diff options
Diffstat (limited to 'testing/web-platform/tests/resource-timing/iframe-failed-commit.html')
| -rw-r--r-- | testing/web-platform/tests/resource-timing/iframe-failed-commit.html | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/testing/web-platform/tests/resource-timing/iframe-failed-commit.html b/testing/web-platform/tests/resource-timing/iframe-failed-commit.html new file mode 100644 index 0000000000..1da207d2fb --- /dev/null +++ b/testing/web-platform/tests/resource-timing/iframe-failed-commit.html @@ -0,0 +1,108 @@ +<!DOCTYPE html> +<html> +<head> +<meta charset="utf-8" /> +<title>Resource Timing - test that unsuccessful iframes create entries</title> +<link rel="author" title="Google" href="http://www.google.com/" /> +<link rel="help" href= + "https://www.w3.org/TR/resource-timing-2/#resources-included-in-the-performanceresourcetiming-interface"/> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="resources/entry-invariants.js"></script> +<script src="resources/resource-loaders.js"></script> +<body> +<script> + +// Like load.iframe but fetches the iframe under a "default-src 'none'" +// Content-Security-Policy. +const load_iframe_with_csp = async path => { + return load.iframe_with_attrs(path, {"csp": "default-src 'none'"}); +}; + +// Runs a test (labeled by the given label) to verify that loading an iframe +// with the given URL generates a PerformanceResourceTiming entry and that the +// entry does not expose sensitive timing attributes. +const masked_entry_test = (url, label) => { + return attribute_test(load.iframe, url, + invariants.assert_tao_failure_resource, label); +}; + +// Runs a test (labeled by the given label) to verify that loading an iframe +// with the given URL generates a PerformanceResourceTiming entry and that the +// entry does expose sensitive timing attributes. +const unmasked_entry_with_csp_test = (url, label) => { + return attribute_test(load_iframe_with_csp, url, + invariants.assert_tao_pass_no_redirect_http, label); +}; + +// Runs a test (labeled by the given label) to verify that loading an iframe +// with the given URL under a "default-src 'none' Content-Security-Policy +// generates a PerformanceResourceTiming entry and that the entry does not +// expose sensitive timing attributes. +const masked_entry_with_csp_test = (url, label) => { + return attribute_test(load_iframe_with_csp, url, + invariants.assert_tao_failure_resource, label); +}; + +// Runs a test (labeled by the given label) to verify that loading an iframe +// with the given URL, an empty response body and under a "default-src 'none' +// Content-Security-Policy generates a PerformanceResourceTiming entry and that +// the entry does expose sensitive timing attributes. +const empty_unmasked_entry_with_csp_test = (url, label) => { + return attribute_test(load_iframe_with_csp, url, + invariants.assert_tao_pass_no_redirect_http_empty, label); +}; + +const {REMOTE_ORIGIN, ORIGINAL_HOST, HTTPS_PORT} = get_host_info(); +const unhosted_url = `https://nonexistent.${ORIGINAL_HOST}:${HTTPS_PORT}/`; + +masked_entry_test( + unhosted_url, + "Test iframe from non-existent host gets reported"); + +masked_entry_test( + "/resource-timing/resources/fake_responses.py?redirect=" + unhosted_url, + "Test iframe redirecting to non-existent host gets reported"); + +unmasked_entry_with_csp_test("/resource-timing/resources/csp-default-none.html", + "Same-origin iframe that complies with CSP attribute gets reported"); + +unmasked_entry_with_csp_test("/resource-timing/resources/green-frame.html", + "Same-origin iframe that doesn't comply with CSP attribute gets reported"); + +masked_entry_with_csp_test( + new URL("/resource-timing/resources/csp-default-none.html", REMOTE_ORIGIN), + "Cross-origin iframe that complies with CSP attribute gets reported"); + +masked_entry_with_csp_test( + new URL("/resource-timing/resources/green-frame.html", REMOTE_ORIGIN), + "Cross-origin iframe that doesn't comply with CSP attribute gets reported"); + +empty_unmasked_entry_with_csp_test( + "/resource-timing/resources/200_empty.asis", + "Same-origin empty iframe with a 200 status gets reported"); + +masked_entry_with_csp_test( + new URL("/resource-timing/resources/200_empty.asis", REMOTE_ORIGIN), + "Cross-origin empty iframe with a 200 status gets reported"); + +unmasked_entry_with_csp_test( + new URL("/resource-timing/resources/204_empty.asis"), + "Same-origin empty iframe with a 204 status gets reported"); + +unmasked_entry_with_csp_test( + new URL("/resource-timing/resources/205_empty.asis"), + "Same-origin empty iframe with a 205 status gets reported"); + +masked_entry_with_csp_test( + new URL("/resource-timing/resources/204_empty.asis", REMOTE_ORIGIN), + "Cross-origin empty iframe with a 204 status gets reported"); + +masked_entry_with_csp_test( + new URL("/resource-timing/resources/205_empty.asis", REMOTE_ORIGIN), + "Cross-origin empty iframe with a 205 status gets reported"); + +</script> +</body> +</html> |