зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1316393 - Circumvent CSP base-uri restriction in JSON Viewer. r=Honza
This commit is contained in:
Родитель
ce312588a0
Коммит
82ad746859
|
@ -206,21 +206,22 @@ function initialHTML(doc) {
|
|||
os = "linux";
|
||||
}
|
||||
|
||||
let base = doc.createElement("base");
|
||||
base.href = "resource://devtools/client/jsonview/";
|
||||
// The base URI is prepended to all URIs instead of using a <base> element
|
||||
// because the latter can be blocked by a CSP base-uri directive (bug 1316393)
|
||||
let baseURI = "resource://devtools/client/jsonview/";
|
||||
|
||||
let style = doc.createElement("link");
|
||||
style.rel = "stylesheet";
|
||||
style.type = "text/css";
|
||||
style.href = "css/main.css";
|
||||
style.href = baseURI + "css/main.css";
|
||||
|
||||
let script = doc.createElement("script");
|
||||
script.src = "lib/require.js";
|
||||
script.dataset.main = "viewer-config";
|
||||
script.src = baseURI + "lib/require.js";
|
||||
script.dataset.main = baseURI + "viewer-config.js";
|
||||
script.defer = true;
|
||||
|
||||
let head = doc.createElement("head");
|
||||
head.append(base, style, script);
|
||||
head.append(style, script);
|
||||
|
||||
return "<!DOCTYPE html>\n" +
|
||||
startTag("html", {
|
||||
|
|
|
@ -4,6 +4,8 @@ subsuite = devtools
|
|||
support-files =
|
||||
array_json.json
|
||||
array_json.json^headers^
|
||||
csp_json.json
|
||||
csp_json.json^headers^
|
||||
doc_frame_script.js
|
||||
head.js
|
||||
invalid_json.json
|
||||
|
@ -27,6 +29,7 @@ skip-if = (os == 'linux' && bits == 32 && debug) # bug 1328915, disable linux32
|
|||
[browser_jsonview_copy_rawdata.js]
|
||||
subsuite = clipboard
|
||||
skip-if = (os == 'linux' && bits == 32 && debug) # bug 1328915, disable linux32 debug devtools for timeouts
|
||||
[browser_jsonview_csp_json.js]
|
||||
[browser_jsonview_empty_object.js]
|
||||
[browser_jsonview_filter.js]
|
||||
[browser_jsonview_invalid_json.js]
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
|
||||
/* vim: set ts=2 et sw=2 tw=80: */
|
||||
/* Any copyright is dedicated to the Public Domain.
|
||||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
"use strict";
|
||||
|
||||
const TEST_JSON_URL = URL_ROOT + "csp_json.json";
|
||||
|
||||
add_task(function* () {
|
||||
info("Test CSP JSON started");
|
||||
|
||||
yield addJsonViewTab(TEST_JSON_URL);
|
||||
|
||||
let count = yield getElementCount(".jsonPanelBox .treeTable .treeRow");
|
||||
is(count, 1, "There must be one row");
|
||||
});
|
|
@ -0,0 +1 @@
|
|||
{"csp": true}
|
|
@ -0,0 +1,2 @@
|
|||
Content-Type: application/json
|
||||
Content-Security-Policy: default-src 'none'; base-uri 'none';
|
|
@ -21,7 +21,7 @@
|
|||
* of the code base, so it's consistent and modules can be easily reused.
|
||||
*/
|
||||
require.config({
|
||||
baseUrl: ".",
|
||||
baseUrl: "resource://devtools/client/jsonview/",
|
||||
paths: {
|
||||
"devtools/client/shared": "resource://devtools/client/shared",
|
||||
"devtools/shared": "resource://devtools/shared",
|
||||
|
|
Загрузка…
Ссылка в новой задаче