diff options
Diffstat (limited to 'dom/base/test/test_warning_for_blocked_cross_site_request.html')
-rw-r--r-- | dom/base/test/test_warning_for_blocked_cross_site_request.html | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/dom/base/test/test_warning_for_blocked_cross_site_request.html b/dom/base/test/test_warning_for_blocked_cross_site_request.html new file mode 100644 index 0000000000..c1e597b6ad --- /dev/null +++ b/dom/base/test/test_warning_for_blocked_cross_site_request.html @@ -0,0 +1,129 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=713980 +--> +<head> + <meta charset="utf-8"> + <title>Test for Bug 713980</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> + + <!-- Load a cross-origin webfont without CORS (common pain point) and some + other styles that require anonymous CORS --> + <style> + @font-face { + font-family: "bad_cross_origin_webfont"; + src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream'); + } + div#bad_webfont { font-family: "bad_cross_origin_webfont"; } + + div#bad_shape_outside { shape-outside: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=bad_shape_outside&type=image/png'); } + + div#bad_mask_image { mask-image: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=bad_mask_image&type=image/svg+xml'); } + </style> +</head> +<body> +<pre id="test"> + +<script class="testbody" type="text/javascript"> +SimpleTest.waitForExplicitFinish(); + +var tests = { + xhr : { + uri_test : "http://invalid", + result : null, + category: "CORSAllowOriginNotMatchingOrigin" + }, + font : { + uri_test : "font_bad", + result : null, + category: "CORSMissingAllowOrigin2", + }, + shape_outside : { + uri_test : "bad_shape_outside", + result : null, + category: "CORSMissingAllowOrigin2", + ignore_windowID: true, + }, + mask_image : { + uri_test : "bad_mask_image", + result : null, + category: "CORSMissingAllowOrigin2", + ignore_windowID: true, + }, +} + +function testsComplete() { + for (var testName in tests) { + var test = tests[testName]; + if (test.result == null) { + info("Still waiting on (at least) " + testName + "."); + return false; + } + } + return true; +} + +SpecialPowers.registerConsoleListener(function CORSMsgListener(aMsg) { + if (!/Cross-Origin Request Blocked/.test(aMsg.message)) + return; + + for (var testName in tests) { + var test = tests[testName]; + var category = test.category; + if (test.result != null) + continue; + + var testRegexp = new RegExp(test.uri_test); + if (testRegexp.test(aMsg.message)) { + test.result = true; + ok(true, "Got \"Cross-site request blocked\" warning message for " + testName); + ok(aMsg.category == category, + "Got warning message with category \"" + aMsg.category + "\", expected \"" + category + "\""); + // Got the message we wanted - make sure it is destined for a valid inner window + if(!test.ignore_windowID) { + ok(aMsg.windowID != 0, "Valid (non-zero) windowID for the cross-site request blocked message."); + } + break; + } + } + + if (testsComplete()) { + SimpleTest.executeSoon(cleanup); + } +}); + +function cleanup() { + SpecialPowers.postConsoleSentinel(); + SimpleTest.finish(); +} + +// Send a cross-origin XHR request without CORS +var xhr = new XMLHttpRequest(); +xhr.open("GET", "http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http://invalid", true); +xhr.send(null); + +let badDiv; + +// Create a div that triggers a cross-origin webfont request +// We do this in Javascript in order to guarantee the console listener has +// already been registered; otherwise, there could be a race. +badDiv = document.createElement('div'); +badDiv.setAttribute('id', 'bad_webfont'); +document.body.appendChild(badDiv); + +// Create a div that triggers a cross-origin request for a shape-outside image +badDiv = document.createElement('div'); +badDiv.setAttribute('id', 'bad_shape_outside'); +document.body.appendChild(badDiv); + +// Create a div that triggers a cross-origin request for a mask-image +badDiv = document.createElement('div'); +badDiv.setAttribute('id', 'bad_mask_image'); +document.body.appendChild(badDiv); +</script> + +</pre> +</body> +</html> |