Bug 663570 - Test 4: update referrer tests (r=sicking)

2015-11-14 19:30:16 -08:00 · 2015-11-14 19:30:16 -08:00 · 749afb19d4
--- a/dom/security/test/csp/file_upgrade_insecure_referrer.html
+++ b/dom/security/test/csp/file_upgrade_insecure_referrer.html
@ -1,13 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>
-</head>
-<body>
-
-  <!-- upgrade img from http:// to https:// -->
-  <img id="testimage" src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs?img"></img>
-
-</body>
-</html>
--- a/dom/security/test/csp/file_upgrade_insecure_referrer.sjs
+++ b/dom/security/test/csp/file_upgrade_insecure_referrer.sjs
@ -0,0 +1,55 @@
+// special *.sjs specifically customized for the needs of
+// Bug 1139297 and Bug 663570
+
+const PRE_HEAD =
+  "<!DOCTYPE HTML>" +
+  "<html>" +
+  "<head>";
+
+ const POST_HEAD =
+   "<meta charset='utf-8'>" +
+   "<title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>" +
+   "</head>" +
+   "<body>" +
+  "<img id='testimage' src='http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer_server.sjs?img'></img>" +
+  "</body>" +
+  "</html>";
+
+const PRE_CSP = "upgrade-insecure-requests; default-src https:; ";
+const CSP_REFERRER_ORIGIN = "referrer origin";
+const CSP_REFEFFER_NO_REFERRER = "referrer no-referrer";
+
+function handleRequest(request, response)
+{
+  // avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+  var queryString = request.queryString;
+
+  if (queryString === "test1") {
+    response.setHeader("Content-Security-Policy", PRE_CSP + CSP_REFERRER_ORIGIN, false);
+    response.write(PRE_HEAD + POST_HEAD);
+  	return;
+  }
+
+  if (queryString === "test2") {
+    response.setHeader("Content-Security-Policy", PRE_CSP + CSP_REFEFFER_NO_REFERRER, false);
+    response.write(PRE_HEAD + POST_HEAD);
+  	return;
+  }
+
+  if (queryString === "test3") {
+  	var metacsp =  "<meta http-equiv=\"Content-Security-Policy\" content = \"" + PRE_CSP + CSP_REFERRER_ORIGIN + "\" >";
+    response.write(PRE_HEAD + metacsp + POST_HEAD);
+  	return;
+  }
+
+  if (queryString === "test4") {
+  	var metacsp =  "<meta http-equiv=\"Content-Security-Policy\" content = \"" + PRE_CSP + CSP_REFEFFER_NO_REFERRER + "\" >";
+    response.write(PRE_HEAD + metacsp + POST_HEAD);
+  	return;
+  }
+
+  // we should never get here, but just in case return
+  // something unexpected
+  response.write("do'h");
+}
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@ -124,7 +124,7 @@ support-files =
  file_upgrade_insecure_wsh.py
  file_upgrade_insecure_reporting.html
  file_upgrade_insecure_reporting_server.sjs
-  file_upgrade_insecure_referrer.html
+  file_upgrade_insecure_referrer.sjs
  file_upgrade_insecure_referrer_server.sjs
  file_upgrade_insecure_cors.html
  file_upgrade_insecure_cors_server.sjs
--- a/dom/security/test/csp/test_upgrade_insecure_referrer.html
+++ b/dom/security/test/csp/test_upgrade_insecure_referrer.html
@ -19,17 +19,25 @@
 * correct referrer gets sent.
 */

-const PRE_POLICY = "upgrade-insecure-requests; default-src https:; ";
-
 var tests = [
  {
-    policy: "referrer origin",
-    description: "upgrade insecure request with referrer = origin",
+    query: "test1",
+    description: "upgrade insecure request with 'referrer = origin' (CSP in header)",
    result: "http://example.com"
  },
  {
-    policy: "referrer no-referrer",
-    description: "upgrade insecure request with referrer = no-referrer",
+    query: "test2",
+    description: "upgrade insecure request with 'referrer = no-referrer' (CSP in header)",
+    result: ""
+  },
+  {
+    query: "test3",
+    description: "upgrade insecure request with 'referrer = origin' (Meta CSP)",
+    result: "http://example.com"
+  },
+  {
+    query: "test4",
+    description: "upgrade insecure request with 'referrer = no-referrer' (Meta CSP)",
    result: ""
  }
 ];
@ -39,11 +47,9 @@ var curTest;

 function loadTestPage() {
  curTest = tests[counter++];
-  var src = "http://example.com/tests/dom/security/test/csp/file_testserver.sjs?file=";
-  // append the file that should be served
-  src += escape("tests/dom/security/test/csp/file_upgrade_insecure_referrer.html")
-  // append the CSP that should be used to serve the file
-  src += "&csp=" + escape(PRE_POLICY + curTest.policy);
+  var src = "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer.sjs?";
+  // append the query
+  src += curTest.query;
  document.getElementById("testframe").src = src;
 }