summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/resource-timing/iframe-failed-commit.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/resource-timing/iframe-failed-commit.html
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/resource-timing/iframe-failed-commit.html108
1 files changed, 108 insertions, 0 deletions
diff --git a/testing/web-platform/tests/resource-timing/iframe-failed-commit.html b/testing/web-platform/tests/resource-timing/iframe-failed-commit.html
new file mode 100644
index 0000000000..1da207d2fb
--- /dev/null
+++ b/testing/web-platform/tests/resource-timing/iframe-failed-commit.html
@@ -0,0 +1,108 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8" />
+<title>Resource Timing - test that unsuccessful iframes create entries</title>
+<link rel="author" title="Google" href="http://www.google.com/" />
+<link rel="help" href=
+ "https://www.w3.org/TR/resource-timing-2/#resources-included-in-the-performanceresourcetiming-interface"/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/entry-invariants.js"></script>
+<script src="resources/resource-loaders.js"></script>
+<body>
+<script>
+
+// Like load.iframe but fetches the iframe under a "default-src 'none'"
+// Content-Security-Policy.
+const load_iframe_with_csp = async path => {
+ return load.iframe_with_attrs(path, {"csp": "default-src 'none'"});
+};
+
+// Runs a test (labeled by the given label) to verify that loading an iframe
+// with the given URL generates a PerformanceResourceTiming entry and that the
+// entry does not expose sensitive timing attributes.
+const masked_entry_test = (url, label) => {
+ return attribute_test(load.iframe, url,
+ invariants.assert_tao_failure_resource, label);
+};
+
+// Runs a test (labeled by the given label) to verify that loading an iframe
+// with the given URL generates a PerformanceResourceTiming entry and that the
+// entry does expose sensitive timing attributes.
+const unmasked_entry_with_csp_test = (url, label) => {
+ return attribute_test(load_iframe_with_csp, url,
+ invariants.assert_tao_pass_no_redirect_http, label);
+};
+
+// Runs a test (labeled by the given label) to verify that loading an iframe
+// with the given URL under a "default-src 'none' Content-Security-Policy
+// generates a PerformanceResourceTiming entry and that the entry does not
+// expose sensitive timing attributes.
+const masked_entry_with_csp_test = (url, label) => {
+ return attribute_test(load_iframe_with_csp, url,
+ invariants.assert_tao_failure_resource, label);
+};
+
+// Runs a test (labeled by the given label) to verify that loading an iframe
+// with the given URL, an empty response body and under a "default-src 'none'
+// Content-Security-Policy generates a PerformanceResourceTiming entry and that
+// the entry does expose sensitive timing attributes.
+const empty_unmasked_entry_with_csp_test = (url, label) => {
+ return attribute_test(load_iframe_with_csp, url,
+ invariants.assert_tao_pass_no_redirect_http_empty, label);
+};
+
+const {REMOTE_ORIGIN, ORIGINAL_HOST, HTTPS_PORT} = get_host_info();
+const unhosted_url = `https://nonexistent.${ORIGINAL_HOST}:${HTTPS_PORT}/`;
+
+masked_entry_test(
+ unhosted_url,
+ "Test iframe from non-existent host gets reported");
+
+masked_entry_test(
+ "/resource-timing/resources/fake_responses.py?redirect=" + unhosted_url,
+ "Test iframe redirecting to non-existent host gets reported");
+
+unmasked_entry_with_csp_test("/resource-timing/resources/csp-default-none.html",
+ "Same-origin iframe that complies with CSP attribute gets reported");
+
+unmasked_entry_with_csp_test("/resource-timing/resources/green-frame.html",
+ "Same-origin iframe that doesn't comply with CSP attribute gets reported");
+
+masked_entry_with_csp_test(
+ new URL("/resource-timing/resources/csp-default-none.html", REMOTE_ORIGIN),
+ "Cross-origin iframe that complies with CSP attribute gets reported");
+
+masked_entry_with_csp_test(
+ new URL("/resource-timing/resources/green-frame.html", REMOTE_ORIGIN),
+ "Cross-origin iframe that doesn't comply with CSP attribute gets reported");
+
+empty_unmasked_entry_with_csp_test(
+ "/resource-timing/resources/200_empty.asis",
+ "Same-origin empty iframe with a 200 status gets reported");
+
+masked_entry_with_csp_test(
+ new URL("/resource-timing/resources/200_empty.asis", REMOTE_ORIGIN),
+ "Cross-origin empty iframe with a 200 status gets reported");
+
+unmasked_entry_with_csp_test(
+ new URL("/resource-timing/resources/204_empty.asis"),
+ "Same-origin empty iframe with a 204 status gets reported");
+
+unmasked_entry_with_csp_test(
+ new URL("/resource-timing/resources/205_empty.asis"),
+ "Same-origin empty iframe with a 205 status gets reported");
+
+masked_entry_with_csp_test(
+ new URL("/resource-timing/resources/204_empty.asis", REMOTE_ORIGIN),
+ "Cross-origin empty iframe with a 204 status gets reported");
+
+masked_entry_with_csp_test(
+ new URL("/resource-timing/resources/205_empty.asis", REMOTE_ORIGIN),
+ "Cross-origin empty iframe with a 205 status gets reported");
+
+</script>
+</body>
+</html>