From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../test/sec-fetch/browser_external_loads.js | 176 +++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 dom/security/test/sec-fetch/browser_external_loads.js (limited to 'dom/security/test/sec-fetch/browser_external_loads.js') diff --git a/dom/security/test/sec-fetch/browser_external_loads.js b/dom/security/test/sec-fetch/browser_external_loads.js new file mode 100644 index 0000000000..0340b46899 --- /dev/null +++ b/dom/security/test/sec-fetch/browser_external_loads.js @@ -0,0 +1,176 @@ +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" +); + +var gExpectedHeader = {}; + +function checkSecFetchUser(subject, topic, data) { + let channel = subject.QueryInterface(Ci.nsIHttpChannel); + if (!channel.URI.spec.startsWith("https://example.com")) { + return; + } + + info(`testing headers for load of ${channel.URI.spec}`); + + const secFetchHeaders = [ + "sec-fetch-mode", + "sec-fetch-dest", + "sec-fetch-user", + "sec-fetch-site", + ]; + + secFetchHeaders.forEach(header => { + const expectedValue = gExpectedHeader[header]; + try { + is( + channel.getRequestHeader(header), + expectedValue, + `${header} is set to ${expectedValue}` + ); + } catch (e) { + if (expectedValue) { + ok(false, `${header} should be set`); + } else { + ok(true, `${header} should not be set`); + } + } + }); +} + +add_task(async function external_load() { + waitForExplicitFinish(); + Services.obs.addObserver(checkSecFetchUser, "http-on-stop-request"); + + let headersChecked = new Promise(resolve => { + let reqStopped = async (subject, topic, data) => { + Services.obs.removeObserver(reqStopped, "http-on-stop-request"); + resolve(); + }; + Services.obs.addObserver(reqStopped, "http-on-stop-request"); + }); + + // System fetch. Shouldn't use Sec- headers for that. + gExpectedHeader = { + "sec-fetch-site": null, + "sec-fetch-mode": null, + "sec-fetch-dest": null, + "sec-fetch-user": null, + }; + await window.fetch(`${TEST_PATH}file_dummy_link.html?sysfetch`); + await headersChecked; + + // Simulate an external load in the *current* window with + // Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL and the system principal. + gExpectedHeader = { + "sec-fetch-site": "none", + "sec-fetch-mode": "navigate", + "sec-fetch-dest": "document", + "sec-fetch-user": "?1", + }; + + let loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + window.browserDOMWindow.openURI( + makeURI(`${TEST_PATH}file_dummy_link.html`), + null, + Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, + Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL, + Services.scriptSecurityManager.getSystemPrincipal() + ); + await loaded; + + // Open a link in a *new* window through the context menu. + gExpectedHeader = { + "sec-fetch-site": "same-origin", + "sec-fetch-mode": "navigate", + "sec-fetch-dest": "document", + "sec-fetch-user": "?1", + }; + + loaded = BrowserTestUtils.waitForNewWindow({ + url: `${TEST_PATH}file_dummy_link_location.html`, + }); + BrowserTestUtils.waitForEvent(document, "popupshown", false, event => { + document.getElementById("context-openlink").doCommand(); + event.target.hidePopup(); + return true; + }); + BrowserTestUtils.synthesizeMouseAtCenter( + "#dummylink", + { type: "contextmenu", button: 2 }, + gBrowser.selectedBrowser + ); + + let win = await loaded; + win.close(); + + // Simulate an external load in a *new* window with + // Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL and the system principal. + gExpectedHeader = { + "sec-fetch-site": "none", + "sec-fetch-mode": "navigate", + "sec-fetch-dest": "document", + "sec-fetch-user": "?1", + }; + + loaded = BrowserTestUtils.waitForNewWindow({ + url: "https://example.com/newwindow", + }); + window.browserDOMWindow.openURI( + makeURI("https://example.com/newwindow"), + null, + Ci.nsIBrowserDOMWindow.OPEN_NEWWINDOW, + Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL, + Services.scriptSecurityManager.getSystemPrincipal() + ); + win = await loaded; + win.close(); + + // Open a *new* window through window.open without user activation. + gExpectedHeader = { + "sec-fetch-site": "same-origin", + "sec-fetch-mode": "navigate", + "sec-fetch-dest": "document", + }; + + loaded = BrowserTestUtils.waitForNewWindow({ + url: "https://example.com/windowopen", + }); + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], () => { + content.window.open( + "https://example.com/windowopen", + "_blank", + "height=500,width=500" + ); + }); + win = await loaded; + win.close(); + + // Open a *new* window through window.open with user activation. + gExpectedHeader = { + "sec-fetch-site": "same-origin", + "sec-fetch-mode": "navigate", + "sec-fetch-dest": "document", + "sec-fetch-user": "?1", + }; + + loaded = BrowserTestUtils.waitForNewWindow({ + url: "https://example.com/windowopen_withactivation", + }); + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], () => { + content.document.notifyUserGestureActivation(); + content.window.open( + "https://example.com/windowopen_withactivation", + "_blank", + "height=500,width=500" + ); + content.document.clearUserGestureActivation(); + }); + win = await loaded; + win.close(); + + Services.obs.removeObserver(checkSecFetchUser, "http-on-stop-request"); + finish(); +}); -- cgit v1.2.3