зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1391011: CSP: Test upgrade-insecure-requests for toplevel navigations when base it https. r=smaug
This commit is contained in:
Christoph Kerschbaumer
Родитель
9b81c8b695
Коммит
d6143e40d8
|
|
@ -0,0 +1,17 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// 1) same origin navigation
|
||||||
|
window.open("http://example.com/tests/dom/security/test/csp/file_uir_top_nav_dummy.html");
|
||||||
|
|
||||||
|
// 2) same origin navigation
|
||||||
|
window.open("http://test1.example.com/tests/dom/security/test/csp/file_uir_top_nav_dummy.html");
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<body>
|
||||||
|
just a dummy page to check uir applies to top level navigations
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
window.onload = function() {
|
||||||
|
window.opener.parent.postMessage({result: window.location.href}, "*");
|
||||||
|
window.close();
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
@ -318,3 +318,7 @@ skip-if = toolkit == 'android'
|
||||||
[test_data_csp_merge.html]
|
[test_data_csp_merge.html]
|
||||||
[test_report_font_cache.html]
|
[test_report_font_cache.html]
|
||||||
[test_data_doc_ignore_meta_csp.html]
|
[test_data_doc_ignore_meta_csp.html]
|
||||||
|
[test_uir_top_nav.html]
|
||||||
|
support-files =
|
||||||
|
file_uir_top_nav.html
|
||||||
|
file_uir_top_nav_dummy.html
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,45 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Bug 1391011: Test uir for toplevel navigations</title>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<iframe style="width:100%;" id="testframe"></iframe>
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
SimpleTest.waitForExplicitFinish();
|
||||||
|
|
||||||
|
/* Description of the test:
|
||||||
|
* We load an https page which defines upgrade-insecure-requests into an iframe
|
||||||
|
* and perform a same origin and a cross origin toplevel load and make sure that
|
||||||
|
* upgrade-insecure-requests applies to the same origin load.
|
||||||
|
*/
|
||||||
|
|
||||||
|
let totalTests = 2;
|
||||||
|
let testCounter = 0;
|
||||||
|
|
||||||
|
function checkResults(aResult) {
|
||||||
|
ok(aResult == "https://example.com/tests/dom/security/test/csp/file_uir_top_nav_dummy.html" ||
|
||||||
|
aResult == "http://test1.example.com/tests/dom/security/test/csp/file_uir_top_nav_dummy.html",
|
||||||
|
"same origin should be upgraded to https, cross origin should remain http");
|
||||||
|
if (++testCounter < totalTests) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
window.removeEventListener("message", receiveMessage);
|
||||||
|
SimpleTest.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
window.addEventListener("message", receiveMessage);
|
||||||
|
function receiveMessage(event) {
|
||||||
|
checkResults(event.data.result);
|
||||||
|
}
|
||||||
|
|
||||||
|
document.getElementById("testframe").src =
|
||||||
|
"https://example.com/tests/dom/security/test/csp/file_uir_top_nav.html";
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
Загрузка…
Ссылка в новой задаче