summaryrefslogtreecommitdiffstats
path: root/dom/security/test/sec-fetch/test_trustworthy_loopback.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/sec-fetch/test_trustworthy_loopback.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/sec-fetch/test_trustworthy_loopback.html')
-rw-r--r--dom/security/test/sec-fetch/test_trustworthy_loopback.html77
1 files changed, 77 insertions, 0 deletions
diff --git a/dom/security/test/sec-fetch/test_trustworthy_loopback.html b/dom/security/test/sec-fetch/test_trustworthy_loopback.html
new file mode 100644
index 0000000000..95ecac17ed
--- /dev/null
+++ b/dom/security/test/sec-fetch/test_trustworthy_loopback.html
@@ -0,0 +1,77 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1732069: Sec-Fetch-Site inconsistent on localhost/IPs</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script type="application/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+let testsSucceeded = 0;
+
+let win;
+function checkTestsDone() {
+ testsSucceeded++;
+ if (testsSucceeded == 3) {
+ win.close();
+ SimpleTest.finish();
+ }
+}
+
+var script = SpecialPowers.loadChromeScript(() => {
+ /* eslint-env mozilla/chrome-script */
+ Services.obs.addObserver(function onExamResp(subject, topic, data) {
+ let channel = subject.QueryInterface(Ci.nsIHttpChannel);
+ if (!channel.URI.spec.includes("localhost") ||
+ channel.URI.spec.startsWith("http://localhost:9898/tests/dom/security/test/sec-fetch/file_trustworthy_loopback.html")) {
+ return;
+ }
+
+ const expectedHeaders = {
+ "localhost:9898": {
+ "sec-fetch-site": "same-origin",
+ "sec-fetch-mode": "navigate",
+ "sec-fetch-dest": "iframe",
+ },
+ "sub.localhost:-1": {
+ "sec-fetch-site": "cross-site",
+ "sec-fetch-mode": "navigate",
+ "sec-fetch-dest": "iframe",
+ },
+ "localhost:9899": {
+ "sec-fetch-site": "same-site",
+ "sec-fetch-mode": "navigate",
+ "sec-fetch-dest": "iframe",
+ },
+ };
+
+ info(`checking headers for request to ${channel.URI.spec}`);
+ const expected = expectedHeaders[channel.URI.host + ":" + channel.URI.port];
+ for (let key in expected) {
+ try {
+ is(channel.getRequestHeader(key), expected[key], `${key} header matches`);
+ } catch (e) {
+ ok(false, "failed to check headers");
+ }
+ }
+ sendAsyncMessage("test-end");
+ }, "http-on-stop-request");
+});
+
+script.addMessageListener("test-end", () => {
+ checkTestsDone();
+});
+
+SpecialPowers.pushPrefEnv({set: [
+ ["network.proxy.allow_hijacking_localhost", true],
+ ["network.proxy.testing_localhost_is_secure_when_hijacked", true],
+]}).then(function() {
+ win = window.open("http://localhost:9898/tests/dom/security/test/sec-fetch/file_trustworthy_loopback.html");
+});
+
+</script>
+</body>
+</html>