diff options
Diffstat (limited to 'testing/web-platform/tests/common/security-features/scope')
6 files changed, 182 insertions, 0 deletions
diff --git a/testing/web-platform/tests/common/security-features/scope/__init__.py b/testing/web-platform/tests/common/security-features/scope/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/__init__.py diff --git a/testing/web-platform/tests/common/security-features/scope/document.py b/testing/web-platform/tests/common/security-features/scope/document.py new file mode 100644 index 0000000000..9a9f045e64 --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/document.py @@ -0,0 +1,36 @@ +import os, sys, json + +from wptserve.utils import isomorphic_decode, isomorphic_encode + +import importlib +util = importlib.import_module("common.security-features.scope.util") + +def main(request, response): + policyDeliveries = json.loads(request.GET.first(b"policyDeliveries", b"[]")) + maybe_additional_headers = {} + meta = u'' + error = u'' + for delivery in policyDeliveries: + if delivery[u'deliveryType'] == u'meta': + if delivery[u'key'] == u'referrerPolicy': + meta += u'<meta name="referrer" content="%s">' % delivery[u'value'] + else: + error = u'invalid delivery key' + elif delivery[u'deliveryType'] == u'http-rp': + if delivery[u'key'] == u'referrerPolicy': + maybe_additional_headers[b'Referrer-Policy'] = isomorphic_encode(delivery[u'value']) + else: + error = u'invalid delivery key' + else: + error = u'invalid deliveryType' + + handler = lambda: util.get_template(u"document.html.template") % ({ + u"meta": meta, + u"error": error + }) + util.respond( + request, + response, + payload_generator=handler, + content_type=b"text/html", + maybe_additional_headers=maybe_additional_headers) diff --git a/testing/web-platform/tests/common/security-features/scope/template/document.html.template b/testing/web-platform/tests/common/security-features/scope/template/document.html.template new file mode 100644 index 0000000000..37e29f8e97 --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/template/document.html.template @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + <head> + %(meta)s + <script src="/common/security-features/resources/common.sub.js"></script> + <script> + // Receive a message from the parent and start the test. + function onMessageFromParent(event) { + // Because this window might receive messages from child iframe during + // tests, we first remove the listener here before staring the test. + window.removeEventListener('message', onMessageFromParent); + + const configurationError = "%(error)s"; + if (configurationError.length > 0) { + parent.postMessage({error: configurationError}, "*"); + return; + } + + invokeRequest(event.data.subresource, + event.data.sourceContextList) + .then(result => parent.postMessage(result, "*")) + .catch(e => { + const message = (e.error && e.error.stack) || e.message || "Error"; + parent.postMessage({error: message}, "*"); + }); + } + window.addEventListener('message', onMessageFromParent); + </script> + </head> +</html> diff --git a/testing/web-platform/tests/common/security-features/scope/template/worker.js.template b/testing/web-platform/tests/common/security-features/scope/template/worker.js.template new file mode 100644 index 0000000000..7a2a6e05c4 --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/template/worker.js.template @@ -0,0 +1,29 @@ +%(import)s + +if ('DedicatedWorkerGlobalScope' in self && + self instanceof DedicatedWorkerGlobalScope) { + self.onmessage = event => onMessageFromParent(event, self); +} else if ('SharedWorkerGlobalScope' in self && + self instanceof SharedWorkerGlobalScope) { + onconnect = event => { + const port = event.ports[0]; + port.onmessage = event => onMessageFromParent(event, port); + }; +} + +// Receive a message from the parent and start the test. +function onMessageFromParent(event, port) { + const configurationError = "%(error)s"; + if (configurationError.length > 0) { + port.postMessage({error: configurationError}); + return; + } + + invokeRequest(event.data.subresource, + event.data.sourceContextList) + .then(result => port.postMessage(result)) + .catch(e => { + const message = (e.error && e.error.stack) || e.message || "Error"; + port.postMessage({error: message}); + }); +} diff --git a/testing/web-platform/tests/common/security-features/scope/util.py b/testing/web-platform/tests/common/security-features/scope/util.py new file mode 100644 index 0000000000..da5aacf35e --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/util.py @@ -0,0 +1,43 @@ +import os + +from wptserve.utils import isomorphic_decode + +def get_template(template_basename): + script_directory = os.path.dirname(os.path.abspath(isomorphic_decode(__file__))) + template_directory = os.path.abspath( + os.path.join(script_directory, u"template")) + template_filename = os.path.join(template_directory, template_basename) + + with open(template_filename, "r") as f: + return f.read() + + +def __noop(request, response): + return u"" + + +def respond(request, + response, + status_code=200, + content_type=b"text/html", + payload_generator=__noop, + cache_control=b"no-cache; must-revalidate", + access_control_allow_origin=b"*", + maybe_additional_headers=None): + response.add_required_headers = False + response.writer.write_status(status_code) + + if access_control_allow_origin != None: + response.writer.write_header(b"access-control-allow-origin", + access_control_allow_origin) + response.writer.write_header(b"content-type", content_type) + response.writer.write_header(b"cache-control", cache_control) + + additional_headers = maybe_additional_headers or {} + for header, value in additional_headers.items(): + response.writer.write_header(header, value) + + response.writer.end_headers() + + payload = payload_generator() + response.writer.write(payload) diff --git a/testing/web-platform/tests/common/security-features/scope/worker.py b/testing/web-platform/tests/common/security-features/scope/worker.py new file mode 100644 index 0000000000..6b321e7de1 --- /dev/null +++ b/testing/web-platform/tests/common/security-features/scope/worker.py @@ -0,0 +1,44 @@ +import os, sys, json + +from wptserve.utils import isomorphic_decode, isomorphic_encode +import importlib +util = importlib.import_module("common.security-features.scope.util") + +def main(request, response): + policyDeliveries = json.loads(request.GET.first(b'policyDeliveries', b'[]')) + worker_type = request.GET.first(b'type', b'classic') + commonjs_url = u'%s://%s:%s/common/security-features/resources/common.sub.js' % ( + request.url_parts.scheme, request.url_parts.hostname, + request.url_parts.port) + if worker_type == b'classic': + import_line = u'importScripts("%s");' % commonjs_url + else: + import_line = u'import "%s";' % commonjs_url + + maybe_additional_headers = {} + error = u'' + for delivery in policyDeliveries: + if delivery[u'deliveryType'] == u'meta': + error = u'<meta> cannot be used in WorkerGlobalScope' + elif delivery[u'deliveryType'] == u'http-rp': + if delivery[u'key'] == u'referrerPolicy': + maybe_additional_headers[b'Referrer-Policy'] = isomorphic_encode(delivery[u'value']) + elif delivery[u'key'] == u'mixedContent' and delivery[u'value'] == u'opt-in': + maybe_additional_headers[b'Content-Security-Policy'] = b'block-all-mixed-content' + elif delivery[u'key'] == u'upgradeInsecureRequests' and delivery[u'value'] == u'upgrade': + maybe_additional_headers[b'Content-Security-Policy'] = b'upgrade-insecure-requests' + else: + error = u'invalid delivery key for http-rp: %s' % delivery[u'key'] + else: + error = u'invalid deliveryType: %s' % delivery[u'deliveryType'] + + handler = lambda: util.get_template(u'worker.js.template') % ({ + u'import': import_line, + u'error': error + }) + util.respond( + request, + response, + payload_generator=handler, + content_type=b'text/javascript', + maybe_additional_headers=maybe_additional_headers) |