diff options
Diffstat (limited to 'toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html')
| -rw-r--r-- | toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html | 67 |
1 files changed, 50 insertions, 17 deletions
diff --git a/toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html b/toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html index f791d08602..0586275808 100644 --- a/toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html +++ b/toolkit/components/extensions/test/mochitest/test_ext_subframes_privileges.html @@ -14,6 +14,32 @@ "use strict"; /* eslint-disable mozilla/balanced-listeners */ +const { + WebExtensionPolicy, +} = SpecialPowers.Cu.getGlobalForObject(SpecialPowers.Services); + + +// Some tests load non-moz-extension:-URLs in their extension document. When +// extensions run in-process (extensions.webextensions.remote set to false), +// that fails. +// For details, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1724099 and +// the same function in toolkit/components/extensions/test/xpcshell/head.js +async function allow_unsafe_parent_loads_when_extensions_not_remote() { + if (!WebExtensionPolicy.useRemoteWebExtensions) { + await SpecialPowers.pushPrefEnv({ + set: [["security.allow_unsafe_parent_loads", true]], + }); + } +} + +async function revert_allow_unsafe_parent_loads_when_extensions_not_remote() { + if (!WebExtensionPolicy.useRemoteWebExtensions) { + // Assume that the previous call to pushPrefEnv was from + // allow_unsafe_parent_loads_when_extensions_not_remote. + await SpecialPowers.popPrefEnv(); + } +} + add_task(async function test_webext_tab_subframe_privileges() { function background() { browser.runtime.onMessage.addListener(async ({msg, success, tabId, error}) => { @@ -198,19 +224,25 @@ add_task(async function test_webext_contentscript_iframe_subframe_privileges() { }); add_task(async function test_webext_background_remote_subframe_privileges() { - function backgroundSubframeScript() { + // file_remote_frame.html is opened at the same origin as this test page. + document.cookie = "cookie=monster"; + + function backgroundScript() { window.addEventListener("message", evt => { - browser.test.assertEq("http://mochi.test:8888", evt.origin, "postmessage origin ok"); + browser.test.assertTrue( + evt.origin === "http://mochi.test:8888" || + evt.origin === "https://mochi.test:8888", // using https-first, http2/http3 server. + `postmessage origin ok: ${evt.origin}` + ); browser.test.assertFalse(evt.data.tabs, "remote frame cannot access webextension APIs"); browser.test.assertEq("cookie=monster", evt.data.cookie, "Expected cookie value"); browser.test.notifyPass("webext-background-subframe-privileges"); }, {once: true}); - browser.cookies.set({url: "http://mochi.test:8888", name: "cookie", "value": "monster"}); } let extensionData = { manifest: { - permissions: ["cookies", "*://mochi.test/*", "tabs"], + permissions: ["*://mochi.test/*", "tabs"], background: { page: "background.html", }, @@ -219,32 +251,32 @@ add_task(async function test_webext_background_remote_subframe_privileges() { "background.html": `<!DOCTYPE> <head> <meta charset="utf-8"> - <script src="background-subframe.js"><\/script> + <script src="background.js"><\/script> </head> <body> <iframe src='${SimpleTest.getTestFileURL("file_remote_frame.html")}'></iframe> </body> </html>`, - "background-subframe.js": backgroundSubframeScript, + "background.js": backgroundScript, }, }; // Need remote webextensions to be able to load remote content from a background page. - if (!SpecialPowers.getBoolPref("extensions.webextensions.remote", true)) { - return; - } + await allow_unsafe_parent_loads_when_extensions_not_remote(); let extension = ExtensionTestUtils.loadExtension(extensionData); await extension.startup(); await extension.awaitFinish("webext-background-subframe-privileges"); await extension.unload(); + await revert_allow_unsafe_parent_loads_when_extensions_not_remote(); }); // Test a moz-extension:// iframe inside a content iframe in an extension page. add_task(async function test_sub_subframe_conduit_verified_env() { let manifest = { content_scripts: [{ - matches: ["http://mochi.test/*/file_sample.html"], + // Note: no :8888 because of bug 1468162. + matches: ["*://mochi.test/*/file_sample.html"], all_frames: true, js: ["cs.js"], }], @@ -311,19 +343,20 @@ add_task(async function test_sub_subframe_conduit_verified_env() { is(err, "Unknown sender or wrong actor for recvCreateProxyContext"); } - let remote = SpecialPowers.getBoolPref("extensions.webextensions.remote"); - let badProcess = { message: /Bad {[\w-]+} process: web/ }; let badPrincipal = { message: /Bad {[\w-]+} principal: http/ }; - consoleMonitor.start(remote ? [badPrincipal, badProcess] : [badProcess]); + consoleMonitor.start([badPrincipal, badProcess]); let extension = ExtensionTestUtils.loadExtension({ manifest, files }); + + + // Need OOP to spoof from a web iframe inside background page. + await allow_unsafe_parent_loads_when_extensions_not_remote(); await extension.startup(); - if (remote) { - info("Need OOP to spoof from a web iframe inside background page."); - await expectErrors(extension); - } + info("Spoof from a web iframe inside background page."); + await expectErrors(extension); + await revert_allow_unsafe_parent_loads_when_extensions_not_remote(); info("Try spoofing from the web process."); let win = window.open("./file_sample.html"); |