Bug 959388 - Add csp worker test cases. r=kmckinley

MozReview-Commit-ID: Ahx419BHWrS --HG-- extra : rebase_source : 2016c1e68f990a8ba9cd471e18778c87b08546e1
2016-05-19 11:59:54 +08:00 · 2016-05-19 11:59:54 +08:00 · 61fe1800b8
--- a/dom/security/test/csp/file_child_worker.js
+++ b/dom/security/test/csp/file_child_worker.js
@ -0,0 +1,39 @@
+function doXHR(uri) {
+  try {
+    var xhr = new XMLHttpRequest();
+    xhr.open("GET", uri);
+    xhr.send();
+  } catch(ex) {}
+}
+
+var sameBase = "http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=";
+var crossBase = "http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=";
+
+onmessage = (e) => {
+  for (base of [sameBase, crossBase]) {
+    var prefix;
+    var suffix;
+    if (e.data.inherited == "parent") {
+      //Worker inherits CSP from parent worker
+      prefix = base + "worker_child_inherited_parent_";
+      suffix = base == sameBase ? "_good" : "_bad";
+    } else if (e.data.inherited == "document") {
+      //Worker inherits CSP from owner document -> parent worker -> subworker
+      prefix = base + "worker_child_inherited_document_";
+      suffix = base == sameBase ? "_good" : "_bad";
+    } else {
+      // Worker delivers CSP from HTTP header
+      prefix = base + "worker_child_";
+      suffix = base == sameBase ? "_same_bad" : "_cross_bad";
+    }
+
+    doXHR(prefix + "xhr" + suffix);
+    // Fetch is likely failed in subworker
+    // See Bug 1273070 - Failed to fetch in subworker
+    // Enable fetch test after the bug is fixed
+    // fetch(prefix + "xhr" + suffix);
+    try {
+      importScripts(prefix + "script" + suffix);
+    } catch(ex) {}
+  }
+}
--- a/dom/security/test/csp/file_child_worker.js^headers^
+++ b/dom/security/test/csp/file_child_worker.js^headers^
@ -0,0 +1 @@
+Content-Security-Policy: default-src 'none'
--- a/dom/security/test/csp/file_main.js
+++ b/dom/security/test/csp/file_main.js
@ -1,8 +1,12 @@
-function doXHR(uri) {
+function doXHR(uri, callback) {
  try {
    var xhr = new XMLHttpRequest();
    xhr.open("GET", uri);
+    xhr.responseType = "blob";
    xhr.send();
+    xhr.onload = function () {
+      if (callback) callback(xhr.response);
+    }
  } catch(ex) {}
 }

@ -15,14 +19,35 @@ try {
  navigator.sendBeacon("http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=beacon_bad");
 } catch(ex) {}

+var topWorkerBlob;
+var nestedWorkerBlob;

-new Worker("file_main_worker.js").postMessage({inherited : false});
+doXHR("file_main_worker.js", function (topResponse) {
+  topWorkerBlob = URL.createObjectURL(topResponse);
+  doXHR("file_child_worker.js", function (response) {
+    nestedWorkerBlob = URL.createObjectURL(response);
+    runWorker();
+  });
+});

+function runWorker() {
+  // Top level worker, no subworker
+  // Worker does not inherit CSP from owner document
+  new Worker("file_main_worker.js").postMessage({inherited : "none"});

-var blobxhr = new XMLHttpRequest();
-blobxhr.open("GET", "file_main_worker.js")
-blobxhr.responseType = "blob";
-blobxhr.send();
-blobxhr.onload = () => {
-  new Worker(URL.createObjectURL(blobxhr.response)).postMessage({inherited : true});
+  // Top level worker, no subworker
+  // Worker inherits CSP from owner document
+  new Worker(topWorkerBlob).postMessage({inherited : "document"});
+
+  // Subworker
+  // Worker does not inherit CSP from parent worker
+  new Worker("file_main_worker.js").postMessage({inherited : "none", nested : nestedWorkerBlob});
+
+  // Subworker
+  // Worker inherits CSP from parent worker
+  new Worker("file_main_worker.js").postMessage({inherited : "parent", nested : nestedWorkerBlob});
+
+  // Subworker
+  // Worker inherits CSP from owner document -> parent worker -> subworker
+  new Worker(topWorkerBlob).postMessage({inherited : "document", nested : nestedWorkerBlob});
 }
--- a/dom/security/test/csp/file_main_worker.js
+++ b/dom/security/test/csp/file_main_worker.js
@ -10,19 +10,39 @@ var sameBase = "http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?
 var crossBase = "http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=";

 onmessage = (e) => {
+  // Tests of nested worker
+  if (e.data.nested) {
+    if (e.data.inherited != "none") {
+      // Worker inherits CSP
+      new Worker(e.data.nested).postMessage({inherited : e.data.inherited});
+    }
+    else {
+      // Worker does not inherit CSP
+      new Worker("file_child_worker.js").postMessage({inherited : e.data.inherited});
+    }
+    return;
+  }
+
+  //Tests of top level worker
  for (base of [sameBase, crossBase]) {
    var prefix;
    var suffix;
-    if (e.data.inherited) {
-      prefix = base + "worker_inherited_"
+    if (e.data.inherited != "none") {
+      // Top worker inherits CSP from owner document
+      prefix = base + "worker_inherited_";
      suffix = base == sameBase ? "_good" : "_bad";
    }
    else {
-      prefix = base + "worker_"
-      suffix = base == sameBase ? "_same_good" : "_cross_good";
+      // Top worker delivers CSP from HTTP header
+      prefix = base + "worker_";
+      suffix = base == sameBase ? "_same_bad" : "_cross_good";
    }
+
    doXHR(prefix + "xhr" + suffix);
    fetch(prefix + "fetch" + suffix);
-    try { importScripts(prefix + "script" + suffix); } catch(ex) {}
+    try {
+      if (e.data.inherited == "none") suffix = base == sameBase ? "_same_good" : "_cross_bad";
+      importScripts(prefix + "script" + suffix);
+    } catch(ex) {}
  }
 }
--- a/dom/security/test/csp/file_main_worker.js^headers^
+++ b/dom/security/test/csp/file_main_worker.js^headers^
@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' blob: ; connect-src http://example.com
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@ -41,6 +41,9 @@ support-files =
  file_main.html^headers^
  file_main.js
  file_main_worker.js
+  file_main_worker.js^headers^
+  file_child_worker.js
+  file_child_worker.js^headers^
  file_web_manifest.html
  file_web_manifest_remote.html
  file_web_manifest_https.html
--- a/dom/security/test/csp/test_CSP.html
+++ b/dom/security/test/csp/test_CSP.html
@ -29,18 +29,30 @@ window.tests = {
  fetch_bad: -1,
  beacon_good: -1,
  beacon_bad: -1,
-  worker_xhr_same_good: -1,
+  worker_xhr_same_bad: -1,
  worker_xhr_cross_good: -1,
-  worker_fetch_same_good: -1,
+  worker_fetch_same_bad: -1,
  worker_fetch_cross_good: -1,
  worker_script_same_good: -1,
-  worker_script_cross_good: -1,
+  worker_script_cross_bad: -1,
  worker_inherited_xhr_good: -1,
  worker_inherited_xhr_bad: -1,
  worker_inherited_fetch_good: -1,
  worker_inherited_fetch_bad: -1,
  worker_inherited_script_good: -1,
  worker_inherited_script_bad: -1,
+  worker_child_xhr_same_bad: -1,
+  worker_child_xhr_cross_bad: -1,
+  worker_child_script_same_bad: -1,
+  worker_child_script_cross_bad: -1,
+  worker_child_inherited_parent_xhr_bad: -1,
+  worker_child_inherited_parent_xhr_good: -1,
+  worker_child_inherited_parent_script_good: -1,
+  worker_child_inherited_parent_script_bad: -1,
+  worker_child_inherited_document_xhr_good: -1,
+  worker_child_inherited_document_xhr_bad: -1,
+  worker_child_inherited_document_script_good: -1,
+  worker_child_inherited_document_script_bad: -1,
  media_good: -1,
  media_bad: -1,
  font_good: -1,
--- a/dom/workers/test/csp_worker.js^headers^
+++ b/dom/workers/test/csp_worker.js^headers^
@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' blob: ; script-src 'unsafe-eval'
--- a/dom/workers/test/mochitest.ini
+++ b/dom/workers/test/mochitest.ini
@ -18,6 +18,7 @@ support-files =
  console_worker.js
  consoleReplaceable_worker.js
  csp_worker.js
+  csp_worker.js^headers^
  404_server.sjs
  errorPropagation_iframe.html
  errorPropagation_worker.js
				`@ -0,0 +1 @@`
				`Content-Security-Policy: default-src 'self' blob: ; connect-src http://example.com`