diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js | |
parent | Initial commit. (diff) | |
download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js new file mode 100644 index 0000000000..c624671476 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inside-worker/support/connect-src-self-report-only.sub.js @@ -0,0 +1,130 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let base_same_origin_url = + "{{location[server]}}/content-security-policy/support/resource.py"; + +// Same-origin +promise_test(t => { + let url = `${base_same_origin_url}?same-origin-fetch`; + assert_no_csp_event_for_url(t, url); + + return fetch(url) + .then(t.step_func(r => assert_equals(r.status, 200))); +}, "Same-origin 'fetch()'."); + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = `${base_same_origin_url}?same-origin-xhr`; + assert_no_csp_event_for_url(t, url); + + return new Promise((resolve, reject) => { + var xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should success."); + xhr.send(); + }); + }, "Same-origin XHR."); +} + +let base_cross_origin_url = + "https://{{hosts[][www]}}:{{ports[https][1]}}" + + "/content-security-policy/support/resource.py"; +let fetch_cross_origin_url = `${base_cross_origin_url}?cross-origin-fetch`; + +// Cross-origin +promise_test(t => { + let url = fetch_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + ]); +}, "Cross-origin 'fetch()'."); + +let xhr_cross_origin_url = `${base_cross_origin_url}?cross-origin-xhr`; + +// XHR is not available in service workers. +if (self.XMLHttpRequest) { + promise_test(t => { + let url = xhr_cross_origin_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + new Promise((resolve, reject) => { + var xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = resolve; + xhr.onerror = _ => reject("xhr.open should not have thrown."); + xhr.send(); + }) + ]); + }, "Cross-origin XHR."); +} + +let redirect_url = `{{location[server]}}/common/redirect-opt-in.py?` + + `status=307&location=${fetch_cross_origin_url}`; + +// Same-origin redirecting to cross-origin +promise_test(t => { + let url = redirect_url; + + return Promise.all([ + waitUntilCSPEventForURL(t, url), + fetch(url) + ]); +}, "Same-origin => cross-origin 'fetch()'."); + +let websocket_url = "wss://{{host}}:{{ports[wss][0]}}/echo"; + +// The WebSocket URL is not the same as 'self' +promise_test(t => { + return Promise.all([ + waitUntilCSPEventForURL(t, websocket_url), + new Promise(resolve => { + let ws = new WebSocket(websocket_url); + ws.onopen = resolve; + }) + ]); +}, "WebSocket."); + +let expected_blocked_urls = self.XMLHttpRequest + ? [ fetch_cross_origin_url, xhr_cross_origin_url, redirect_url, websocket_url ] + : [ fetch_cross_origin_url, redirect_url, websocket_url ]; + +promise_test(async t => { + let report_url = `{{location[server]}}/reporting/resources/report.py?` + + `?op=retrieve_report&reportID={{GET[id]}}` + + `&min_count=${expected_blocked_urls.length}`; + + let response = await fetch(report_url); + assert_equals(response.status, 200, "Fetching reports failed"); + + let response_json = await response.json(); + let reports = response_json.map(x => x["csp-report"]); + + assert_array_equals( + reports.map(x => x["blocked-uri"]).sort(), + expected_blocked_urls.sort(), + "Reports do not match"); + reports.forEach(x => { + assert_equals( + x["violated-directive"], "connect-src", + "Violated directive in report does not match"); + assert_equals( + x["effective-directive"], "connect-src", + "Effective directive in report does not match"); + assert_equals( + x["disposition"], "report", + "Disposition in report does not match"); + assert_equals( + x["document-uri"], + "{{location[server]}}/content-security-policy/inside-worker/" + + "support/connect-src-self-report-only.sub.js?id={{GET[id]}}", + "Document uri in report does not match"); + }); +}); + +done(); |