1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const { UrlbarTestUtils } = ChromeUtils.importESModule(
"resource://testing-common/UrlbarTestUtils.sys.mjs"
);
let TEST_PATH = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
let TEST_PATH_AUTH = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.org"
);
const CROSS_DOMAIN_URL = TEST_PATH + "redirect-crossDomain.html";
const AUTH_URL = TEST_PATH_AUTH + "auth-route.sjs";
/**
* Opens a new tab with a url that redirects us cross domain
* tests that auth anti-spoofing mechanisms cover url copy while prompt is open
*
*/
async function trigger401AndHandle() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.authPromptSpoofingProtection", true]],
});
let dialogShown = waitForDialogAndCopyURL();
await BrowserTestUtils.withNewTab(CROSS_DOMAIN_URL, async function () {
await dialogShown;
});
await new Promise(resolve => {
Services.clearData.deleteData(
Ci.nsIClearDataService.CLEAR_AUTH_CACHE,
resolve
);
});
}
async function waitForDialogAndCopyURL() {
await TestUtils.topicObserved("common-dialog-loaded");
let dialog = gBrowser.getTabDialogBox(gBrowser.selectedBrowser)
._tabDialogManager._topDialog;
let dialogDocument = dialog._frame.contentDocument;
//select the whole URL
gURLBar.focus();
await SimpleTest.promiseClipboardChange(AUTH_URL, () => {
Assert.equal(
gURLBar.value,
UrlbarTestUtils.trimURL(AUTH_URL),
"url bar copy value set"
);
gURLBar.select();
goDoCommand("cmd_copy");
});
// select only part of the URL
gURLBar.focus();
let endOfSelectionRange =
UrlbarTestUtils.trimURL(AUTH_URL).indexOf("/auth-route.sjs");
let isProtocolTrimmed = AUTH_URL.startsWith(
UrlbarTestUtils.getTrimmedProtocolWithSlashes()
);
await SimpleTest.promiseClipboardChange(
AUTH_URL.substring(
0,
endOfSelectionRange +
(isProtocolTrimmed
? UrlbarTestUtils.getTrimmedProtocolWithSlashes().length
: 0)
),
() => {
Assert.equal(
gURLBar.value,
UrlbarTestUtils.trimURL(AUTH_URL),
"url bar copy value set"
);
gURLBar.selectionStart = 0;
gURLBar.selectionEnd = endOfSelectionRange;
goDoCommand("cmd_copy");
}
);
let onDialogClosed = BrowserTestUtils.waitForEvent(
window,
"DOMModalDialogClosed"
);
dialogDocument.getElementById("commonDialog").cancelDialog();
await onDialogClosed;
Assert.equal(
window.gURLBar.value,
UrlbarTestUtils.trimURL(CROSS_DOMAIN_URL),
"No location is provided by the prompt"
);
//select the whole URL after URL is reset to normal
gURLBar.focus();
await SimpleTest.promiseClipboardChange(CROSS_DOMAIN_URL, () => {
Assert.equal(
gURLBar.value,
UrlbarTestUtils.trimURL(CROSS_DOMAIN_URL),
"url bar copy value set"
);
gURLBar.select();
goDoCommand("cmd_copy");
});
}
/**
* Tests that the 401 auth spoofing mechanisms covers the url bar copy action properly,
* canceling the prompt
*/
add_task(async function testUrlCopy() {
SpecialPowers.pushPrefEnv({
set: [
["browser.urlbar.trimHttps", false],
["browser.urlbar.trimURLs", true],
],
});
await trigger401AndHandle();
SpecialPowers.popPrefEnv();
SpecialPowers.pushPrefEnv({
set: [
["browser.urlbar.trimHttps", true],
["browser.urlbar.trimURLs", true],
],
});
await trigger401AndHandle();
});
|
