зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1198397 - Add a test for interception of requests upgraded through the CSP upgrade-insecure-requests directive; r=jdm
This commit is contained in:
Родитель
c0c6e3dedb
Коммит
ca6a03d7a4
|
@ -0,0 +1,10 @@
|
|||
<!DOCTYPE html>
|
||||
<script>
|
||||
window.onmessage = function(e) {
|
||||
window.parent.postMessage(e.data, "*");
|
||||
if (e.data.status == "protocol") {
|
||||
document.querySelector("iframe").src = "image.html";
|
||||
}
|
||||
};
|
||||
</script>
|
||||
<iframe src="http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/index.html"></iframe>
|
|
@ -0,0 +1 @@
|
|||
Content-Security-Policy: upgrade-insecure-requests
|
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 87 B |
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 123 B |
|
@ -0,0 +1,13 @@
|
|||
<!DOCTYPE html>
|
||||
<script>
|
||||
onload=function(){
|
||||
var img = new Image();
|
||||
img.src = "http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/image-20px.png";
|
||||
img.onload = function() {
|
||||
window.parent.postMessage({status: "image", data: img.width}, "*");
|
||||
};
|
||||
img.onerror = function() {
|
||||
window.parent.postMessage({status: "image", data: "error"}, "*");
|
||||
};
|
||||
};
|
||||
</script>
|
|
@ -0,0 +1,4 @@
|
|||
<!DOCTYPE html>
|
||||
<script>
|
||||
window.parent.postMessage({status: "protocol", data: location.protocol}, "*");
|
||||
</script>
|
|
@ -0,0 +1,14 @@
|
|||
<!DOCTYPE html>
|
||||
<script>
|
||||
function ok(v, msg) {
|
||||
window.parent.postMessage({status: "ok", result: !!v, message: msg}, "*");
|
||||
}
|
||||
|
||||
function done(reg) {
|
||||
ok(reg.active, "The active worker should be available.");
|
||||
window.parent.postMessage({status: "registrationdone"}, "*");
|
||||
}
|
||||
|
||||
navigator.serviceWorker.ready.then(done);
|
||||
navigator.serviceWorker.register("upgrade-insecure_test.js", {scope: "."});
|
||||
</script>
|
|
@ -0,0 +1,12 @@
|
|||
<!DOCTYPE html>
|
||||
<script>
|
||||
navigator.serviceWorker.getRegistration(".").then(function(registration) {
|
||||
registration.unregister().then(function(success) {
|
||||
if (success) {
|
||||
window.parent.postMessage({status: "unregistrationdone"}, "*");
|
||||
}
|
||||
}, function(e) {
|
||||
dump("Unregistering the SW failed with " + e + "\n");
|
||||
});
|
||||
});
|
||||
</script>
|
|
@ -0,0 +1,11 @@
|
|||
self.addEventListener("fetch", function(event) {
|
||||
if (event.request.url.indexOf("index.html") >= 0) {
|
||||
event.respondWith(fetch("realindex.html"));
|
||||
} else if (event.request.url.indexOf("image-20px.png") >= 0) {
|
||||
if (event.request.url.indexOf("https://") == 0) {
|
||||
event.respondWith(fetch("image-40px.png"));
|
||||
} else {
|
||||
event.respondWith(Response.error());
|
||||
}
|
||||
}
|
||||
});
|
|
@ -85,6 +85,15 @@ support-files =
|
|||
fetch/sandbox/register.html
|
||||
fetch/sandbox/unregister.html
|
||||
fetch/sandbox/sandbox_test.js
|
||||
fetch/upgrade-insecure/upgrade-insecure_test.js
|
||||
fetch/upgrade-insecure/embedder.html
|
||||
fetch/upgrade-insecure/embedder.html^headers^
|
||||
fetch/upgrade-insecure/image.html
|
||||
fetch/upgrade-insecure/image-20px.png
|
||||
fetch/upgrade-insecure/image-40px.png
|
||||
fetch/upgrade-insecure/realindex.html
|
||||
fetch/upgrade-insecure/register.html
|
||||
fetch/upgrade-insecure/unregister.html
|
||||
match_all_properties_worker.js
|
||||
match_all_clients/match_all_controlled.html
|
||||
test_serviceworker_interfaces.js
|
||||
|
@ -270,3 +279,5 @@ skip-if = toolkit == "android" || toolkit == "gonk"
|
|||
[test_unresolved_fetch_interception.html]
|
||||
[test_hsts_upgrade_intercept.html]
|
||||
skip-if = e10s # Bug 1214305
|
||||
[test_csp_upgrade-insecure_intercept.html]
|
||||
skip-if = e10s # Bug 1214305
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
<!--
|
||||
Any copyright is dedicated to the Public Domain.
|
||||
http://creativecommons.org/publicdomain/zero/1.0/
|
||||
-->
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test that a CSP upgraded request can be intercepted by a service worker</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
<iframe></iframe>
|
||||
</div>
|
||||
<pre id="test"></pre>
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
var iframe;
|
||||
function runTest() {
|
||||
iframe = document.querySelector("iframe");
|
||||
iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html";
|
||||
window.onmessage = function(e) {
|
||||
if (e.data.status == "ok") {
|
||||
ok(e.data.result, e.data.message);
|
||||
} else if (e.data.status == "registrationdone") {
|
||||
iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html";
|
||||
} else if (e.data.status == "protocol") {
|
||||
is(e.data.data, "https:", "Correct protocol expected");
|
||||
} else if (e.data.status == "image") {
|
||||
is(e.data.data, 40, "The image request was upgraded before interception");
|
||||
iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html";
|
||||
} else if (e.data.status == "unregistrationdone") {
|
||||
window.onmessage = null;
|
||||
SimpleTest.finish();
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
onload = function() {
|
||||
SpecialPowers.pushPrefEnv({"set": [
|
||||
["dom.serviceWorkers.exemptFromPerDomainMax", true],
|
||||
["dom.serviceWorkers.enabled", true],
|
||||
["dom.serviceWorkers.testing.enabled", true],
|
||||
["dom.serviceWorkers.interception.enabled", true],
|
||||
// This is needed so that we can test upgrading a non-secure load inside an https iframe.
|
||||
["security.mixed_content.block_active_content", false],
|
||||
["security.mixed_content.block_display_content", false],
|
||||
]}, runTest);
|
||||
};
|
||||
</script>
|
||||
</pre>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче