summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
diff options
context:
space:
mode:
Diffstat (limited to 'js/xpconnect/tests/unit/test_allowedDomainsXHR.js')
-rw-r--r--js/xpconnect/tests/unit/test_allowedDomainsXHR.js135
1 files changed, 135 insertions, 0 deletions
diff --git a/js/xpconnect/tests/unit/test_allowedDomainsXHR.js b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
new file mode 100644
index 0000000000..f1e9cb2892
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
@@ -0,0 +1,135 @@
+const { HttpServer } = ChromeUtils.importESModule("resource://testing-common/httpd.sys.mjs");
+
+var httpserver = new HttpServer();
+var httpserver2 = new HttpServer();
+var httpserver3 = new HttpServer();
+var testpath = "/simple";
+var redirectpath = "/redirect";
+var negativetestpath = "/negative";
+var httpbody = "<?xml version='1.0' ?><root>0123456789</root>";
+
+var sb = Cu.Sandbox(["http://www.example.com",
+ "http://localhost:4444/redirect",
+ "http://localhost:4444/simple",
+ "http://localhost:4446/redirect"],
+ { wantGlobalProperties: ["XMLHttpRequest"] });
+
+function createXHR(loc, async)
+{
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", "http://localhost:" + loc, async);
+ return xhr;
+}
+
+function checkResults(xhr)
+{
+ if (xhr.readyState != 4)
+ return false;
+
+ equal(xhr.status, 200);
+ equal(xhr.responseText, httpbody);
+
+ var root_node = xhr.responseXML.getElementsByTagName('root').item(0);
+ equal(root_node.firstChild.data, "0123456789");
+ return true;
+}
+
+var httpServersClosed = 0;
+function finishIfDone()
+{
+ if (++httpServersClosed == 3)
+ do_test_finished();
+}
+
+function run_test()
+{
+ do_get_profile();
+ do_test_pending();
+
+ httpserver.registerPathHandler(testpath, serverHandler);
+ httpserver.registerPathHandler(redirectpath, redirectHandler1);
+ httpserver.start(4444);
+
+ httpserver2.registerPathHandler(negativetestpath, serverHandler);
+ httpserver2.start(4445);
+
+ httpserver3.registerPathHandler(redirectpath, redirectHandler2);
+ httpserver3.start(4446);
+
+ // Test sync XHR sending
+ Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+ var res = Cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
+ Assert.ok(checkResults(res));
+
+ var principal = res.responseXML.nodePrincipal;
+ Assert.ok(principal.isContentPrincipal);
+ var requestURL = "http://localhost:4444/redirect";
+ Assert.equal(principal.spec, requestURL);
+
+ // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
+ try {
+ Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+ var res = Cu.evalInSandbox('var sync = createXHR("4445/negative"); sync.send(null); sync', sb);
+ Assert.equal(false, true, "XHR created from sandbox should not have chrome caps");
+ } catch (e) {
+ Assert.ok(true);
+ }
+
+ // Test redirect handling.
+ // This request bounces to server 2 and then back to server 1. Neither of
+ // these servers support CORS, but if the expanded principal is used as the
+ // triggering principal, this should work.
+ Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
+ var res = Cu.evalInSandbox('var sync = createXHR("4444/redirect"); sync.send(null); sync', sb);
+ Assert.ok(checkResults(res));
+
+ var principal = res.responseXML.nodePrincipal;
+ Assert.ok(principal.isContentPrincipal);
+ var requestURL = "http://localhost:4444/redirect";
+ Assert.equal(principal.spec, requestURL);
+
+ httpserver2.stop(finishIfDone);
+ httpserver3.stop(finishIfDone);
+
+ // Test async XHR sending
+ sb.finish = function(){
+ httpserver.stop(finishIfDone);
+ }
+
+ // We want to execute checkResults from the scope of the sandbox as well to
+ // make sure that there are no permission errors related to nsEP. For that
+ // we need to clone the function into the sandbox and make a few things
+ // available for it.
+ Cu.evalInSandbox('var checkResults = ' + checkResults.toSource(), sb);
+ sb.equal = equal;
+ sb.httpbody = httpbody;
+
+ function changeListener(event) {
+ if (checkResults(async))
+ finish();
+ }
+
+ var async = Cu.evalInSandbox('var async = createXHR("4444/simple", true);' +
+ 'async.addEventListener("readystatechange", ' +
+ changeListener.toString() + ', false);' +
+ 'async', sb);
+ async.send(null);
+}
+
+function serverHandler(request, response)
+{
+ response.setHeader("Content-Type", "text/xml", false);
+ response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function redirectHandler1(request, response)
+{
+ response.setStatusLine(request.httpVersion, 302, "Found");
+ response.setHeader("Location", "http://localhost:4446/redirect", false);
+}
+
+function redirectHandler2(request, response)
+{
+ response.setStatusLine(request.httpVersion, 302, "Found");
+ response.setHeader("Location", "http://localhost:4444/simple", false);
+}