644 index 0000000000..54105f4196 --- /dev/null +++ b/dom/security/test/general/test_block_toplevel_data_navigation.html @@ -0,0 +1,148 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1331351 - Block top level window data: URI navigations</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script class="testbody" type="text/javascript"> +SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true); +SimpleTest.registerCleanupFunction(() => { + SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations"); +}); + +SimpleTest.waitForExplicitFinish(); +SimpleTest.requestFlakyTimeout("have to test that top level data: URI navgiation is blocked"); + +var testsToRun = { + test1: false, + test3: false, +}; + +// test1 and test3 event messages will not be received if toplevel data: URI +// is blocked. +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + switch (event.data) { + case "test1": + testsToRun.test1 = true; + break; + case "test3": + testsToRun.test3 = true; + break; + } +} + +function test1() { + // simple data: URI click navigation should be prevented + let TEST_FILE = "file_block_toplevel_data_navigation.html"; + let win1 = window.open(TEST_FILE); + // testsToRun["test1"] will be false if toplevel data: URI is blocked + setTimeout(function () { + is(testsToRun.test1, false, + "toplevel data: URI navigation through click() should be blocked"); + win1.close(); + test2(); + }, 1000); +} + +function test2() { + // data: URI in iframe which opens data: URI in _blank should be blocked + let win2 = window.open("file_block_toplevel_data_navigation2.html"); + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + is(event.data, "blocked", + "data: URI navigation using _blank from data: URI should be blocked"); + win2.close(); + test3(); + } +} + +function test3() { + // navigating to a data: URI using window.location.href should be blocked + let win3 = window.open("file_block_toplevel_data_navigation3.html"); + // testsToRun["test3"] will be false if toplevel data: URI is blocked + setTimeout(function () { + is(testsToRun.test3, false, + "data: URI navigation through win.loc.href should be blocked"); + win3.close(); + test4(); + }, 1000); +} + +function test4() { + // navigating to a data: URI using window.open() should be blocked + let win4 = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>"); + setTimeout(function () { + // Please note that the data: URI will be displayed in the URL-Bar but not + // loaded, hence we rather rely on document.body than document.location + // GeckoView displays an error page for invalid navigations, + // so catch the case where we're not allowed to access to (cross-origin) + // error document and treat that as blocked. + let body = "Error"; + try { + body = win4.document.body.innerHTML; + } catch (e) { + if (e instanceof DOMException && e.name === "SecurityError") { + body = ""; + } else { + throw e; + } + } + is(body, "", "navigating to a data: URI using window.open() should be blocked"); + test5(); + }, 1000); +} + +function test5() { + // navigating to a URI which redirects to a data: URI using window.open() should be blocked + let win5 = window.open("file_block_toplevel_data_redirect.sjs"); + setTimeout(function () { + // Please note that the data: URI will be displayed in the URL-Bar but not + // loaded, hence we rather rely on document.body than document.location + let body = "Error"; + try { + body = win5.document.body.innerHTML; + } catch (e) { + if (e instanceof DOMException && e.name === "SecurityError") { + body = ""; + } else { + throw e; + } + } + is(body, "", "navigating to URI which redirects to a data: URI using window.open() should be blocked"); + win5.close(); + test6(); + }, 1000); +} + +function test6() { + // navigating to a data: URI without a Content Type should be blocked + let win6 = window.open("data:DataURIsWithNoContentTypeShouldBeBlocked"); + setTimeout(function () { + let body = "Error"; + try { + body = win6.document.body.innerHTML; + } catch (e) { + if (e instanceof DOMException && e.name === "SecurityError") { + body = ""; + } else { + throw e; + } + } + is(body, "", "navigating to a data: URI without a Content Type should be blocked"); + win6.close(); + SimpleTest.finish(); + }, 1000); +} + +// fire up the tests +test1(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_bug1277803.xhtml b/dom/security/test/general/test_bug1277803.xhtml new file mode 100644 index 0000000000..482dd6b916 --- /dev/null +++ b/dom/security/test/general/test_bug1277803.xhtml @@ -0,0 +1,72 @@ +<?xml version="1.0"?> +<?xml-stylesheet href="chrome://global/skin" type="text/css"?> +<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?> + +<window title="Bug 1277803 test" + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" + width="600" + height="600" + onload="runTest();"> + + <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/> + + <body xmlns="http://www.w3.org/1999/xhtml"> + </body> + + <script type="application/javascript"><![CDATA[ + SimpleTest.requestCompleteLog(); + let makeURI = ChromeUtils.import("resource://gre/modules/BrowserUtils.jsm", {}).BrowserUtils.makeURI; + + const BASE_URI = "http://mochi.test:8888/chrome/dom/security/test/general/"; + const FAVICON_URI = BASE_URI + "favicon_bug1277803.ico"; + const LOADING_URI = BASE_URI + "bug1277803.html"; + let testWindow; //will be used to trigger favicon load + + let securityManager = Cc["@mozilla.org/scriptsecuritymanager;1"]. + getService(Ci.nsIScriptSecurityManager); + let expectedPrincipal = securityManager.createContentPrincipal(makeURI(LOADING_URI), {}); + let systemPrincipal = Cc["@mozilla.org/systemprincipal;1"].createInstance(); + + function runTest() { + // Register our observer to intercept favicon requests. + let os = Cc["@mozilla.org/observer-service;1"]. + getService(Ci.nsIObserverService); + let observer = { + observe: function(aSubject, aTopic, aData) + { + // Make sure this is a favicon request. + let httpChannel = aSubject.QueryInterface(Ci.nsIHttpChannel); + if (FAVICON_URI != httpChannel.URI.spec) { + return; + } + + // Ensure the topic is the one we set an observer for. + is(aTopic, "http-on-modify-request", "Expected observer topic"); + + // Check for the correct loadingPrincipal, triggeringPrincipal. + let triggeringPrincipal = httpChannel.loadInfo.triggeringPrincipal; + let loadingPrincipal = httpChannel.loadInfo.loadingPrincipal; + + ok(loadingPrincipal.equals(expectedPrincipal), "Should be loading with the expected principal."); + ok(triggeringPrincipal.equals(expectedPrincipal), "Should be triggered with the expected principal."); + + os.removeObserver(this, "http-on-modify-request"); + SimpleTest.finish(); + } + } + os.addObserver(observer, "http-on-modify-request"); + + // Now that the observer is set up, trigger a favicon load with navigation + testWindow = window.open(LOADING_URI); + } + + SimpleTest.waitForExplicitFinish(); + SimpleTest.registerCleanupFunction(function() { + if (testWindow) { + testWindow.close(); + } + }); + ]]></script> + + <browser type="content" primary="true" flex="1" id="content" src="about:blank"/> +</window> diff --git a/dom/security/test/general/test_bug1450853.html b/dom/security/test/general/test_bug1450853.html new file mode 100644 index 0000000000..ffbc654d8f --- /dev/null +++ b/dom/security/test/general/test_bug1450853.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=1450853 +--> +<head> +<meta charset="utf-8"> +<title>Test for Cross-origin resouce status leak via MediaError</title> +<script src="/tests/SimpleTest/SimpleTest.js"></script> +<script src="/tests/SimpleTest/ChromeTask.js"></script> +<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/> + +<audio autoplay id="audio"></audio> + +<script type="application/javascript"> + +/** Test for Bug 1450853 **/ +CONST_GENERIC_ERROR_MESSAGE = "Failed to open media"; + +add_task(function() { + return new Promise((resolve) => { + let audioElement = document.getElementById("audio"); + + audioElement.onerror = function() { + let err = this.error; + let message = err.message; + info(`Got Audio Error -> ${message}`); + ok(message.includes("404"), "Same-Origin Error Message may contain status data"); + resolve(); + }; + audioElement.src = "/media/test.mp3"; + }); +}); + +add_task(function() { + return new Promise((resolve) => { + let audioElement = document.getElementById("audio"); + + audioElement.onerror = function() { + let err = this.error; + let message = err.message; + + info(`Got Audio Error -> ${message}`); + is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic"); + resolve(); + }; + audioElement.src = "https://example.com/media/test.mp3"; + }); +}); + +</script> +</head> + +<body> + <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a> + <iframe width="0" height="0"></iframe> + </body> +</html> diff --git a/dom/security/test/general/test_cache_split.html b/dom/security/test/general/test_cache_split.html new file mode 100644 index 0000000000..0696b9f2ca --- /dev/null +++ b/dom/security/test/general/test_cache_split.html @@ -0,0 +1,159 @@ +<!DOCTYPE HTML> +<html> + +<head> + <title>Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <script src="/tests/SimpleTest/ChromeTask.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> + +<body> + <img id="cookieImage"> + <script class="testbody" type="text/javascript"> + SimpleTest.requestLongerTimeout(2); + + const SAME_ORIGIN = "http://mochi.test:8888/" + const CROSS_ORIGIN = "http://example.com/"; + const PATH = "file_cache_splitting_server.sjs"; + + const Ci = SpecialPowers.Ci; + + async function getCount() { + return fetch(`${PATH}?state`).then(r => r.text()); + } + async function resetCount() { + return fetch(`${PATH}?flush`).then(r => r.text()); + } + async function ensureLoaded() { + // This Fetch is geting the Response "1", once file_cache_splitting_isloaded + // gets a request without a query String issued from the cache_splitting_window.html + info("Waiting for Pageload"); + let result = await fetch("file_cache_splitting_isloaded.sjs?wait").then(r => r.text); + info("Page has been Loaded"); + return result; + } + + + async function openAndLoadWindow(origin) { + let isLoaded = ensureLoaded(); + let url = `${origin}tests/dom/security/test/general/file_cache_splitting_window.html`; + let w = window.open(url); + let ew = SpecialPowers.wrap(w); + await isLoaded; + return w; + } + + async function checkStep(step = [SAME_ORIGIN, 1], name) { + info(`Doing Step ${JSON.stringify(step)}`); + let url = step[0]; + let should_count = step[1]; + let w = await openAndLoadWindow(url); + let count = await getCount(); + ok( + count == should_count, + `${name} req to: ${ + url == SAME_ORIGIN ? "Same Origin" : "Cross Origin" + } expected ${should_count} request to Server, got ${count}` + ); + w.close() + } + async function clearCache(){ + info("Clearing Cache"); + SpecialPowers.DOMWindowUtils.clearSharedStyleSheetCache(); + await ChromeTask.spawn(null,(()=>{ + Services.cache2.clear(); + })); + } + async function runTest(test) { + info(`Starting Job with - ${test.steps.length} - Requests`); + await resetCount(); + let { prefs, steps, name } = test; + await SpecialPowers.pushPrefEnv(prefs); + for (let step of steps) { + await checkStep(step, name); + } + await clearCache(); + }; + + + add_task( + async () => + await runTest({ + name: `Isolated Cache`, + steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]], + prefs: { + set: [ + ["browser.cache.cache_isolation", true], + ["privacy.partition.network_state", false] + ], + }, + }) + ); + // Negative Test: The CROSS_ORIGIN should be able to + // acess the cache of SAME_ORIGIN + add_task( + async () => + await runTest({ + name: `Non Isolated Cache`, + steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 1]], + prefs: { + set: [ + ["browser.cache.cache_isolation", false], + ["privacy.partition.network_state", false] + ], + }, + }) + ); + // Test that FPI does not affect Cache Isolation + add_task( + async () => + await runTest({ + name: `FPI interaction`, + steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]], + prefs: { + set: [ + ["privacy.firstparty.isolate", true], + ["browser.cache.cache_isolation", true], + ["privacy.partition.network_state", false], + ], + }, + }) + ); + // Test that cookieBehavior does not affect Cache Isolation + for (let i = 0; i < Ci.nsICookieService.BEHAVIOR_LAST ; i++) { + add_task( + async () => + await runTest({ + name: `cookieBehavior interaction ${i}`, + steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]], + prefs: { + set: [ + ["privacy.firstparty.isolate", false], + ["browser.cache.cache_isolation", true], + ["network.cookie.cookieBehavior", i], + ["privacy.partition.network_state", false], + ], + }, + }) + ); + } + add_task( + async () => + await runTest({ + name: `FPI interaction - 2`, + steps: [[SAME_ORIGIN, 1], [SAME_ORIGIN, 1], [CROSS_ORIGIN, 2]], + prefs: { + set: [ + ["privacy.firstparty.isolate", true], + ["browser.cache.cache_isolation", false], + ["privacy.partition.network_state", false], + ], + }, + }) + ); + + </script> +</body> + +</html> diff --git a/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html b/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html new file mode 100644 index 0000000000..b972854b79 --- /dev/null +++ b/dom/security/test/general/test_contentpolicytype_targeted_link_iframe.html @@ -0,0 +1,106 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1255240 - Test content policy types within content policies for targeted links in iframes</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * Let's load a link into a targeted iframe and make sure the content policy + * type used for content policy checks is of TYPE_SUBDOCUMENT. + */ + +function createChromeScript() { + var categoryManager = Cc["@mozilla.org/categorymanager;1"].getService( + Ci.nsICategoryManager + ); + + const POLICYNAME = "@mozilla.org/testpolicy;1"; + const POLICYID = Components.ID("{6cc95ef3-40e1-4d59-87f0-86f100373227}"); + const EXPECTED_URL = + "http://mochi.test:8888/tests/dom/security/test/general/file_contentpolicytype_targeted_link_iframe.sjs?innerframe"; + + var policy = { + // nsISupports implementation + QueryInterface: ChromeUtils.generateQI([ + "nsIFactory", + "nsIContentPolicy", + ]), + + // nsIFactory implementation + createInstance(outer, iid) { + return this.QueryInterface(iid); + }, + + // nsIContentPolicy implementation + shouldLoad(contentLocation, loadInfo, mimeTypeGuess) { + if (contentLocation.asciiSpec === EXPECTED_URL) { + sendAsyncMessage("loadBlocked", { policyType: loadInfo.externalContentPolicyType}); + categoryManager.deleteCategoryEntry( + "content-policy", + POLICYNAME, + false + ); + componentManager.unregisterFactory(POLICYID, policy); + return Ci.nsIContentPolicy.REJECT_REQUEST; + } + return Ci.nsIContentPolicy.ACCEPT; + }, + + shouldProcess(contentLocation, loadInfo, mimeTypeGuess) { + return Ci.nsIContentPolicy.ACCEPT; + } + }; + + // Register content policy + var componentManager = Components.manager.QueryInterface( + Ci.nsIComponentRegistrar + ); + + componentManager.registerFactory( + POLICYID, + "Test content policy", + POLICYNAME, + policy + ); + categoryManager.addCategoryEntry( + "content-policy", + POLICYNAME, + POLICYNAME, + false, + true + ); + + // Adding a new category dispatches an event to update + // caches, so we need to also dispatch an event to make + // sure we don't start the load until after that happens. + Services.tm.dispatchToMainThread(() => { + sendAsyncMessage("setupComplete"); + }); +} + +add_task(async function() { + let chromeScript = SpecialPowers.loadChromeScript(createChromeScript); + await chromeScript.promiseOneMessage("setupComplete"); + + var testframe = document.getElementById("testframe"); + testframe.src = + "file_contentpolicytype_targeted_link_iframe.sjs?testframe"; + + let result = await chromeScript.promiseOneMessage("loadBlocked"); + + is(result.policyType, SpecialPowers.Ci.nsIContentPolicy.TYPE_SUBDOCUMENT, + "content policy type should TYPESUBDOCUMENT"); + + chromeScript.destroy(); +}); +</script> +</body> +</html> diff --git a/dom/security/test/general/test_innerhtml_sanitizer.html b/dom/security/test/general/test_innerhtml_sanitizer.html new file mode 100644 index 0000000000..4a4e4efed1 --- /dev/null +++ b/dom/security/test/general/test_innerhtml_sanitizer.html @@ -0,0 +1,74 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset=utf-8> + <title>Test for Bug 1667113</title> + <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a> +<div></div> +<script> +SimpleTest.waitForExplicitFinish(); + +// Please note that 'fakeServer' does not exist because the test relies +// on "csp-on-violate-policy" , and "specialpowers-http-notify-request" +// which fire if either the request is blocked or fires. The test does +// not rely on the result of the load. + +function fail() { + ok(false, "Should not call this") +} + +function examiner() { + SpecialPowers.addObserver(this, "csp-on-violate-policy"); + SpecialPowers.addObserver(this, "specialpowers-http-notify-request"); +} +examiner.prototype = { + observe(subject, topic, data) { + if (topic === "csp-on-violate-policy") { + let asciiSpec = SpecialPowers.getPrivilegedProps( + SpecialPowers.do_QueryInterface(subject, "nsIURI"), + "asciiSpec"); + if (asciiSpec.includes("fakeServer")) { + ok (false, "Should not attempt fetch, not even blocked by CSP."); + } + } + + if (topic === "specialpowers-http-notify-request") { + if (data.includes("fakeServer")) { + ok (false, "Should not try fetch"); + } + } + }, + remove() { + SpecialPowers.removeObserver(this, "csp-on-violate-policy"); + SpecialPowers.removeObserver(this, "specialpowers-http-notify-request"); + } +} + +window.examiner = new examiner(); + +let div = document.getElementsByTagName("div")[0]; +div.innerHTML = "<svg><style><title><audio src=fakeServer onerror=fail() onload=fail()>"; + +let svg = div.firstChild; +is(svg.nodeName, "svg", "Node name should be svg"); + +let style = svg.firstChild; +if (style) { + is(style.firstChild, null, "Style should not have child nodes."); +} else { + ok(false, "Should have gotten a node."); +} + + +SimpleTest.executeSoon(function() { + window.examiner.remove(); + SimpleTest.finish(); +}); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_innerhtml_sanitizer.xhtml b/dom/security/test/general/test_innerhtml_sanitizer.xhtml new file mode 100644 index 0000000000..4d938bc23b --- /dev/null +++ b/dom/security/test/general/test_innerhtml_sanitizer.xhtml @@ -0,0 +1,73 @@ +<!DOCTYPE HTML> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + <title>Test for Bug 1667113</title> + <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a> +<div></div> +<script><![CDATA[ +SimpleTest.waitForExplicitFinish(); + +// Please note that 'fakeServer' does not exist because the test relies +// on "csp-on-violate-policy" , and "specialpowers-http-notify-request" +// which fire if either the request is blocked or fires. The test does +// not rely on the result of the load. + +function fail() { + ok(false, "Should not call this") +} + +function examiner() { + SpecialPowers.addObserver(this, "csp-on-violate-policy"); + SpecialPowers.addObserver(this, "specialpowers-http-notify-request"); +} +examiner.prototype = { + observe(subject, topic, data) { + if (topic === "csp-on-violate-policy") { + let asciiSpec = SpecialPowers.getPrivilegedProps( + SpecialPowers.do_QueryInterface(subject, "nsIURI"), + "asciiSpec"); + if (asciiSpec.includes("fakeServer")) { + ok (false, "Should not attempt fetch, not even blocked by CSP."); + } + } + + if (topic === "specialpowers-http-notify-request") { + if (data.includes("fakeServer")) { + ok (false, "Should not try fetch"); + } + } + }, + remove() { + SpecialPowers.removeObserver(this, "csp-on-violate-policy"); + SpecialPowers.removeObserver(this, "specialpowers-http-notify-request"); + } +} + +window.examiner = new examiner(); + +let div = document.getElementsByTagName("div")[0]; +div.innerHTML = "<svg xmlns='http://www.w3.org/2000/svg'><style><title><audio xmlns='http://www.w3.org/1999/xhtml' src='fakeServer' onerror='fail()' onload='fail()'></audio></title></style></svg>"; + +let svg = div.firstChild; +is(svg.nodeName, "svg", "Node name should be svg"); + +let style = svg.firstChild; +if (style) { + is(style.firstChild, null, "Style should not have child nodes."); +} else { + ok(false, "Should have gotten a node."); +} + + +SimpleTest.executeSoon(function() { + window.examiner.remove(); + SimpleTest.finish(); +}); + +]]></script> +</body> +</html> diff --git a/dom/security/test/general/test_nosniff.html b/dom/security/test/general/test_nosniff.html new file mode 100644 index 0000000000..a22386aea0 --- /dev/null +++ b/dom/security/test/general/test_nosniff.html @@ -0,0 +1,88 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 471020 - Add X-Content-Type-Options: nosniff support to Firefox</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> + + <!-- add the two css tests --> + <link rel="stylesheet" id="cssCorrectType"> + <link rel="stylesheet" id="cssWrongType"> +</head> +<body> + +<!-- add the two script tests --> +<script id="scriptCorrectType"></script> +<script id="scriptWrongType"></script> + +<script class="testbody" type="text/javascript"> +/* Description of the test: + * We load 2 css files, 2 script files and 2 image files, where + * the sever either responds with the right mime type or + * the wrong mime type for each test. + */ + +SimpleTest.waitForExplicitFinish(); +const NUM_TESTS = 4; + +var testCounter = 0; +function checkFinish() { + testCounter++; + if (testCounter === NUM_TESTS) { + SimpleTest.finish(); + } +} + + // 1) Test CSS with correct mime type + var cssCorrectType = document.getElementById("cssCorrectType"); + cssCorrectType.onload = function() { + ok(true, "style nosniff correct type should load"); + checkFinish(); + } + cssCorrectType.onerror = function() { + ok(false, "style nosniff correct type should load"); + checkFinish(); + } + cssCorrectType.href = "file_nosniff_testserver.sjs?cssCorrectType"; + + // 2) Test CSS with wrong mime type + var cssWrongType = document.getElementById("cssWrongType"); + cssWrongType.onload = function() { + ok(false, "style nosniff wrong type should not load"); + checkFinish(); + } + cssWrongType.onerror = function() { + ok(true, "style nosniff wrong type should not load"); + checkFinish(); + } + cssWrongType.href = "file_nosniff_testserver.sjs?cssWrongType"; + + // 3) Test SCRIPT with correct mime type + var scriptCorrectType = document.getElementById("scriptCorrectType"); + scriptCorrectType.onload = function() { + ok(true, "script nosniff correct type should load"); + checkFinish(); + } + scriptCorrectType.onerror = function() { + ok(false, "script nosniff correct type should load"); + checkFinish(); + } + scriptCorrectType.src = "file_nosniff_testserver.sjs?scriptCorrectType"; + + // 4) Test SCRIPT with wrong mime type + var scriptWrongType = document.getElementById("scriptWrongType"); + scriptWrongType.onload = function() { + ok(false, "script nosniff wrong type should not load"); + checkFinish(); + } + scriptWrongType.onerror = function() { + ok(true, "script nosniff wrong type should not load"); + checkFinish(); + } + scriptWrongType.src = "file_nosniff_testserver.sjs?scriptWrongType"; + + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_nosniff_navigation.html b/dom/security/test/general/test_nosniff_navigation.html new file mode 100644 index 0000000000..6710f4f5b9 --- /dev/null +++ b/dom/security/test/general/test_nosniff_navigation.html @@ -0,0 +1,35 @@ +<!DOCTYPE HTML> +<html> + +<head> + <title>Bug 1428473 Support X-Content-Type-Options: nosniff when navigating</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> + +<body> + + <!-- add the two script tests --> + <script id="scriptCorrectType"></script> + <script id="scriptWrongType"></script> + + <script class="testbody" type="text/javascript"> + /* Description of the test: + * We're testing if Firefox respects the nosniff Header for Top-Level + * Navigations. + * If Firefox cant Display the Page, it will prompt a download + * and the URL of the Page will be about:blank. + * So we will try to open different content send with + * no-mime, mismatched-mime and garbage-mime types. + * + */ + + SimpleTest.waitForExplicitFinish(); + + window.addEventListener("load", async () => { + window.open("window_nosniff_navigation.html"); + }); + </script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_about.html b/dom/security/test/general/test_same_site_cookies_about.html new file mode 100644 index 0000000000..faf2caab9a --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_about.html @@ -0,0 +1,116 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://mochi.test which sets a same site cookie + * 2) We then load the following iframes: + * (a) cross-origin iframe + * (b) same-origin iframe + * which both load a: + * * nested about:srcdoc frame and nested about:blank frame + * * navigate about:srcdoc frame and navigate about:blank frame + * 3) We evaluate that the same-site cookie is available in the same-origin case. + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/" +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_about.sjs"; + +let curTest = 0; + +var tests = [ + // NAVIGATION TESTS + { + description: "nested same origin iframe about:srcdoc navigation [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeNav", + result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe about:srcdoc navigation [mochi.test -> example.com -> about:srcdoc -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeNav", + result: "", // no same-site cookie should be available + }, + { + description: "nested same origin iframe about:blank navigation [mochi.test -> mochi.test -> about:blank -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "?loadblankframeNav", + result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe about:blank navigation [mochi.test -> example.com -> about:blank -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeNav", + result: "", // no same-site cookie should be available + }, + // INCLUSION TESTS + { + description: "nested same origin iframe about:srcdoc inclusion [mochi.test -> mochi.test -> about:srcdoc -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "?loadsrcdocframeInc", + result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe about:srcdoc inclusion [mochi.test -> example.com -> about:srcdoc -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "?loadsrcdocframeInc", + result: "", // no same-site cookie should be available + }, + { + description: "nested same origin iframe about:blank inclusion [mochi.test -> mochi.test -> about:blank -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "?loadblankframeInc", + result: "myKey=mySameSiteAboutCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe about:blank inclusion [mochi.test -> example.com -> about:blank -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "?loadblankframeInc", + result: "", // no same-site cookie should be available + }, +]; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // lets see if we ran all the tests + if (curTest == tests.length) { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + let testframe = document.getElementById("testframe"); + testframe.src = tests[curTest].frameSRC + curTest; +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "trying to set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not load image for test (" + tests[curTest].description + ")"); + } + cookieImage.src = SAME_ORIGIN + PATH + "?setSameSiteCookie" + curTest; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_cross_origin_context.html b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html new file mode 100644 index 0000000000..495cfaf801 --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html @@ -0,0 +1,87 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://example.com which tries to + * a) a same site cookie + * b) a regular cookie + * in the context of http://mochi.test + * 2) We load an iframe from http://example.com and check if the cookie + * is available. + * 3) We observe that: + * (a) same site cookie has been discarded in a cross origin context. + * (b) the regular cookie is available. + */ + +SimpleTest.waitForExplicitFinish(); + +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs"; + +let curTest = 0; + +var tests = [ + { + description: "regular cookie in cross origin context", + imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "myKey=regularCookie", + }, + { + description: "same-site cookie in cross origin context", + imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "", // no cookie should be set + }, +]; + + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // lets see if we ran all the tests + if (curTest == tests.length) { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + let testframe = document.getElementById("testframe"); + testframe.src = tests[curTest].frameSRC + curTest; +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "trying to set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not load image for test (" + tests[curTest].description + ")"); + } + cookieImage.src = tests[curTest].imgSRC + curTest; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_from_script.html b/dom/security/test/general/test_same_site_cookies_from_script.html new file mode 100644 index 0000000000..548fcfa954 --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_from_script.html @@ -0,0 +1,86 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<iframe id="setCookieFrame"></iframe> +<iframe id="getCookieFrame"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an iframe which tries to set a same site cookie using an + * inline script in top-level context of http://mochi.test. + * 2) We load an iframe from http://example.com and check if the cookie + * is available. + * 3) We observe that: + * (a) same site cookie is available in same origin context. + * (a) same site cookie has been discarded in a cross origin context. + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/"; +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_from_script.sjs"; + +let curTest = 0; + +var tests = [ + { + description: "same-site cookie inline script within same-site context", + setCookieSrc: SAME_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript", + getCookieSrc: SAME_ORIGIN + PATH + "?getCookieFrame", + result: "myKey=sameSiteCookieInlineScript", + }, + { + description: "same-site cookie inline script within cross-site context", + setCookieSrc: CROSS_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript", + getCookieSrc: CROSS_ORIGIN + PATH + "?getCookieFrame", + result: "", // same-site cookie should be discarded in cross site context + }, +]; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // lets see if we ran all the tests + if (curTest == tests.length) { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + let getCookieFrame = document.getElementById("getCookieFrame"); + getCookieFrame.src = tests[curTest].getCookieSrc + curTest; +} + +function setCookieAndInitTest() { + var cookieFrame = document.getElementById("setCookieFrame"); + setCookieFrame.onload = function() { + ok(true, "trying to set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + setCookieFrame.onerror = function() { + ok(false, "could not load image for test (" + tests[curTest].description + ")"); + } + cookieFrame.src = tests[curTest].setCookieSrc + curTest; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_iframe.html b/dom/security/test/general/test_same_site_cookies_iframe.html new file mode 100644 index 0000000000..45d5d5830a --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_iframe.html @@ -0,0 +1,168 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1454027 - Update SameSite cookie handling inside iframes</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://mochi.test which sets a same site cookie + * 2) We then load the following iframes: + * (a) cross-origin iframe + * (b) sandboxed iframe + * (c) data: URI iframe + * (d) same origin iframe which loads blob: URI iframe (to simulate same origin blobs) + * (e) cross origin iframe which loads blob: URI iframe (to simulate cross origin blobs) + * which all: + * * navigate the iframe to http://mochi.test + * * include another iframe from http://mochi.test + * 3) We observe that none of the nested iframes have access to the same-site cookie. + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/" +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/"; +const SERVER_FILE = "file_same_site_cookies_iframe.sjs"; + +const NESTED_DATA_IFRAME_NAVIGATION = ` + data:text/html, + <html> + <body> + <a id="testlink" href="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></a> + <script type="application/javascript"> + let link = document.getElementById("testlink"); + link.click(); + <\/script> + </body> + </html>`; + +const NESTED_DATA_IFRAME_INCLUSION = ` + data:text/html, + <html> + <body> + <script type="application/javascript"> + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + window.parent.postMessage({result: event.data.result}, '*'); + } + <\/script> + <iframe src="http://mochi.test:8888/tests/dom/security/test/general/file_same_site_cookies_iframe.sjs"></iframe> + </body> + </html>`; + +let curTest = 0; + +var tests = [ + // NAVIGATION TESTS + { + description: "nested same origin iframe navigation [mochi.test -> mochi.test -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + SERVER_FILE + "?nestedIframeNavigation", + result: "myKey=mySameSiteIframeTestCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe navigation [mochi.test -> example.com -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedIframeNavigation", + result: "", // no cookie should be set + }, + { + description: "nested sandboxed iframe navigation [mochi.test -> sandbox -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedSandboxIframeNavigation", + result: "", // no cookie should be set + }, + { + description: "nested data iframe navigation [mochi.test -> data: -> mochi.test]", + frameSRC: NESTED_DATA_IFRAME_NAVIGATION, + result: "", // no cookie should be set + }, + { + description: "nested same site blob iframe navigation [mochi.test -> mochi.test -> blob: -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_navigation.html", + result: "myKey=mySameSiteIframeTestCookie", // cookie should be set, blobs inherit security context + }, + { + description: "nested cross site blob iframe navigation [mochi.test -> example.com -> blob: -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_navigation.html", + result: "", // no cookie should be set + }, + // INCLUSION TESTS + { + description: "nested same origin iframe inclusion [mochi.test -> mochi.test -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + SERVER_FILE + "?nestedIframeInclusion", + result: "myKey=mySameSiteIframeTestCookie", // cookie should be set for baseline test + }, + { + description: "nested cross origin iframe inclusion [mochi.test -> example.com -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedIframeInclusion", + result: "", // no cookie should be set + }, + { + description: "nested sandboxed iframe inclusion [mochi.test -> sandbox -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + SERVER_FILE + "?nestedSandboxIframeInclusion", + result: "", // no cookie should be set + }, + { + description: "nested data iframe inclusion [mochi.test -> data: -> mochi.test]", + frameSRC: NESTED_DATA_IFRAME_INCLUSION, + result: "", // no cookie should be set + }, + { + description: "nested same site blob iframe inclusion [mochi.test -> mochi.test -> blob: -> mochi.test]", + frameSRC: SAME_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_inclusion.html", + result: "myKey=mySameSiteIframeTestCookie", // cookie should be set, blobs inherit security context + }, + { + description: "same-site cookie, nested cross site blob iframe inclusion [mochi.test -> example.com -> blob: -> mochi.test]", + frameSRC: CROSS_ORIGIN + PATH + "file_same_site_cookies_blob_iframe_inclusion.html", + result: "", // no cookie should be set + }, +]; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // // lets see if we ran all the tests + if (curTest == tests.length) { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + let testframe = document.getElementById("testframe"); + testframe.src = tests[curTest].frameSRC; +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "trying to set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not load image for test (" + tests[curTest].description + ")"); + } + // appending math.random to avoid any unexpected caching behavior + cookieImage.src = SAME_ORIGIN + PATH + SERVER_FILE + "?setSameSiteCookie" + Math.random(); +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_laxByDefault.html b/dom/security/test/general/test_same_site_cookies_laxByDefault.html new file mode 100644 index 0000000000..1da9cc71a5 --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_laxByDefault.html @@ -0,0 +1,86 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1551798 - SameSite=lax by default</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script class="testbody" type="text/javascript"> + +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/closeWindow.sjs"; + +async function realTest(noneRequiresSecure) { + let types = ["unset", "lax", "none"]; + for (let i = 0; i < types.length; ++i) { + info("Loading a new top-level page (" + types[i] + ")"); + await new Promise(resolve => { + window.addEventListener("message", _ => { + resolve(); + }, { once: true }); + window.open(CROSS_ORIGIN + PATH + "?" + types[i]); + }); + } + + info("Check cookies"); + let chromeScript = SpecialPowers.loadChromeScript(() => { + const {sendAsyncMessage} = this; + const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm"); + + let cookies = { test: null, test2: null, test3: null }; + + for (let cookie of Services.cookies.cookies) { + if (cookie.host != "example.com") continue; + + if (cookie.name == "test" && cookie.value == "wow") { + cookies.test = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none'; + } + + if (cookie.name == "test2" && cookie.value == "wow2") { + cookies.test2 = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none'; + } + + if (cookie.name == "test3" && cookie.value == "wow3") { + cookies.test3 = cookie.sameSite == Ci.nsICookie.SAMESITE_LAX ? 'lax' : 'none'; + } + } + + Services.cookies.removeAll(); + sendAsyncMessage('result', cookies); + }); + + let cookies = await new Promise(resolve => { + chromeScript.addMessageListener('result', cookies => { + chromeScript.destroy(); + resolve(cookies); + }); + }); + + is(cookies.test, "lax", "Cookie set without samesite is lax by default"); + if (noneRequiresSecure) { + is(cookies.test2, null, "Cookie set with samesite none, but not secure"); + } else { + is(cookies.test2, "none", "Cookie set with samesite none"); + } + is(cookies.test3, "lax", "Cookie set with samesite lax"); +} + +SpecialPowers.pushPrefEnv({"set": [ + ["network.cookie.sameSite.laxByDefault", true], + ["network.cookie.sameSite.noneRequiresSecure", false], +]}).then(_ => { + return realTest(false); +}).then(_ => { + return SpecialPowers.pushPrefEnv({"set": [ + ["network.cookie.sameSite.laxByDefault", true], + ["network.cookie.sameSite.noneRequiresSecure", true]]}); +}).then(_ => { + return realTest(true); +}).then(SimpleTest.finish); + +SimpleTest.waitForExplicitFinish(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_redirect.html b/dom/security/test/general/test_same_site_cookies_redirect.html new file mode 100644 index 0000000000..59f98b2263 --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_redirect.html @@ -0,0 +1,101 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1453814 - Do not allow same-site cookies for cross origin redirect</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://mochi.test which set a same site cookie + * 2) We then load an iframe that redirects + * (a) from same-origin to cross-origin + * (b) from cross-origin to same-origin + * 3) We observe that in both cases same-site cookies should not be send + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = location.origin + "/"; +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_redirect.sjs"; + +let curTest = 0; + +var tests = [ + { + description: "baseline: same-site cookie, redirect same-site to same-site", + imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?sameToSameRedirect", + result: "myKey=strictSameSiteCookie", + }, + { + description: "same-site cookie, redirect same-site to cross-site", + imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?sameToCrossRedirect", + result: "", // no cookie should be set + }, + { + description: "same-site cookie, redirect cross-site to same-site", + imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?crossToSameRedirect", + result: "", // no cookie should be set + }, + { + description: "same-site cookie, meta redirect same-site to cross-site", + imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?sameToCrossRedirectMeta", + result: "", // no cookie should be set + }, + { + description: "same-site cookie, meta redirect cross-site to same-site", + imgSRC: SAME_ORIGIN + PATH + "?setSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?crossToSameRedirectMeta", + result: "", // no cookie should be set + }, +]; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // // lets see if we ran all the tests + if (curTest == tests.length) { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + let testframe = document.getElementById("testframe"); + testframe.src = tests[curTest].frameSRC; +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "trying to set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not load image for test (" + tests[curTest].description + ")"); + } + cookieImage.src = tests[curTest].imgSRC; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_subrequest.html b/dom/security/test/general/test_same_site_cookies_subrequest.html new file mode 100644 index 0000000000..304dbafa9a --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_subrequest.html @@ -0,0 +1,113 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1286861 - Test same site cookies on subrequests</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://mochi.test which sets a same site cookie + * 2) We load an iframe from: + * * http://mochi.test which loads another image from http://mochi.test + * * http://example.com which loads another image from http://mochi.test + * 3) We observe that the same site cookie is sent in the same origin case, + * but not in the cross origin case. + * + * In detail: + * We perform an XHR request to the *.sjs file which is processed async on + * the server and waits till the image request has been processed by the server. + * Once the image requets was processed, the server responds to the initial + * XHR request with the expecuted result (the cookie value). + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/"; +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_subrequest.sjs"; + +let curTest = 0; + +var tests = [ + { + description: "same origin site using cookie policy 'samesite=strict'", + imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?loadFrame", + result: "myKey=strictSameSiteCookie", + }, + { + description: "cross origin site using cookie policy 'samesite=strict'", + imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "myKey=noCookie", + }, + { + description: "same origin site using cookie policy 'samesite=lax'", + imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?loadFrame", + result: "myKey=laxSameSiteCookie", + }, + { + description: "cross origin site using cookie policy 'samesite=lax'", + imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "myKey=noCookie", + }, +]; + +function checkResult(aCookieVal) { + is(aCookieVal, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // lets see if we ran all the tests + if (curTest == tests.length) { + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + var myXHR = new XMLHttpRequest(); + myXHR.open("GET", "file_same_site_cookies_subrequest.sjs?queryresult" + curTest); + myXHR.onload = function(e) { + checkResult(myXHR.responseText); + } + myXHR.onerror = function(e) { + ok(false, "could not query results from server (" + e.message + ")"); + } + myXHR.send(); + + // give it some time and load the test frame + SimpleTest.executeSoon(function() { + let testframe = document.getElementById("testframe"); + testframe.src = tests[curTest].frameSRC + curTest; + }); +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not set cookie for test (" + tests[curTest].description + ")"); + } + cookieImage.src = tests[curTest].imgSRC + curTest; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_toplevel_nav.html b/dom/security/test/general/test_same_site_cookies_toplevel_nav.html new file mode 100644 index 0000000000..aba825916b --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_toplevel_nav.html @@ -0,0 +1,117 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1286861 - Test same site cookies on top-level navigations</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load an image from http://mochi.test which sets a same site cookie + * 2) We open a new window to + * * a same origin location + * * a cross origin location + * 3) We observe that the same site cookie is sent in the same origin case, + * but not in the cross origin case, unless the policy = 'lax', which should + * send the cookie in a top-level navigation case. + * + * In detail: + * We perform an XHR request to the *.sjs file which is processed async on + * the server and waits till the image request has been processed by the server. + * Once the image requets was processed, the server responds to the initial + * XHR request with the expecuted result (the cookie value). + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/"; +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs"; + +let curTest = 0; + +let currentWindow; +var tests = [ + { + description: "same origin navigation using cookie policy 'samesite=strict'", + imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?loadFrame", + result: "myKey=strictSameSiteCookie", + }, + { + description: "cross origin navigation using cookie policy 'samesite=strict'", + imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "myKey=noCookie", + }, + { + description: "same origin navigation using cookie policy 'samesite=lax'", + imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", + frameSRC: SAME_ORIGIN + PATH + "?loadFrame", + result: "myKey=laxSameSiteCookie", + }, + { + description: "cross origin navigation using cookie policy 'samesite=lax'", + imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", + frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", + result: "myKey=laxSameSiteCookie", + }, +]; + +function checkResult(aCookieVal) { + if(currentWindow){ + currentWindow.close(); + currentWindow= null; + } + is(aCookieVal, tests[curTest].result, tests[curTest].description); + curTest += 1; + + // lets see if we ran all the tests + if (curTest == tests.length) { + SimpleTest.finish(); + return; + } + // otherwise it's time to run the next test + setCookieAndInitTest(); +} + +function setupQueryResultAndRunTest() { + var myXHR = new XMLHttpRequest(); + myXHR.open("GET", "file_same_site_cookies_toplevel_nav.sjs?queryresult" + curTest); + myXHR.onload = function(e) { + checkResult( myXHR.responseText); + } + myXHR.onerror = function(e) { + ok(false, "could not query results from server (" + e.message + ")"); + } + myXHR.send(); + + // give it some time and load the test window + SimpleTest.executeSoon(function() { + currentWindow = window.open(tests[curTest].frameSRC + curTest); + }); +} + +function setCookieAndInitTest() { + var cookieImage = document.getElementById("cookieImage"); + cookieImage.onload = function() { + ok(true, "set cookie for test (" + tests[curTest].description + ")"); + setupQueryResultAndRunTest(); + } + cookieImage.onerror = function() { + ok(false, "could not set cookie for test (" + tests[curTest].description + ")"); + } + cookieImage.src = tests[curTest].imgSRC + curTest; +} + +// fire up the test +setCookieAndInitTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html b/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html new file mode 100644 index 0000000000..cae2a6174e --- /dev/null +++ b/dom/security/test/general/test_same_site_cookies_toplevel_set_cookie.html @@ -0,0 +1,57 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1454242: Setting samesite cookie should not rely on CookieCommons::IsSameSiteForeign</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<img id="cookieImage"> +<iframe id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * Description of the test: + * 1) We load a window from example.com which loads a window from mochi.test + * which then sets a same-site cookie for mochi.test. + * 2) We load an iframe from mochi.test. + * 3) We observe that the cookie within (1) was allowed to be set and + * is available for mochi.test. + */ + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN = "http://mochi.test:8888/" +const CROSS_ORIGIN = "http://example.com/"; +const PATH = "tests/dom/security/test/general/file_same_site_cookies_toplevel_set_cookie.sjs"; + +let testWin = null; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + // once the second window (which sets the cookie) loaded, we get a notification + // that the test setup is correct and we can now try to query the same-site cookie + if (event.data.value === "testSetupComplete") { + ok(true, "cookie setup worked"); + let testframe = document.getElementById("testframe"); + testframe.src = SAME_ORIGIN + PATH + "?checkCookie"; + return; + } + + // thie second message is the cookie value from verifying the + // cookie has been set correctly. + is(event.data.value, "myKey=laxSameSiteCookie", + "setting same-site cookie on cross origin top-level page"); + + window.removeEventListener("message", receiveMessage); + testWin.close(); + SimpleTest.finish(); +} + +// fire up the test +testWin = window.open(CROSS_ORIGIN + PATH + "?loadWin"); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_sec_fetch_websocket.html b/dom/security/test/general/test_sec_fetch_websocket.html new file mode 100644 index 0000000000..bc01e5e509 --- /dev/null +++ b/dom/security/test/general/test_sec_fetch_websocket.html @@ -0,0 +1,81 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1628605: Test Sec-Fetch-* header for websockets</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<script type="application/javascript"> + +SimpleTest.waitForExplicitFinish(); + +let testsSucceeded = 0; + +function checkTestsDone() { + testsSucceeded++; + if (testsSucceeded == 2) { + SimpleTest.finish(); + } +} + +var script = SpecialPowers.loadChromeScript(() => { + const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm"); + + Services.obs.addObserver(function onExamResp(subject, topic, data) { + let channel = subject.QueryInterface(Ci.nsIHttpChannel); + if (!channel.URI.spec.startsWith("https://example.com/tests/dom/security/test/general/file_sec_fetch_websocket")) { + return; + } + + // Sec-Fetch-* Headers should be present for Dest, Mode, Site + try { + let secFetchDest = channel.getRequestHeader("Sec-Fetch-Dest"); + is(secFetchDest, "websocket", "testing sec-fetch-dest"); + + let secFetchMode = channel.getRequestHeader("Sec-Fetch-Mode"); + is(secFetchMode, "websocket", "testing sec-fetch-mode"); + + let secFetchSite = channel.getRequestHeader("Sec-Fetch-Site"); + is(secFetchSite, "cross-site", "testing sec-fetch-site"); + } + catch (e) { + ok(false, "testing sec-fetch-*"); + } + + // Sec-Fetch-User should not be present + try { + let secFetchSite = channel.getRequestHeader("Sec-Fetch-User"); + ok(false, "testing sec-fetch-user"); + } + catch (e) { + ok(true, "testing sec-fetch-user"); + } + Services.obs.removeObserver(onExamResp, "http-on-stop-request"); + + sendAsyncMessage("test-end"); + }, "http-on-stop-request"); +}); + +script.addMessageListener("test-end", () => { + checkTestsDone(); +}); + +function test_sec_fetch_websocket() { + var wssSocket = new WebSocket("wss://example.com/tests/dom/security/test/general/file_sec_fetch_websocket"); + wssSocket.onopen = function(e) { + ok(true, "sanity: wssSocket onopen"); + checkTestsDone(); + }; + wssSocket.onerror = function(e) { + ok(false, "sanity: wssSocket onerror"); + }; +} + +SpecialPowers.pushPrefEnv({ + set: [["dom.security.secFetch.enabled", true]] +}, test_sec_fetch_websocket); + +</script> +</body> +</html> diff --git a/dom/security/test/general/test_xfo_error_page.html b/dom/security/test/general/test_xfo_error_page.html new file mode 100644 index 0000000000..218413b4f9 --- /dev/null +++ b/dom/security/test/general/test_xfo_error_page.html @@ -0,0 +1,35 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1626249: Ensure correct display of neterror page for XFO</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="xfo_testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +SimpleTest.waitForExplicitFinish(); + +const XFO_ERROR_PAGE_MSG = "This page has an X-Frame-Options policy that prevents it from being loaded in this context"; + +let xfo_testframe = document.getElementById("xfo_testframe"); + +xfo_testframe.onload = function() { + let wrappedXFOFrame = SpecialPowers.wrap(xfo_testframe.contentWindow); + let frameContentXFO = wrappedXFOFrame.document.body.innerHTML; + ok(frameContentXFO.includes(XFO_ERROR_PAGE_MSG), "xfo error page correct"); + SimpleTest.finish(); +} + +xfo_testframe.onerror = function() { + ok(false, "sanity: should not fire onerror for xfo_testframe"); + SimpleTest.finish(); +} + +xfo_testframe.src = "file_xfo_error_page.sjs"; + +</script> +</body> +</html> diff --git a/dom/security/test/general/window_nosniff_navigation.html b/dom/security/test/general/window_nosniff_navigation.html new file mode 100644 index 0000000000..cae2b15c65 --- /dev/null +++ b/dom/security/test/general/window_nosniff_navigation.html @@ -0,0 +1,95 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1428473 Support X-Content-Type-Options: nosniff when navigating</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> + <style> + iframe{ + border: 1px solid orange; + } + </style> + + <iframe class="no-mime" src="file_nosniff_navigation.sjs?xml"> </iframe> + <iframe class="no-mime" src="file_nosniff_navigation.sjs?html"></iframe> + <iframe class="no-mime" src="file_nosniff_navigation.sjs?css" ></iframe> + <iframe class="no-mime" src="file_nosniff_navigation.sjs?json"></iframe> + <iframe class="no-mime" src="file_nosniff_navigation.sjs?img"></iframe> + <iframe class="no-mime" src="file_nosniff_navigation.sjs"></iframe> + + <hr> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?html"></iframe> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?xml"></iframe> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?css"></iframe> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?json"></iframe> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?img"></iframe> + <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs"></iframe> + <hr> + + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?xml"> </iframe> + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?html"></iframe> + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?css" ></iframe> + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?json"></iframe> + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?img"></iframe> + <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs"></iframe> + + +</head> + +<body> + +<!-- add the two script tests --> +<script id="scriptCorrectType"></script> +<script id="scriptWrongType"></script> + +<script class="testbody" type="text/javascript"> +/* Description of the test: + * We're testing if Firefox respects the nosniff Header for Top-Level + * Navigations. + * If Firefox cant Display the Page, it will prompt a download + * and the URL of the Page will be about:blank. + * So we will try to open different content send with + * no-mime, mismatched-mime and garbage-mime types. + * + */ + +SimpleTest.waitForExplicitFinish(); + +window.addEventListener("load", ()=>{ + let noMimeFrames = Array.from(document.querySelectorAll(".no-mime")); + + noMimeFrames.forEach( frame => { + // In case of no Provided Content Type, not rendering or assuming text/plain is valid + let result = frame.contentWindow.document.URL == "about:blank" || frame.contentWindow.document.contentType == "text/plain"; + let sniffTarget = (new URL(frame.src)).search; + window.opener.ok(result, `${sniffTarget} without MIME - was not Sniffed`); + }); + + let mismatchedMimes = Array.from(document.querySelectorAll(".mismatch-mime")); + mismatchedMimes.forEach(frame => { + // In case the Server mismatches the Mime Type (sends content X as image/png) + // assert that we do not sniff and correct this. + let result = frame.contentWindow.document.contentType == "image/png"; + let sniffTarget = (new URL(frame.src)).search; + window.opener.ok(result, `${sniffTarget} send as image/png - was not Sniffed`); + }); + + let badMimeFrames = Array.from(document.querySelectorAll(".garbage-mime")); + + badMimeFrames.forEach( frame => { + // In the case we got a bogous mime, assert that we dont sniff. + // We must not default here to text/plain + // as the Server at least provided a mime type. + let result = frame.contentWindow.document.URL == "about:blank"; + let sniffTarget = (new URL(frame.src)).search; + window.opener.ok(result, `${sniffTarget} send as garbage/garbage - was not Sniffed`); + }); + + window.opener.SimpleTest.finish(); + this.close(); +}); +</script> +</body> + +</html>
\ No newline at end of file |