summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
blob: f1e9cb2892819ab734977a2535528f6809fa56ad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
const { HttpServer } = ChromeUtils.importESModule("resource://testing-common/httpd.sys.mjs");

var httpserver = new HttpServer();
var httpserver2 = new HttpServer();
var httpserver3 = new HttpServer();
var testpath = "/simple";
var redirectpath = "/redirect";
var negativetestpath = "/negative";
var httpbody = "<?xml version='1.0' ?><root>0123456789</root>";

var sb = Cu.Sandbox(["http://www.example.com",
                     "http://localhost:4444/redirect",
                     "http://localhost:4444/simple",
                     "http://localhost:4446/redirect"],
                     { wantGlobalProperties: ["XMLHttpRequest"] });

function createXHR(loc, async)
{
  var xhr = new XMLHttpRequest();
  xhr.open("GET", "http://localhost:" + loc, async);
  return xhr;
}

function checkResults(xhr)
{
  if (xhr.readyState != 4)
    return false;

  equal(xhr.status, 200);
  equal(xhr.responseText, httpbody);

  var root_node = xhr.responseXML.getElementsByTagName('root').item(0);
  equal(root_node.firstChild.data, "0123456789");
  return true;
}

var httpServersClosed = 0;
function finishIfDone()
{
  if (++httpServersClosed == 3)
    do_test_finished();
}

function run_test()
{
  do_get_profile();
  do_test_pending();

  httpserver.registerPathHandler(testpath, serverHandler);
  httpserver.registerPathHandler(redirectpath, redirectHandler1);
  httpserver.start(4444);

  httpserver2.registerPathHandler(negativetestpath, serverHandler);
  httpserver2.start(4445);

  httpserver3.registerPathHandler(redirectpath, redirectHandler2);
  httpserver3.start(4446);

  // Test sync XHR sending
  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
  var res = Cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
  Assert.ok(checkResults(res));

  var principal = res.responseXML.nodePrincipal;
  Assert.ok(principal.isContentPrincipal);
  var requestURL = "http://localhost:4444/redirect";
  Assert.equal(principal.spec, requestURL);

  // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
  try {
    Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
    var res = Cu.evalInSandbox('var sync = createXHR("4445/negative"); sync.send(null); sync', sb);
    Assert.equal(false, true, "XHR created from sandbox should not have chrome caps");
  } catch (e) {
    Assert.ok(true);
  }

  // Test redirect handling.
  // This request bounces to server 2 and then back to server 1.  Neither of
  // these servers support CORS, but if the expanded principal is used as the
  // triggering principal, this should work.
  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
  var res = Cu.evalInSandbox('var sync = createXHR("4444/redirect"); sync.send(null); sync', sb);
  Assert.ok(checkResults(res));

  var principal = res.responseXML.nodePrincipal;
  Assert.ok(principal.isContentPrincipal);
  var requestURL = "http://localhost:4444/redirect";
  Assert.equal(principal.spec, requestURL);

  httpserver2.stop(finishIfDone);
  httpserver3.stop(finishIfDone);

  // Test async XHR sending
  sb.finish = function(){
    httpserver.stop(finishIfDone);
  }

  // We want to execute checkResults from the scope of the sandbox as well to
  // make sure that there are no permission errors related to nsEP. For that
  // we need to clone the function into the sandbox and make a few things
  // available for it.
  Cu.evalInSandbox('var checkResults = ' + checkResults.toSource(), sb);
  sb.equal = equal;
  sb.httpbody = httpbody;

  function changeListener(event) {
    if (checkResults(async))
      finish();
  }

  var async = Cu.evalInSandbox('var async = createXHR("4444/simple", true);' +
                               'async.addEventListener("readystatechange", ' +
                                                       changeListener.toString() + ', false);' +
                               'async', sb);
  async.send(null);
}

function serverHandler(request, response)
{
  response.setHeader("Content-Type", "text/xml", false);
  response.bodyOutputStream.write(httpbody, httpbody.length);
}

function redirectHandler1(request, response)
{
  response.setStatusLine(request.httpVersion, 302, "Found");
  response.setHeader("Location", "http://localhost:4446/redirect", false);
}

function redirectHandler2(request, response)
{
  response.setStatusLine(request.httpVersion, 302, "Found");
  response.setHeader("Location", "http://localhost:4444/simple", false);
}