Bug 1839165 - Test for too many CSP reports. r=freddyb,devtools-reviewers,nchevobbe

Differential Revision: https://phabricator.services.mozilla.com/D181393
2023-06-28 08:12:20 +00:00 · 2023-06-28 08:12:20 +00:00 · f9a4a0911e
--- a/devtools/client/webconsole/test/browser/_webconsole.ini
+++ b/devtools/client/webconsole/test/browser/_webconsole.ini
@ -39,6 +39,8 @@ support-files =
  test-csp-violation-frame-ancestor-child.html
  test-csp-violation-frame-ancestor-parent.html^headers^
  test-csp-violation-frame-ancestor-parent.html
+  test-csp-many-errors.html
+  test-csp-many-errors.html^headers^
  test-cspro.html
  test-cspro.html^headers^
  test-iframe-child.html
@ -262,6 +264,7 @@ skip-if = http3 # Bug 1829298
 https_first_disabled = true
 skip-if = http3 # Bug 1829298
 [browser_webconsole_csp_violation.js]
+[browser_webconsole_csp_too_many_reports.js]
 [browser_webconsole_cspro.js]
 https_first_disabled = true
 skip-if = http3 # Bug 1829298
--- a/devtools/client/webconsole/test/browser/browser_webconsole_csp_too_many_reports.js
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_csp_too_many_reports.js
@ -0,0 +1,44 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/*
+ * This tests loads a page that triggers so many CSP reports that they throttled
+ * and a console error is logged.
+ */
+
+"use strict";
+
+const TEST_URI =
+  "data:text/html;charset=utf8,<!DOCTYPE html>Web Console CSP too many reports test";
+const TEST_VIOLATIONS =
+  "https://example.com/browser/devtools/client/webconsole/" +
+  "test/browser/test-csp-many-errors.html";
+const CSP_VIOLATION_MSG =
+  "Content-Security-Policy: The page\u2019s settings blocked the loading of a resource " +
+  "at inline (\u201cstyle-src\u201d).";
+const CSP_TOO_MANY_REPORTS_MSG =
+  "Content-Security-Policy: Prevented too many CSP reports from being sent within a short period of time.";
+
+add_task(async function () {
+  const hud = await openNewTabAndConsole(TEST_URI);
+
+  const onCspViolationMessage = waitForMessageByType(
+    hud,
+    CSP_VIOLATION_MSG,
+    ".error"
+  );
+  const onCspTooManyReportsMessage = waitForMessageByType(
+    hud,
+    CSP_TOO_MANY_REPORTS_MSG,
+    ".error"
+  );
+
+  info("Load a page with CSP warnings.");
+  await navigateTo(TEST_VIOLATIONS);
+
+  await onCspViolationMessage;
+  await onCspTooManyReportsMessage;
+  ok(true, "Got error about too many reports");
+
+  await clearOutput(hud);
+});
--- a/devtools/client/webconsole/test/browser/test-csp-many-errors.html
+++ b/devtools/client/webconsole/test/browser/test-csp-many-errors.html
@ -0,0 +1,24 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Test for Bug 1839165 - Verify that we warn about too many reports.</title>
+<!-- Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/ -->
+</head>
+<body>
+<div></div>
+<script>
+"use strict";
+
+function run() {
+  const div = document.querySelector("div");
+  // Setting more than 100 (disallowed) inline styles will trigger throttling.
+  for (let i = 0; i < 200; i++) {
+    div.setAttribute("style", `background-color: rgb(0, 0, ${i});`);
+  }
+}
+run();
+</script>
+</body>
+</html>
--- a/devtools/client/webconsole/test/browser/test-csp-many-errors.html^headers^
+++ b/devtools/client/webconsole/test/browser/test-csp-many-errors.html^headers^
@ -0,0 +1 @@
+Content-Security-Policy: style-src 'none'; report-uri https://example.com/ignored/;
				`@ -0,0 +1 @@`
				`Content-Security-Policy: style-src 'none'; report-uri https://example.com/ignored/;`