summaryrefslogtreecommitdiffstats
path: root/netwerk/test/mochitests/test_origin_header.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /netwerk/test/mochitests/test_origin_header.html
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk/test/mochitests/test_origin_header.html')
-rw-r--r--netwerk/test/mochitests/test_origin_header.html398
1 files changed, 398 insertions, 0 deletions
diff --git a/netwerk/test/mochitests/test_origin_header.html b/netwerk/test/mochitests/test_origin_header.html
new file mode 100644
index 0000000000..f90887ddf0
--- /dev/null
+++ b/netwerk/test/mochitests/test_origin_header.html
@@ -0,0 +1,398 @@
+<!DOCTYPE HTML>
+<!-- Any copyright is dedicated to the Public Domain.
+ - http://creativecommons.org/publicdomain/zero/1.0/ -->
+<html>
+<head>
+ <title> Bug 446344 - Test Origin Header</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css">
+</head>
+<body>
+
+<p><a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=446344">Mozilla Bug 446344</a></p>
+
+<p id="display"></p>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+const EMPTY_ORIGIN = "Origin: ";
+
+let testsToRun = [
+ {
+ name: "sendOriginHeader=0 (never)",
+ prefs: [
+ ["network.http.sendOriginHeader", 0],
+ ],
+ results: {
+ framePost: EMPTY_ORIGIN,
+ framePostXOrigin: EMPTY_ORIGIN,
+ frameGet: EMPTY_ORIGIN,
+ framePostNonSandboxed: EMPTY_ORIGIN,
+ framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
+ framePostSandboxed: EMPTY_ORIGIN,
+ framePostSrcDoc: EMPTY_ORIGIN,
+ framePostSrcDocXOrigin: EMPTY_ORIGIN,
+ framePostDataURI: EMPTY_ORIGIN,
+ framePostSameOriginToXOrigin: EMPTY_ORIGIN,
+ framePostXOriginToSameOrigin: EMPTY_ORIGIN,
+ framePostXOriginToXOrigin: EMPTY_ORIGIN,
+ },
+ },
+ {
+ name: "sendOriginHeader=1 (same-origin)",
+ prefs: [
+ ["network.http.sendOriginHeader", 1],
+ ],
+ results: {
+ framePost: "Origin: http://mochi.test:8888",
+ framePostXOrigin: "Origin: null",
+ frameGet: EMPTY_ORIGIN,
+ framePostNonSandboxed: "Origin: http://mochi.test:8888",
+ framePostNonSandboxedXOrigin: "Origin: null",
+ framePostSandboxed: "Origin: null",
+ framePostSrcDoc: "Origin: http://mochi.test:8888",
+ framePostSrcDocXOrigin: "Origin: null",
+ framePostDataURI: "Origin: null",
+ framePostSameOriginToXOrigin: "Origin: null",
+ framePostXOriginToSameOrigin: "Origin: null",
+ framePostXOriginToXOrigin: "Origin: null",
+ },
+ },
+ {
+ name: "sendOriginHeader=2 (always)",
+ prefs: [
+ ["network.http.sendOriginHeader", 2],
+ ],
+ results: {
+ framePost: "Origin: http://mochi.test:8888",
+ framePostXOrigin: "Origin: http://mochi.test:8888",
+ frameGet: EMPTY_ORIGIN,
+ framePostNonSandboxed: "Origin: http://mochi.test:8888",
+ framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
+ framePostSandboxed: "Origin: null",
+ framePostSrcDoc: "Origin: http://mochi.test:8888",
+ framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
+ framePostDataURI: "Origin: null",
+ framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
+ framePostXOriginToSameOrigin: "Origin: null",
+ framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
+ },
+ },
+ {
+ name: "sendRefererHeader=0 (never)",
+ prefs: [
+ ["network.http.sendRefererHeader", 0],
+ ],
+ results: {
+ framePost: "Origin: http://mochi.test:8888",
+ framePostXOrigin: "Origin: http://mochi.test:8888",
+ frameGet: EMPTY_ORIGIN,
+ framePostNonSandboxed: "Origin: http://mochi.test:8888",
+ framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
+ framePostSandboxed: "Origin: null",
+ framePostSrcDoc: "Origin: http://mochi.test:8888",
+ framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
+ framePostDataURI: "Origin: null",
+ framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
+ framePostXOriginToSameOrigin: "Origin: null",
+ framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
+ },
+ },
+ {
+ name: "userControlPolicy=0 (no-referrer)",
+ prefs: [
+ ["network.http.sendRefererHeader", 2],
+ ["network.http.referer.defaultPolicy", 0],
+ ],
+ results: {
+ framePost: "Origin: null",
+ framePostXOrigin: "Origin: null",
+ frameGet: EMPTY_ORIGIN,
+ framePostNonSandboxed: "Origin: null",
+ framePostNonSandboxedXOrigin: "Origin: null",
+ framePostSandboxed: "Origin: null",
+ framePostSrcDoc: "Origin: null",
+ framePostSrcDocXOrigin: "Origin: null",
+ framePostDataURI: "Origin: null",
+ framePostSameOriginToXOrigin: "Origin: null",
+ framePostXOriginToSameOrigin: "Origin: null",
+ framePostXOriginToXOrigin: "Origin: null",
+ },
+ },
+];
+
+let checksToRun = [
+ {
+ name: "POST",
+ frameID: "framePost",
+ formID: "formPost",
+ },
+ {
+ name: "cross-origin POST",
+ frameID: "framePostXOrigin",
+ formID: "formPostXOrigin",
+ },
+ {
+ name: "GET",
+ frameID: "frameGet",
+ formID: "formGet",
+ },
+ {
+ name: "POST inside iframe",
+ frameID: "framePostNonSandboxed",
+ frameSrc: "HTTP://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post.html",
+ },
+ {
+ name: "cross-origin POST inside iframe",
+ frameID: "framePostNonSandboxedXOrigin",
+ frameSrc: "Http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post_xorigin.html",
+ },
+ {
+ name: "POST inside sandboxed iframe",
+ frameID: "framePostSandboxed",
+ frameSrc: "http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post.html",
+ },
+ {
+ name: "POST inside a srcdoc iframe",
+ frameID: "framePostSrcDoc",
+ srcdoc: "origin_header_form_post.html",
+ },
+ {
+ name: "cross-origin POST inside a srcdoc iframe",
+ frameID: "framePostSrcDocXOrigin",
+ srcdoc: "origin_header_form_post_xorigin.html",
+ },
+ {
+ name: "POST inside a data: iframe",
+ frameID: "framePostDataURI",
+ dataURI: "origin_header_form_post.html",
+ },
+ {
+ name: "same-origin POST redirected to cross-origin",
+ frameID: "framePostSameOriginToXOrigin",
+ formID: "formPostSameOriginToXOrigin",
+ },
+ {
+ name: "cross-origin POST redirected to same-origin",
+ frameID: "framePostXOriginToSameOrigin",
+ formID: "formPostXOriginToSameOrigin",
+ },
+ {
+ name: "cross-origin POST redirected to cross-origin",
+ frameID: "framePostXOriginToXOrigin",
+ formID: "formPostXOriginToXOrigin",
+ },
+];
+
+function frameLoaded(test, check)
+{
+ let frame = window.document.getElementById(check.frameID);
+ frame.onload = null;
+ let result = SpecialPowers.wrap(frame).contentDocument.documentElement.textContent;
+ is(result, test.results[check.frameID], check.name + " with " + test.name);
+}
+
+function submitForm(test, check)
+{
+ return new Promise((resolve, reject) => {
+ document.getElementById(check.frameID).onload = () => {
+ frameLoaded(test, check);
+ resolve();
+ };
+ document.getElementById(check.formID).submit();
+ });
+}
+
+function loadIframe(test, check)
+{
+ return new Promise((resolve, reject) => {
+ let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
+ frame.onload = function () {
+ // Ignore the first load and wait for the submitted form instead.
+ let location = frame.contentWindow.location + "";
+ if (location.endsWith("origin_header.sjs")) {
+ frameLoaded(test, check);
+ resolve();
+ }
+ }
+ frame.src = check.frameSrc;
+ });
+}
+
+function loadSrcDocFrame(test, check)
+{
+ return new Promise((resolve, reject) => {
+ let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
+ frame.onload = function () {
+ // Ignore the first load and wait for the submitted form instead.
+ let location = frame.contentWindow.location + "";
+ if (location.endsWith("origin_header.sjs")) {
+ frameLoaded(test, check);
+ resolve();
+ }
+ }
+ fetch(check.srcdoc).then((response) => {
+ response.text().then((body) => {
+ frame.srcdoc = body;
+ });;
+ });
+ });
+ }
+
+function loadDataURIFrame(test, check)
+{
+ return new Promise((resolve, reject) => {
+ let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
+ frame.onload = function () {
+ // Ignore the first load and wait for the submitted form instead.
+ let location = frame.contentWindow.location + "";
+ if (location.endsWith("origin_header.sjs")) {
+ frameLoaded(test, check);
+ resolve();
+ }
+ }
+ fetch(check.dataURI).then((response) => {
+ response.text().then((body) => {
+ frame.src = "data:text/html," + encodeURIComponent(body);
+ });;
+ });
+ });
+}
+
+async function resetFrames()
+{
+ let checkPromises = [];
+ for (let check of checksToRun) {
+ checkPromises.push(new Promise((resolve, reject) => {
+ let frame = document.getElementById(check.frameID);
+ frame.onload = () => resolve();
+ if (check.srcdoc) {
+ frame.srcdoc = "";
+ } else {
+ frame.src = "about:blank";
+ }
+ }));
+ }
+ await Promise.all(checkPromises);
+}
+
+async function runTests()
+{
+ for (let test of testsToRun) {
+ await resetFrames();
+ await SpecialPowers.pushPrefEnv({"set": test.prefs});
+
+ let checkPromises = [];
+ for (let check of checksToRun) {
+ if (check.formID) {
+ checkPromises.push(submitForm(test, check));
+ } else if (check.frameSrc) {
+ checkPromises.push(loadIframe(test, check));
+ } else if (check.srcdoc) {
+ checkPromises.push(loadSrcDocFrame(test, check));
+ } else if (check.dataURI) {
+ checkPromises.push(loadDataURIFrame(test, check));
+ } else {
+ ok(false, "Unsupported check");
+ break;
+ }
+ }
+ await Promise.all(checkPromises);
+ };
+ SimpleTest.finish();
+}
+
+SimpleTest.waitForExplicitFinish();
+SimpleTest.requestLongerTimeout(5); // work around Android timeouts
+addLoadEvent(runTests);
+
+</script>
+</pre>
+<table>
+<tr>
+ <td>
+ <iframe src="about:blank" name="framePost" id="framePost"></iframe>
+ <form action="origin_header.sjs"
+ method="POST"
+ id="formPost"
+ target="framePost">
+ <input type="submit" value="Submit POST">
+ </form>
+ </td>
+ <td>
+ <iframe src="about:blank" name="framePostXOrigin" id="framePostXOrigin"></iframe>
+ <form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
+ method="POST"
+ id="formPostXOrigin"
+ target="framePostXOrigin">
+ <input type="submit" value="Submit XOrigin POST">
+ </form>
+ </td>
+ <td>
+ <iframe src="about:blank" name="frameGet" id="frameGet"></iframe>
+ <form action="origin_header.sjs"
+ method="GET"
+ id="formGet"
+ target="frameGet">
+ <input type="submit" value="Submit GET">
+ </form>
+ </td>
+ <td>
+ <iframe src="about:blank" name="framePostSameOriginToXOrigin" id="framePostSameOriginToXOrigin"></iframe>
+ <form action="redirect_to.sjs?http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
+ method="POST"
+ id="formPostSameOriginToXOrigin"
+ target="framePostSameOriginToXOrigin">
+ <input type="Submit" value="Submit SameOrigin POST redirected to XOrigin">
+ </form>
+ </td>
+ <td>
+ <iframe src="about:blank" name="framePostXOriginToSameOrigin" id="framePostXOriginToSameOrigin"></iframe>
+ <form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
+ method="POST"
+ id="formPostXOriginToSameOrigin"
+ target="framePostXOriginToSameOrigin">
+ <input type="Submit" value="Submit XOrigin POST redirected to SameOrigin">
+ </form>
+ </td>
+ <td>
+ <iframe src="about:blank" name="framePostXOriginToXOrigin" id="framePostXOriginToXOrigin"></iframe>
+ <form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?/tests/netwerk/test/mochitests/origin_header.sjs"
+ method="POST"
+ id="formPostXOriginToXOrigin"
+ target="framePostXOriginToXOrigin">
+ <input type="Submit" value="Submit XOrigin POST redirected to XOrigin">
+ </form>
+ </td>
+</tr>
+<tr>
+ <td>
+ <iframe src="about:blank" id="framePostNonSandboxed"></iframe>
+ <div>Non-sandboxed iframe</div>
+ </td>
+ <td>
+ <iframe src="about:blank" id="framePostNonSandboxedXOrigin"></iframe>
+ <div>Non-sandboxed cross-origin iframe</div>
+ </td>
+ <td>
+ <iframe src="about:blank" id="framePostSandboxed" sandbox="allow-forms allow-scripts"></iframe>
+ <div>Sandboxed iframe</div>
+ </td>
+</tr>
+<tr>
+ <td>
+ <iframe id="framePostSrcDoc" src="about:blank"></iframe>
+ <div>Srcdoc iframe</div>
+ </td>
+ <td>
+ <iframe id="framePostSrcDocXOrigin" src="about:blank"></iframe>
+ <div>Srcdoc cross-origin iframe</div>
+ </td>
+ <td>
+ <iframe id="framePostDataURI" src="about:blank"></iframe>
+ <div>data: URI iframe</div>
+ </td>
+</tr>
+</table>
+
+</body>
+</html>