Bug 1338304 P2 Add a test that verifies fetch() rejects if a redirect is CSP blocked. r=ckerschb

2017-02-14 10:06:38 -05:00 · 2017-02-14 10:06:38 -05:00 · 33a49b42bf
--- a/dom/tests/mochitest/fetch/file_fetch_csp_block_frame.html
+++ b/dom/tests/mochitest/fetch/file_fetch_csp_block_frame.html
@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<script>
+addEventListener('message', evt => {
+  let url = '/tests/dom/security/test/csp/file_redirects_resource.sjs?redir=other&res=xhr-resp';
+  fetch(url).then(response => {
+    parent.postMessage('RESOLVED', '*');
+  }).catch(error => {
+    parent.postMessage('REJECTED', '*');
+  });
+}, { once: true });
+</script>
+</html>
--- a/dom/tests/mochitest/fetch/file_fetch_csp_block_frame.html^headers^
+++ b/dom/tests/mochitest/fetch/file_fetch_csp_block_frame.html^headers^
@ -0,0 +1,2 @@
+Content-Type: text/html
+Content-Security-Policy: connect-src 'self'
--- a/dom/tests/mochitest/fetch/mochitest.ini
+++ b/dom/tests/mochitest/fetch/mochitest.ini
@ -1,6 +1,8 @@
 [DEFAULT]
 support-files =
  fetch_test_framework.js
+  file_fetch_csp_block_frame.html
+  file_fetch_csp_block_frame.html^headers^
  test_fetch_basic.js
  test_fetch_basic_http.js
  test_fetch_cors.js
@ -31,6 +33,7 @@ support-files =
  !/dom/xhr/tests/temporaryFileBlob.sjs
  !/dom/html/test/form_submit_server.sjs
  !/dom/security/test/cors/file_CrossSiteXHR_server.sjs
+  !/dom/security/test/csp/file_redirects_resource.sjs
  !/dom/base/test/referrer_helper.js
  !/dom/base/test/referrer_testserver.sjs

@ -49,6 +52,7 @@ skip-if = toolkit == 'android' && debug # Bug 1210282
 skip-if = toolkit == 'android' && debug # Bug 1210282
 [test_fetch_cors_sw_empty_reroute.html]
 skip-if = toolkit == 'android' && debug # Bug 1210282
+[test_fetch_csp_block.html]
 [test_fetch_user_control_rp.html]
 [test_formdataparsing.html]
 [test_formdataparsing_sw_reroute.html]
--- a/dom/tests/mochitest/fetch/test_fetch_csp_block.html
+++ b/dom/tests/mochitest/fetch/test_fetch_csp_block.html
@ -0,0 +1,50 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test fetch() rejects when CSP blocks</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<script type="application/javascript">
+SimpleTest.waitForExplicitFinish();
+
+function withFrame(url) {
+  return new Promise(resolve => {
+    let frame = document.createElement('iframe');
+    frame.addEventListener('load', _ => {
+      resolve(frame);
+    }, { once: true });
+    frame.src = url;
+    document.body.appendChild(frame);
+  });
+}
+
+function asyncTest(frame) {
+  return new Promise((resolve, reject) => {
+    addEventListener('message', evt => {
+      if (evt.data === 'REJECTED') {
+        resolve();
+      } else {
+        reject();
+      }
+    }, { once: true });
+    frame.contentWindow.postMessage('GO', '*');
+  });
+}
+
+withFrame('file_fetch_csp_block_frame.html').then(frame => {
+  asyncTest(frame).then(_ => {
+    ok(true, 'fetch rejected correctly');
+  }).catch(e => {
+    ok(false, 'fetch resolved when it should have been CSP blocked');
+  }).then(_ => {
+    frame.remove();
+    SimpleTest.finish();
+  });
+});
+
+</script>
+</body>
+</html>