1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
/**
* Test that CSP violations display in the netmonitor when blocked
*/
add_task(async function () {
info("Test requests blocked by CSP in the top level document");
await testRequestsBlockedByCSP(
HTTPS_EXAMPLE_URL,
HTTPS_EXAMPLE_URL + "html_csp-test-page.html"
);
// The html_csp-frame-test-page.html (in the .com domain) includes
// an iframe from the .org domain
info("Test requests blocked by CSP in remote frames");
await testRequestsBlockedByCSP(
HTTPS_EXAMPLE_ORG_URL,
HTTPS_EXAMPLE_URL + "html_csp-frame-test-page.html"
);
});
async function testRequestsBlockedByCSP(baseUrl, page) {
const { monitor } = await initNetMonitor(page, { requestCount: 3 });
const { document, store, windowRequire } = monitor.panelWin;
const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
const { getDisplayedRequests } = windowRequire(
"devtools/client/netmonitor/src/selectors/index"
);
const scriptFileName = "js_websocket-worker-test.js";
const styleFileName = "internal-loaded.css";
store.dispatch(Actions.batchEnable(false));
const wait = waitForNetworkEvents(monitor, 3);
await reloadBrowser();
info("Waiting until the requests appear in netmonitor");
await wait;
const displayedRequests = getDisplayedRequests(store.getState());
const styleRequest = displayedRequests.find(request =>
request.url.includes(styleFileName)
);
info("Ensure the attempt to load a CSS file shows a blocked CSP error");
verifyRequestItemTarget(
document,
displayedRequests,
styleRequest,
"GET",
baseUrl + styleFileName,
{
transferred: "CSP",
cause: { type: "stylesheet" },
type: "",
}
);
const scriptRequest = displayedRequests.find(request =>
request.url.includes(scriptFileName)
);
info("Test that the attempt to load a JS file shows a blocked CSP error");
verifyRequestItemTarget(
document,
displayedRequests,
scriptRequest,
"GET",
baseUrl + scriptFileName,
{
transferred: "CSP",
cause: { type: "script" },
type: "",
}
);
info("Test that header infomation is available for blocked CSP requests");
const requestEl = document.querySelector(
`.requests-list-column[title*="${scriptFileName}"]`
).parentNode;
const waitForHeadersPanel = waitUntil(() =>
document.querySelector("#headers-panel .panel-container")
);
clickElement(requestEl, monitor);
await waitForHeadersPanel;
ok(
document.querySelector(".headers-overview"),
"There is request overview details"
);
ok(
document.querySelector(".accordion #requestHeaders"),
"There is request header information"
);
ok(
!document.querySelector(".accordion #responseHeaders"),
"There is no response header information"
);
await teardown(monitor);
}
|