gecko-dev/dom/security/test/csp/file_testserver.sjs

// SJS file for CSP mochitests
"use strict";
Components.utils.import("resource://gre/modules/NetUtil.jsm");
Components.utils.importGlobalProperties(["URLSearchParams"]);

function loadHTMLFromFile(path) {
  // Load the HTML to return in the response from file.
  // Since it's relative to the cwd of the test runner, we start there and
  // append to get to the actual path of the file.
  const testHTMLFile =
    Components.classes["@mozilla.org/file/directory_service;1"].
    getService(Components.interfaces.nsIProperties).
    get("CurWorkD", Components.interfaces.nsILocalFile);

  const testHTMLFileStream =
    Components.classes["@mozilla.org/network/file-input-stream;1"].
    createInstance(Components.interfaces.nsIFileInputStream);

  path
    .split("/")
    .filter(path => path)
    .reduce((file, path) => {
      testHTMLFile.append(path)
      return testHTMLFile;
    }, testHTMLFile);
  testHTMLFileStream.init(testHTMLFile, -1, 0, 0);
  const isAvailable = testHTMLFileStream.available();
  return NetUtil.readInputStreamToString(testHTMLFileStream, isAvailable);
}

function handleRequest(request, response) {
  const query = new URLSearchParams(request.queryString);

  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);

  // Deliver the CSP policy encoded in the URL
  if(query.has("csp")){
    response.setHeader("Content-Security-Policy", query.get("csp"), false);
  }

  // Deliver the CSP report-only policy encoded in the URI
  if(query.has("cspRO")){
    response.setHeader("Content-Security-Policy-Report-Only", query.get("cspRO"), false);
  }

  // Deliver the CORS header in the URL
  if(query.has("cors")){
    response.setHeader("Access-Control-Allow-Origin", query.get("cors"), false);
  }

  // Send HTML to test allowed/blocked behaviors
  response.setHeader("Content-Type", "text/html", false);
  if(query.has("file")){
    response.write(loadHTMLFromFile(query.get("file")));
  }
}
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`// SJS file for CSP mochitests`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`"use strict";`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`Components.utils.import("resource://gre/modules/NetUtil.jsm");`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`Components.utils.importGlobalProperties(["URLSearchParams"]);`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00
			`function loadHTMLFromFile(path) {`
			`// Load the HTML to return in the response from file.`
			`// Since it's relative to the cwd of the test runner, we start there and`
			`// append to get to the actual path of the file.`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`const testHTMLFile =`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`Components.classes["@mozilla.org/file/directory_service;1"].`
			`getService(Components.interfaces.nsIProperties).`
			`get("CurWorkD", Components.interfaces.nsILocalFile);`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00
			`const testHTMLFileStream =`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`Components.classes["@mozilla.org/network/file-input-stream;1"].`
			`createInstance(Components.interfaces.nsIFileInputStream);`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00
			`path`
			`.split("/")`
			`.filter(path => path)`
			`.reduce((file, path) => {`
			`testHTMLFile.append(path)`
			`return testHTMLFile;`
			`}, testHTMLFile);`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`testHTMLFileStream.init(testHTMLFile, -1, 0, 0);`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`const isAvailable = testHTMLFileStream.available();`
			`return NetUtil.readInputStreamToString(testHTMLFileStream, isAvailable);`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`}`

Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`function handleRequest(request, response) {`
			`const query = new URLSearchParams(request.queryString);`
Backed out 4 changesets (bug 671389) for frequent B2G debug test_tcpsocket_client_and_server_basics.html crashes. Backed out changeset b782435e5640 (bug 671389) Backed out changeset 0f8d62109bfe (bug 671389) Backed out changeset 8d6021f66c49 (bug 671389) Backed out changeset cd3e227df9dc (bug 671389) 2015-02-06 00:48:18 +03:00
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`// avoid confusing cache behaviors`
			`response.setHeader("Cache-Control", "no-cache", false);`

Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`// Deliver the CSP policy encoded in the URL`
			`if(query.has("csp")){`
			`response.setHeader("Content-Security-Policy", query.get("csp"), false);`
Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb --- dom/base/nsContentPolicyUtils.h \| 1 + dom/base/nsDataDocumentContentPolicy.cpp \| 3 +- dom/base/nsIContentPolicy.idl \| 2 +- dom/base/nsIContentPolicyBase.idl \| 7 +- dom/base/nsISimpleContentPolicy.idl \| 2 +- dom/base/test/csp/browser.ini \| 4 + dom/base/test/csp/browser_test_web_manifest.js \| 265 +++++++++++++++++++++ .../csp/browser_test_web_manifest_mixed_content.js \| 55 +++++ dom/base/test/csp/file_CSP_web_manifest.html \| 6 + dom/base/test/csp/file_CSP_web_manifest.json \| 1 + .../test/csp/file_CSP_web_manifest.json^headers^ \| 1 + dom/base/test/csp/file_CSP_web_manifest_https.html \| 4 + dom/base/test/csp/file_CSP_web_manifest_https.json \| 1 + .../csp/file_CSP_web_manifest_mixed_content.html \| 9 + .../test/csp/file_CSP_web_manifest_remote.html \| 8 + dom/base/test/csp/file_csp_testserver.sjs \| 14 +- dom/base/test/csp/mochitest.ini \| 7 + dom/base/test/moz.build \| 5 +- dom/fetch/InternalRequest.cpp \| 3 + dom/fetch/InternalRequest.h \| 2 +- .../security/nsIContentSecurityPolicy.idl \| 3 +- dom/ipc/manifestMessages.js \| 25 +- dom/security/nsCSPUtils.cpp \| 7 + dom/security/nsCSPUtils.h \| 10 +- dom/security/nsMixedContentBlocker.cpp \| 1 + dom/webidl/CSPDictionaries.webidl \| 1 + extensions/permissions/nsContentBlocker.cpp \| 6 +- netwerk/mime/nsMimeTypes.h \| 1 + 28 files changed, 439 insertions(+), 15 deletions(-) create mode 100644 dom/base/test/csp/browser.ini create mode 100644 dom/base/test/csp/browser_test_web_manifest.js create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^ create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html 2015-06-02 22:42:19 +03:00			`}`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00
Bug 671389 - Tests for CSP sandbox directive. r=grobinson, r=smaug --HG-- extra : rebase_source : 8906837f0a8f0afdb3ba3db5463265ef62220f92 2016-06-29 00:03:45 +03:00			`// Deliver the CSP report-only policy encoded in the URI`
			`if(query.has("cspRO")){`
			`response.setHeader("Content-Security-Policy-Report-Only", query.get("cspRO"), false);`
			`}`

Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00			`// Deliver the CORS header in the URL`
			`if(query.has("cors")){`
			`response.setHeader("Access-Control-Allow-Origin", query.get("cors"), false);`
Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb --- dom/base/nsContentPolicyUtils.h \| 1 + dom/base/nsDataDocumentContentPolicy.cpp \| 3 +- dom/base/nsIContentPolicy.idl \| 2 +- dom/base/nsIContentPolicyBase.idl \| 7 +- dom/base/nsISimpleContentPolicy.idl \| 2 +- dom/base/test/csp/browser.ini \| 4 + dom/base/test/csp/browser_test_web_manifest.js \| 265 +++++++++++++++++++++ .../csp/browser_test_web_manifest_mixed_content.js \| 55 +++++ dom/base/test/csp/file_CSP_web_manifest.html \| 6 + dom/base/test/csp/file_CSP_web_manifest.json \| 1 + .../test/csp/file_CSP_web_manifest.json^headers^ \| 1 + dom/base/test/csp/file_CSP_web_manifest_https.html \| 4 + dom/base/test/csp/file_CSP_web_manifest_https.json \| 1 + .../csp/file_CSP_web_manifest_mixed_content.html \| 9 + .../test/csp/file_CSP_web_manifest_remote.html \| 8 + dom/base/test/csp/file_csp_testserver.sjs \| 14 +- dom/base/test/csp/mochitest.ini \| 7 + dom/base/test/moz.build \| 5 +- dom/fetch/InternalRequest.cpp \| 3 + dom/fetch/InternalRequest.h \| 2 +- .../security/nsIContentSecurityPolicy.idl \| 3 +- dom/ipc/manifestMessages.js \| 25 +- dom/security/nsCSPUtils.cpp \| 7 + dom/security/nsCSPUtils.h \| 10 +- dom/security/nsMixedContentBlocker.cpp \| 1 + dom/webidl/CSPDictionaries.webidl \| 1 + extensions/permissions/nsContentBlocker.cpp \| 6 +- netwerk/mime/nsMimeTypes.h \| 1 + 28 files changed, 439 insertions(+), 15 deletions(-) create mode 100644 dom/base/test/csp/browser.ini create mode 100644 dom/base/test/csp/browser_test_web_manifest.js create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^ create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html 2015-06-02 22:42:19 +03:00			`}`
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan MozReview-Commit-ID: Ceu3sYUcML4 2016-04-08 00:13:09 +03:00
Backed out 4 changesets (bug 671389) for frequent B2G debug test_tcpsocket_client_and_server_basics.html crashes. Backed out changeset b782435e5640 (bug 671389) Backed out changeset 0f8d62109bfe (bug 671389) Backed out changeset 8d6021f66c49 (bug 671389) Backed out changeset cd3e227df9dc (bug 671389) 2015-02-06 00:48:18 +03:00			`// Send HTML to test allowed/blocked behaviors`
			`response.setHeader("Content-Type", "text/html", false);`
Bug 671389 - Tests for CSP sandbox directive. r=grobinson, r=smaug --HG-- extra : rebase_source : 8906837f0a8f0afdb3ba3db5463265ef62220f92 2016-06-29 00:03:45 +03:00			`if(query.has("file")){`
			`response.write(loadHTMLFromFile(query.get("file")));`
			`}`
Bug 916054 - CSP mochitests for URLs with path. r=grobinson 2013-09-30 21:49:07 +04:00			`}`