Bug 1139667 - CSP tests for fetch(). r=ckirschb

--HG--
extra : rebase_source : 5a428c19be326b8cbffa4e250564f792c0893069

dom/base/test/csp/file_connect-src-fetch.html

@@ -0,0 +1,16 @@
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>Bug 1139667 - Test mapping of fetch() to connect-src</title>
+  </head>
+  <body>
+  <script type="text/javascript">
+
+    // Please note that file_csp_testserver.sjs?foo does not return a response.
+    // For testing purposes this is not necessary because we only want to check
+    // whether CSP allows or blocks the load.
+    fetch( "file_csp_testserver.sjs?foo");
+
+  </script>
+</body>
+</html>

dom/base/test/csp/mochitest.ini

@@ -2,6 +2,7 @@
 support-files =
   file_base-uri.html
   file_connect-src.html
+  file_connect-src-fetch.html
   file_CSP.css
   file_CSP.sjs
   file_csp_allow_https_schemes.html

dom/base/test/csp/test_connect-src.html

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <title>Bug 1031530 - Test mapping of XMLHttpRequest to connect-src</title>
+  <title>Bug 1031530 and Bug 1139667 - Test mapping of XMLHttpRequest and fetch() to connect-src</title>
   <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
@@ -16,7 +16,7 @@
 
 /*
  * Description of the test:
- *   We load a page with a given CSP and verify that XMLHttpRequests are correctly
+ *   We load a page with a given CSP and verify that XMLHttpRequests and fetches are correctly
  *   evaluated through the "connect-src" directive. All XMLHttpRequests are served
  *   using http://mochi.test:8888, which allows the requests to succeed for the first
  *   two policies and to fail for the last policy. Please note that we have to add
@@ -27,14 +27,32 @@ SimpleTest.waitForExplicitFinish();
 
 var tests = [
   {
+    file: "file_connect-src.html",
     result : "allowed",
     policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888"
   },
   {
+    file: "file_connect-src.html",
     result : "allowed",
     policy : "default-src 'none'; script-src 'unsafe-inline'; connect-src *"
   },
   {
+    file: "file_connect-src.html",
+    result : "blocked",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; connect-src http://www.example.com"
+  },
+  {
+    file: "file_connect-src-fetch.html",
+    result : "allowed",
+    policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888"
+  },
+  {
+    file: "file_connect-src-fetch.html",
+    result : "allowed",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; connect-src *"
+  },
+  {
+    file: "file_connect-src-fetch.html",
     result : "blocked",
     policy : "default-src 'none'; script-src 'unsafe-inline'; connect-src http://www.example.com"
   }
@@ -96,7 +114,7 @@ function loadNextTest() {
 
   var src = "file_csp_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_connect-src.html");
+  src += "?file=" + escape("tests/dom/base/test/csp/" + tests[counter].file);
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(tests[counter].policy);
 
@@ -104,7 +122,9 @@ function loadNextTest() {
 }
 
 // start running the tests
-loadNextTest();
+SpecialPowers.pushPrefEnv({"set": [
+  ["dom.fetch.enabled", true]
+]}, loadNextTest);
 
 </script>
 </body>