From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../netmonitor/test/browser_net_block-csp.js | 111 +++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 devtools/client/netmonitor/test/browser_net_block-csp.js (limited to 'devtools/client/netmonitor/test/browser_net_block-csp.js') diff --git a/devtools/client/netmonitor/test/browser_net_block-csp.js b/devtools/client/netmonitor/test/browser_net_block-csp.js new file mode 100644 index 0000000000..f4947cd769 --- /dev/null +++ b/devtools/client/netmonitor/test/browser_net_block-csp.js @@ -0,0 +1,111 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +/** + * Test that CSP violations display in the netmonitor when blocked + */ + +add_task(async function () { + info("Test requests blocked by CSP in the top level document"); + await testRequestsBlockedByCSP( + HTTPS_EXAMPLE_URL, + HTTPS_EXAMPLE_URL + "html_csp-test-page.html" + ); + + // The html_csp-frame-test-page.html (in the .com domain) includes + // an iframe from the .org domain + info("Test requests blocked by CSP in remote frames"); + await testRequestsBlockedByCSP( + HTTPS_EXAMPLE_ORG_URL, + HTTPS_EXAMPLE_URL + "html_csp-frame-test-page.html" + ); +}); + +async function testRequestsBlockedByCSP(baseUrl, page) { + const { monitor } = await initNetMonitor(page, { requestCount: 3 }); + + const { document, store, windowRequire } = monitor.panelWin; + const Actions = windowRequire("devtools/client/netmonitor/src/actions/index"); + const { getDisplayedRequests } = windowRequire( + "devtools/client/netmonitor/src/selectors/index" + ); + + const scriptFileName = "js_websocket-worker-test.js"; + const styleFileName = "internal-loaded.css"; + + store.dispatch(Actions.batchEnable(false)); + + const wait = waitForNetworkEvents(monitor, 3); + await reloadBrowser(); + info("Waiting until the requests appear in netmonitor"); + await wait; + + const displayedRequests = getDisplayedRequests(store.getState()); + + const styleRequest = displayedRequests.find(request => + request.url.includes(styleFileName) + ); + + info("Ensure the attempt to load a CSS file shows a blocked CSP error"); + + verifyRequestItemTarget( + document, + displayedRequests, + styleRequest, + "GET", + baseUrl + styleFileName, + { + transferred: "CSP", + cause: { type: "stylesheet" }, + type: "", + } + ); + + const scriptRequest = displayedRequests.find(request => + request.url.includes(scriptFileName) + ); + + info("Test that the attempt to load a JS file shows a blocked CSP error"); + + verifyRequestItemTarget( + document, + displayedRequests, + scriptRequest, + "GET", + baseUrl + scriptFileName, + { + transferred: "CSP", + cause: { type: "script" }, + type: "", + } + ); + + info("Test that header infomation is available for blocked CSP requests"); + + const requestEl = document.querySelector( + `.requests-list-column[title*="${scriptFileName}"]` + ).parentNode; + + const waitForHeadersPanel = waitUntil(() => + document.querySelector("#headers-panel .panel-container") + ); + clickElement(requestEl, monitor); + await waitForHeadersPanel; + + ok( + document.querySelector(".headers-overview"), + "There is request overview details" + ); + ok( + document.querySelector(".accordion #requestHeaders"), + "There is request header information" + ); + ok( + !document.querySelector(".accordion #responseHeaders"), + "There is no response header information" + ); + + await teardown(monitor); +} -- cgit v1.2.3