зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1626249: Test error page for x-frame-options and CSP frame-ancestors. r=johannh
Differential Revision: https://phabricator.services.mozilla.com/D69049 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
cb6b22fac9
Коммит
cf753296a8
|
@ -22,3 +22,8 @@ support-files =
|
|||
file_assert_systemprincipal_documents.html
|
||||
file_assert_systemprincipal_documents_iframe.html
|
||||
[browser_test_referrer_loadInOtherProcess.js]
|
||||
[browser_test_framing_error_pages.js]
|
||||
support-files =
|
||||
file_framing_error_pages_csp.html
|
||||
file_framing_error_pages_xfo.html
|
||||
file_framing_error_pages.sjs
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
"use strict";
|
||||
|
||||
const kTestPath = getRootDirectory(gTestPath).replace(
|
||||
"chrome://mochitests/content",
|
||||
"http://example.com"
|
||||
);
|
||||
const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html";
|
||||
const kTestXFrameOptionsURIFrame =
|
||||
kTestPath + "file_framing_error_pages.sjs?xfo";
|
||||
|
||||
const kTestFrameAncestorsURI = kTestPath + "file_framing_error_pages_csp.html";
|
||||
const kTestFrameAncestorsURIFrame =
|
||||
kTestPath + "file_framing_error_pages.sjs?csp";
|
||||
|
||||
add_task(async function open_test_xfo_error_page() {
|
||||
await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
|
||||
let loaded = BrowserTestUtils.browserLoaded(
|
||||
browser,
|
||||
true,
|
||||
kTestXFrameOptionsURIFrame,
|
||||
true
|
||||
);
|
||||
BrowserTestUtils.loadURI(browser, kTestXFrameOptionsURI);
|
||||
await loaded;
|
||||
|
||||
await SpecialPowers.spawn(browser, [], async function() {
|
||||
const iframeDoc = content.document.getElementById("testframe")
|
||||
.contentDocument;
|
||||
let errorPage = iframeDoc.body.innerHTML;
|
||||
ok(
|
||||
errorPage.includes(
|
||||
"This page has an X-Frame-Options policy that prevents it from being loaded in this context"
|
||||
),
|
||||
"xfo error page correct"
|
||||
);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
add_task(async function open_test_csp_frame_ancestor_error_page() {
|
||||
await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
|
||||
let loaded = BrowserTestUtils.browserLoaded(
|
||||
browser,
|
||||
true,
|
||||
kTestFrameAncestorsURIFrame,
|
||||
true
|
||||
);
|
||||
BrowserTestUtils.loadURI(browser, kTestFrameAncestorsURI);
|
||||
await loaded;
|
||||
|
||||
await SpecialPowers.spawn(browser, [], async function() {
|
||||
const iframeDoc = content.document.getElementById("testframe")
|
||||
.contentDocument;
|
||||
let errorPage = iframeDoc.body.innerHTML;
|
||||
ok(
|
||||
errorPage.includes(
|
||||
"This page has a content security policy that prevents it from being loaded in this way"
|
||||
),
|
||||
"csp error page correct"
|
||||
);
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,24 @@
|
|||
"use strict";
|
||||
|
||||
function handleRequest(request, response) {
|
||||
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
|
||||
let query = request.queryString;
|
||||
if (query === "xfo") {
|
||||
response.setHeader("x-frame-options", "deny", false);
|
||||
response.write("<html>xfo test loaded</html>");
|
||||
return;
|
||||
}
|
||||
|
||||
if (query === "csp") {
|
||||
response.setHeader("content-security-policy", "frame-ancestors 'none'", false);
|
||||
response.write("<html>csp test loaded</html>");
|
||||
return;
|
||||
}
|
||||
|
||||
// we should never get here, but just in case
|
||||
// return something unexpected
|
||||
response.write("do'h");
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<body>
|
||||
iframe should be blocked <br/>
|
||||
<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?csp"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,7 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<body>
|
||||
iframe should be blocked <br/>
|
||||
<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?xfo"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,8 @@
|
|||
"use strict";
|
||||
|
||||
function handleRequest(request, response) {
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
response.setHeader("x-frame-options", "deny", false);
|
||||
response.write("<html>xfo test loaded</html>");
|
||||
}
|
|
@ -54,6 +54,8 @@ skip-if = !debug
|
|||
[test_same_site_cookies_laxByDefault.html]
|
||||
skip-if = debug
|
||||
support-files = closeWindow.sjs
|
||||
[test_xfo_error_page.html]
|
||||
support-files = file_xfo_error_page.sjs
|
||||
[test_sec_fetch_websocket.html]
|
||||
skip-if = toolkit == 'android' # no websocket support Bug 982828
|
||||
support-files = file_sec_fetch_websocket_wsh.py
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1626249: Ensure correct display of neterror page for XFO</title>
|
||||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<iframe style="width:100%;" id="xfo_testframe"></iframe>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
const XFO_ERROR_PAGE_MSG = "This page has an X-Frame-Options policy that prevents it from being loaded in this context";
|
||||
|
||||
let xfo_testframe = document.getElementById("xfo_testframe");
|
||||
|
||||
xfo_testframe.onload = function() {
|
||||
let wrappedXFOFrame = SpecialPowers.wrap(xfo_testframe.contentWindow);
|
||||
let frameContentXFO = wrappedXFOFrame.document.body.innerHTML;
|
||||
ok(frameContentXFO.includes(XFO_ERROR_PAGE_MSG), "xfo error page correct");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
xfo_testframe.onerror = function() {
|
||||
ok(false, "sanity: should not fire onerror for xfo_testframe");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
xfo_testframe.src = "file_xfo_error_page.sjs";
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче