зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1338304 P2 Add a test that verifies fetch() rejects if a redirect is CSP blocked. r=ckerschb
This commit is contained in:
Родитель
564ce2618f
Коммит
33a49b42bf
|
@ -0,0 +1,13 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<script>
|
||||
addEventListener('message', evt => {
|
||||
let url = '/tests/dom/security/test/csp/file_redirects_resource.sjs?redir=other&res=xhr-resp';
|
||||
fetch(url).then(response => {
|
||||
parent.postMessage('RESOLVED', '*');
|
||||
}).catch(error => {
|
||||
parent.postMessage('REJECTED', '*');
|
||||
});
|
||||
}, { once: true });
|
||||
</script>
|
||||
</html>
|
|
@ -0,0 +1,2 @@
|
|||
Content-Type: text/html
|
||||
Content-Security-Policy: connect-src 'self'
|
|
@ -1,6 +1,8 @@
|
|||
[DEFAULT]
|
||||
support-files =
|
||||
fetch_test_framework.js
|
||||
file_fetch_csp_block_frame.html
|
||||
file_fetch_csp_block_frame.html^headers^
|
||||
test_fetch_basic.js
|
||||
test_fetch_basic_http.js
|
||||
test_fetch_cors.js
|
||||
|
@ -31,6 +33,7 @@ support-files =
|
|||
!/dom/xhr/tests/temporaryFileBlob.sjs
|
||||
!/dom/html/test/form_submit_server.sjs
|
||||
!/dom/security/test/cors/file_CrossSiteXHR_server.sjs
|
||||
!/dom/security/test/csp/file_redirects_resource.sjs
|
||||
!/dom/base/test/referrer_helper.js
|
||||
!/dom/base/test/referrer_testserver.sjs
|
||||
|
||||
|
@ -49,6 +52,7 @@ skip-if = toolkit == 'android' && debug # Bug 1210282
|
|||
skip-if = toolkit == 'android' && debug # Bug 1210282
|
||||
[test_fetch_cors_sw_empty_reroute.html]
|
||||
skip-if = toolkit == 'android' && debug # Bug 1210282
|
||||
[test_fetch_csp_block.html]
|
||||
[test_fetch_user_control_rp.html]
|
||||
[test_formdataparsing.html]
|
||||
[test_formdataparsing_sw_reroute.html]
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test fetch() rejects when CSP blocks</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<body>
|
||||
<script type="application/javascript">
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function withFrame(url) {
|
||||
return new Promise(resolve => {
|
||||
let frame = document.createElement('iframe');
|
||||
frame.addEventListener('load', _ => {
|
||||
resolve(frame);
|
||||
}, { once: true });
|
||||
frame.src = url;
|
||||
document.body.appendChild(frame);
|
||||
});
|
||||
}
|
||||
|
||||
function asyncTest(frame) {
|
||||
return new Promise((resolve, reject) => {
|
||||
addEventListener('message', evt => {
|
||||
if (evt.data === 'REJECTED') {
|
||||
resolve();
|
||||
} else {
|
||||
reject();
|
||||
}
|
||||
}, { once: true });
|
||||
frame.contentWindow.postMessage('GO', '*');
|
||||
});
|
||||
}
|
||||
|
||||
withFrame('file_fetch_csp_block_frame.html').then(frame => {
|
||||
asyncTest(frame).then(_ => {
|
||||
ok(true, 'fetch rejected correctly');
|
||||
}).catch(e => {
|
||||
ok(false, 'fetch resolved when it should have been CSP blocked');
|
||||
}).then(_ => {
|
||||
frame.remove();
|
||||
SimpleTest.finish();
|
||||
});
|
||||
});
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче