mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1833642 - Test that security headers are processed on onAuthCancelled. r=necko-reviewers,valentin 

Differential Revision: https://phabricator.services.mozilla.com/D178319
This commit is contained in:
Andreas Farre 2023-05-22 08:43:03 +00:00
Родитель e7269b9782
Коммит 58e35cde69
1 изменённых файлов: 49 добавлений и 4 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

53
netwerk/test/unit/test_authentication.js
Просмотреть файл

@ -181,7 +181,15 @@ AuthPrompt2.prototype = {
}, },
asyncPromptAuth: function ap2_async(chan, cb, ctx, lvl, info) { asyncPromptAuth: function ap2_async(chan, cb, ctx, lvl, info) {
throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); let self = this;
executeSoon(function () {
let ret = self.promptAuth(chan, lvl, info);
if (ret) {
cb.onAuthAvailable(ctx, info);
} else {
cb.onAuthCancelled(ctx, true);
}
});
}, },
}; };
@ -280,7 +288,12 @@ var listener = {
}, },
}; };
function makeChan(url, loadingUrl) { function makeChan(
url,
loadingUrl,
securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
contentPolicyType = Ci.nsIContentPolicy.TYPE_OTHER
) {
var principal = Services.scriptSecurityManager.createContentPrincipal( var principal = Services.scriptSecurityManager.createContentPrincipal(
Services.io.newURI(loadingUrl), Services.io.newURI(loadingUrl),
{} {}
@ -288,8 +301,8 @@ function makeChan(url, loadingUrl) {
return NetUtil.newChannel({ return NetUtil.newChannel({
uri: url, uri: url,
loadingPrincipal: principal, loadingPrincipal: principal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, securityFlags,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, contentPolicyType,
}); });
} }
@ -316,6 +329,8 @@ function setup() {
httpserv.registerPathHandler("/largeRealm", largeRealm); httpserv.registerPathHandler("/largeRealm", largeRealm);
httpserv.registerPathHandler("/largeDomain", largeDomain); httpserv.registerPathHandler("/largeDomain", largeDomain);
httpserv.registerPathHandler("/corp-coep", corpAndCoep);
httpserv.start(-1); httpserv.start(-1);
registerCleanupFunction(async () => { registerCleanupFunction(async () => {
@ -510,6 +525,29 @@ add_task(async function test_short_digest() {
await openAndListen(chan); await openAndListen(chan);
}); });
// Test that COOP/COEP are processed even though asyncPromptAuth is cancelled.
add_task(async function test_corp_coep() {
var chan = makeChan(
URL + "/corp-coep",
URL,
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
Ci.nsIContentPolicy.TYPE_DOCUMENT
);
chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
listener.expectedCode = 401; // OK
await openAndListen(chan);
Assert.equal(
chan.getResponseHeader("cross-origin-embedder-policy"),
"require-corp"
);
Assert.equal(
chan.getResponseHeader("cross-origin-opener-policy"),
"same-origin"
);
});
// XXX(valentin): this makes tests fail if it's not run last. Why? // XXX(valentin): this makes tests fail if it's not run last. Why?
add_task(async function test_nonascii_xhr() { add_task(async function test_nonascii_xhr() {
await new Promise(resolve => { await new Promise(resolve => {
@ -605,6 +643,13 @@ function authNonascii(metadata, response) {
response.bodyOutputStream.write(body, body.length); response.bodyOutputStream.write(body, body.length);
} }
function corpAndCoep(metadata, response) {
response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
response.setHeader("cross-origin-embedder-policy", "require-corp");
response.setHeader("cross-origin-opener-policy", "same-origin");
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
}
// //
// Digest functions // Digest functions
// //