diff options
Diffstat (limited to 'dom/security/test/csp/test_301_redirect.html')
-rw-r--r-- | dom/security/test/csp/test_301_redirect.html | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_301_redirect.html b/dom/security/test/csp/test_301_redirect.html new file mode 100644 index 0000000000..0aaed5bcf2 --- /dev/null +++ b/dom/security/test/csp/test_301_redirect.html @@ -0,0 +1,74 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=650386 +Test that CSP violation reports are not sent when a 301 redirect is encountered +--> +<head> + <title>Test for Bug 650386</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=650386">Mozilla Bug 650386</a> +<p id="display"></p> +<div id="content" style="display: none"> +<iframe id = "content_iframe"></iframe> +</div> +<pre id="test"> +<script type="application/javascript"> + +/** Test for Bug 650386 **/ + +// This is used to watch the redirect of the report POST get blocked +function examiner() { + SpecialPowers.addObserver(this, "csp-on-violate-policy"); + SpecialPowers.addObserver(this, "specialpowers-http-notify-request"); +} + +examiner.prototype = { + observe(subject, topic, data) { + if (topic === "specialpowers-http-notify-request") { + // this is used to fail the test - if we see the POST to the target of the redirect + // we know this is a fail + var uri = data; + if (uri == "http://example.com/some/fake/path") + window.done(false); + } + + if(topic === "csp-on-violate-policy") { + // something was blocked, but we are looking specifically for the redirect being blocked + if (data == "denied redirect while sending violation report") + window.done(true); + } + }, + + // must eventually call this to remove the listener, + // or mochitests might get borked. + remove() { + SpecialPowers.removeObserver(this, "csp-on-violate-policy"); + SpecialPowers.removeObserver(this, "specialpowers-http-notify-request"); + } +} + +window.examiner = new examiner(); + +// result == true if we saw the redirect blocked notify, false if we saw the post +// to the redirect target go out +window.done = function(result) { + ok(result, "a 301 redirect when posting violation report should be blocked"); + + // clean up observers and finish the test + window.examiner.remove(); + SimpleTest.finish(); +} + +SimpleTest.waitForExplicitFinish(); + +// save this for last so that our listeners are registered. +// ... this loads the testbed of good and bad requests. +document.getElementById('content_iframe').src = 'file_redirect_content.sjs?301'; +</script> +</pre> +</body> +</html> |