toolkit/mozapps/extensions/test/browser/browser_webapi_access.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/
 */

function check_frame_availability(browser) {
  return check_availability(browser.browsingContext.children[0]);
}

function check_availability(browser) {
  return SpecialPowers.spawn(browser, [], async function () {
    return content.document.getElementById("result").textContent == "true";
  });
}

// Test that initially the API isn't available in the test domain
add_task(async function test_not_available() {
  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT}webapi_checkavailable.html`,
    async function test_not_available(browser) {
      let available = await check_availability(browser);
      ok(!available, "API should not be available.");
    }
  );
});

// Test that with testing on the API is available in the test domain
add_task(async function test_available() {
  await SpecialPowers.pushPrefEnv({
    set: [["extensions.webapi.testing", true]],
  });

  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT}webapi_checkavailable.html`,
    async function test_not_available(browser) {
      let available = await check_availability(browser);
      ok(available, "API should be available.");
    }
  );
});

// Test that the API is not available in a bad domain
add_task(async function test_bad_domain() {
  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT2}webapi_checkavailable.html`,
    async function test_not_available(browser) {
      let available = await check_availability(browser);
      ok(!available, "API should not be available.");
    }
  );
});

// Test that the API is only available in https sites
add_task(async function test_not_available_http() {
  await BrowserTestUtils.withNewTab(
    `${TESTROOT}webapi_checkavailable.html`,
    async function test_not_available(browser) {
      let available = await check_availability(browser);
      ok(!available, "API should not be available.");
    }
  );
});

// Test that the API is available when in a frame of the test domain
add_task(async function test_available_framed() {
  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT}webapi_checkframed.html`,
    async function test_available(browser) {
      let available = await check_frame_availability(browser);
      ok(available, "API should be available.");
    }
  );
});

// Test that if the external frame is http then the inner frame doesn't have
// the API
add_task(async function test_not_available_http_framed() {
  await BrowserTestUtils.withNewTab(
    `${TESTROOT}webapi_checkframed.html`,
    async function test_not_available(browser) {
      let available = await check_frame_availability(browser);
      ok(!available, "API should not be available.");
    }
  );
});

// Test that if the external frame is a bad domain then the inner frame doesn't
// have the API
add_task(async function test_not_available_framed() {
  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT2}webapi_checkframed.html`,
    async function test_not_available(browser) {
      let available = await check_frame_availability(browser);
      ok(!available, "API should not be available.");
    }
  );
});

// Test that a window navigated to a bad domain doesn't allow access to the API
add_task(async function test_navigated_window() {
  await BrowserTestUtils.withNewTab(
    `${SECURE_TESTROOT2}webapi_checknavigatedwindow.html`,
    async function test_available(browser) {
      let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser);

      await SpecialPowers.spawn(browser, [], async function () {
        await content.wrappedJSObject.openWindow();
      });

      // Should be a new tab open
      let tab = await tabPromise;
      let loadPromise = BrowserTestUtils.browserLoaded(
        gBrowser.getBrowserForTab(tab)
      );

      SpecialPowers.spawn(browser, [], async function () {
        content.wrappedJSObject.navigate();
      });

      await loadPromise;

      let available = await SpecialPowers.spawn(browser, [], async function () {
        return content.wrappedJSObject.check();
      });

      ok(!available, "API should not be available.");

      gBrowser.removeTab(tab);
    }
  );
});

// Check that if a page is embedded in a chrome content UI that it can still
// access the API.
add_task(async function test_chrome_frame() {
  SpecialPowers.pushPrefEnv({
    set: [["security.allow_unsafe_parent_loads", true]],
  });

  await BrowserTestUtils.withNewTab(
    `${CHROMEROOT}webapi_checkchromeframe.xhtml`,
    async function test_available(browser) {
      let available = await check_frame_availability(browser);
      ok(available, "API should be available.");
    }
  );
});