Bug 1092055 - Test that webconsole messages show up for non-top level security errors. r=past

This commit is contained in:
Mark Goodwin 2015-02-12 03:06:00 -05:00
Родитель c0c1f9286c
Коммит 369e03f0d4
6 изменённых файлов: 55 добавлений и 0 удалений

Просмотреть файл

@ -126,6 +126,9 @@ support-files =
test_bug_1010953_cspro.html
test_bug1045902_console_csp_ignore_reflected_xss_message.html^headers^
test_bug1045902_console_csp_ignore_reflected_xss_message.html
test_bug1092055_shouldwarn.js^headers^
test_bug1092055_shouldwarn.js
test_bug1092055_shouldwarn.html
[browser_bug1045902_console_csp_ignore_reflected_xss_message.js]
[browser_bug664688_sandbox_update_after_navigation.js]
@ -301,6 +304,8 @@ skip-if = e10s # Bug 1042253 - webconsole e10s tests (Linux debug intermittent)
[browser_webconsole_bug_1010953_cspro.js]
[browser_webconsole_certificate_messages.js]
skip-if = e10s # Bug 1042253 - webconsole tests disabled with e10s
[browser_webconsole_show_subresource_security_errors.js]
skip-if = e10s # Bug 1042253 - webconsole tests disabled with e10s
[browser_webconsole_cached_autocomplete.js]
[browser_webconsole_change_font_size.js]
[browser_webconsole_chrome.js]

Просмотреть файл

@ -0,0 +1,30 @@
/* vim:set ts=2 sw=2 sts=2 et: */
/*
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
// Ensure non-toplevel security errors are displayed
const TEST_URI = "data:text/html;charset=utf8,Web Console subresource STS warning test";
const TEST_DOC = "https://example.com/browser/browser/devtools/webconsole/test/test_bug1092055_shouldwarn.html";
const SAMPLE_MSG = 'invalid Strict-Transport-Security header'
let test = asyncTest(function* () {
let { browser } = yield loadTab(TEST_URI);
let hud = yield openConsole();
hud.jsterm.clearOutput();
let loaded = loadBrowser(browser);
content.location = TEST_DOC;
yield loaded;
yield waitForSuccess({
name: "Subresource STS warning displayed successfully",
validator: function() {
return hud.outputNode.textContent.indexOf(SAMPLE_MSG) > -1;
}
});
});

Просмотреть файл

@ -7,6 +7,8 @@
<head>
<meta charset="utf8">
<title>Security warning test - no violations</title>
<!-- ensure no subresource errors so window re-use doesn't cause failures -->
<link rel="icon" href="data:;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC">
<script>
console.log("If you haven't seen ssl warnings yet, you won't");
</script>

Просмотреть файл

@ -0,0 +1,15 @@
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<title>Bug 1092055 - Log console messages for non-top-level security errors</title>
<script src="test_bug1092055_shouldwarn.js"></script>
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
</head>
<body>
Bug 1092055 - Log console messages for non-top-level security errors
</body>
</html>

Просмотреть файл

@ -0,0 +1,2 @@
// It doesn't matter what this script does, but the broken HSTS header sent
// with it should result in warnings in the webconsole

Просмотреть файл

@ -0,0 +1 @@
Strict-Transport-Security: some complete nonsense