1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<!DOCTYPE HTML>
<html>
<head>
<title>Tests for Content Security Policy during redirects</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<iframe style="width:100%;height:300px;" id="harness"></iframe>
<pre id="log"></pre>
<script class="testbody" type="text/javascript">
var path = "/tests/dom/security/test/csp/";
// debugging
function log(s) {
// dump("**" + s + "\n");
// var log = document.getElementById("log");
// log.textContent = log.textContent+s+"\n";
}
SpecialPowers.registerObservers("csp-on-violate-policy");
// used to watch if requests are blocked by CSP or allowed through
function examiner() {
SpecialPowers.addObserver(this, "csp-on-violate-policy");
SpecialPowers.addObserver(this, "specialpowers-csp-on-violate-policy");
SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
}
examiner.prototype = {
observe(subject, topic, data) {
var testpat = new RegExp("testid=([a-z0-9-]+)");
var asciiSpec;
var testid;
if (topic === "specialpowers-http-notify-request") {
// request was sent
var allowedUri = data;
if (!testpat.test(allowedUri)) return;
testid = testpat.exec(allowedUri)[1];
if (testExpectedResults[testid] == "completed") return;
log("allowed: "+allowedUri);
window.testResult(testid, allowedUri, true);
}
else if (topic === "csp-on-violate-policy" || topic === "specialpowers-csp-on-violate-policy") {
// request was blocked
asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
if (!testpat.test(asciiSpec)) return;
testid = testpat.exec(asciiSpec)[1];
// had to add this check because http-on-modify-request can fire after
// csp-on-violate-policy, apparently, even though the request does
// not hit the wire.
if (testExpectedResults[testid] == "completed") return;
log("BLOCKED: "+asciiSpec);
window.testResult(testid, asciiSpec, false);
}
},
remove() {
SpecialPowers.removeObserver(this, "csp-on-violate-policy");
SpecialPowers.removeObserver(this, "specialpowers-csp-on-violate-policy");
SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
}
}
window.examiner = new examiner();
// contains { test_frame_id : expected_result }
var testExpectedResults = { "font-src": true,
"font-src-redir": false,
"frame-src": true,
"frame-src-redir": false,
"img-src": true,
"img-src-redir": false,
"media-src": true,
"media-src-redir": false,
"object-src": true,
"object-src-redir": false,
"script-src": true,
"script-src-redir": false,
"style-src": true,
"style-src-redir": false,
"xhr-src": true,
"xhr-src-redir": false,
"from-worker": true,
"script-src-redir-from-worker": true, // redir is allowed since policy isn't inherited
"xhr-src-redir-from-worker": true, // redir is allowed since policy isn't inherited
"fetch-src-redir-from-worker": true, // redir is allowed since policy isn't inherited
"from-blob-worker": true,
"script-src-redir-from-blob-worker": false,
"xhr-src-redir-from-blob-worker": false,
"fetch-src-redir-from-blob-worker": false,
"img-src-from-css": true,
"img-src-redir-from-css": false,
};
// takes the name of the test, the URL that was tested, and whether the
// load occurred
var testResult = function(testName, url, result) {
log(" testName: "+testName+", result: "+result+", expected: "+testExpectedResults[testName]+"\n");
is(result, testExpectedResults[testName], testName+" test: "+url);
// mark test as completed
testExpectedResults[testName] = "completed";
// don't finish until we've run all the tests
for (var t in testExpectedResults) {
if (testExpectedResults[t] != "completed") {
return;
}
}
window.examiner.remove();
SimpleTest.finish();
}
SimpleTest.waitForExplicitFinish();
SpecialPowers.pushPrefEnv(
{'set':[// On a cellular connection the default preload value is 0 ("preload
// none"). Our Android emulators emulate a cellular connection, and
// so by default preload no media data. This causes the media_* tests
// to timeout. We set the default used by cellular connections to the
// same as used by non-cellular connections in order to get
// consistent behavior across platforms/devices.
["media.preload.default", 2],
["media.preload.default.cellular", 2]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById("harness").src = "file_redirects_main.html";
});
</script>
</pre>
</body>
</html>
|
