Bug 1111834 - CORS preflight of navigator.sendBeacon() should not follow 30x redirect - tests. r=sicking

2024-09-13 09:24:08 -07:00 · 2014-11-19 16:03:30 -08:00 · 2014-11-19 16:03:30 -08:00 · e44a1e698c
commit e44a1e698c
parent 0f240e312a
3 changed files with 111 additions and 0 deletions
--- a/dom/tests/mochitest/beacon/beacon-cors-redirect-handler.sjs
+++ b/dom/tests/mochitest/beacon/beacon-cors-redirect-handler.sjs
@ -0,0 +1,52 @@
+/*
+ * TestSever customized specifically for the needs of:
+ * Bug 1111834 - sendBeacon() should not follow 30x redirect after preflight
+ *
+ * Here is a sequence of the test:
+ * [1] preflight channel (identified by the queryString 'beacon' and method 'OPTIONS')
+ * [2] actual channel (identified by the queryString 'beacon') which gets redirected
+ * [3] should never happen (the actual redirected request)
+ * [4] xhr request (identified by the queryString 'verifyRedirectDidNotSucceed')
+ *     which checks if the state was not changed from 'green' to 'red'. If the channel
+ *     woulnd't be blocked correctly the redirected channel would set the state to 'red'.
+ *
+ */
+
+function handleRequest(request, response)
+{
+  response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
+
+  // [Sequence 4]
+  if (request.queryString === "verifyRedirectDidNotSucceed") {
+    var redirectState = getState("redirectState");
+    response.write(redirectState);
+    return;
+  }
+
+  var originHeader = request.getHeader("origin");
+  response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
+  response.setHeader("Access-Control-Allow-Headers", "content-type", false);
+  response.setHeader("Access-Control-Allow-Methods", "POST, GET", false);
+  response.setHeader("Access-Control-Allow-Origin", originHeader, false);
+  response.setHeader("Access-Control-Allow-Credentials", "true", false);
+
+  // [Sequence 1,2]
+  if (request.queryString === "beacon") {
+    setState("redirectState", "green");
+    // [1]
+    if (request.method == "OPTIONS") {
+      response.setStatusLine(null, 200, "OK");
+      return;
+    }
+    // [Sequence 2]
+    var newLocation =
+      "http://mochi.test:8888/tests/dom/tests/mochitest/beacon/beacon-cors-redirect-handler.sjs?redirected";
+    response.setStatusLine("1.1", 302, "Found");
+    response.setHeader("Location", newLocation, false);
+    return;
+  }
+
+  // [Sequence 3]
+  setState("redirectState", "red");
+  response.setStatusLine(null, 200, "OK");
+}
--- a/dom/tests/mochitest/beacon/mochitest.ini
+++ b/dom/tests/mochitest/beacon/mochitest.ini
@ -3,9 +3,11 @@ skip-if = buildapp == 'b2g'
 support-files = beacon-frame.html
                beacon-handler.sjs
                beacon-originheader-handler.sjs
+                beacon-cors-redirect-handler.sjs

 [test_beacon.html]
 [test_beaconFrame.html]
 [test_beaconPreflight.html]
 [test_beaconContentPolicy.html]
 [test_beaconOriginHeader.html]
+[test_beaconCORSRedirect.html]
--- a/dom/tests/mochitest/beacon/test_beaconCORSRedirect.html
+++ b/dom/tests/mochitest/beacon/test_beaconCORSRedirect.html
@ -0,0 +1,57 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1111834 - sendBeacon() should not follow 30x redirect after preflight</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+  <p id="display"></p>
+  <div id="content" style="visibility: hidden">
+    <iframe style="width:100%;" id="testframe"></iframe>
+  </div>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ *   We do perform a non simple sendBeacon request. After the preflight channel returns correctly
+ *   the actual channel is about to follow a 30x cross origin redirect, which is forbidden by the spec.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const BEACON_URL = "http://example.com/tests/dom/tests/mochitest/beacon/beacon-cors-redirect-handler.sjs?beacon";
+
+SpecialPowers.pushPrefEnv({'set': [["beacon.enabled", true]]}, runTest);
+
+var intervalID = null;
+
+function queryIfRedirectSucceeded() {
+  clearInterval(intervalID);
+  var xhr = new XMLHttpRequest();
+  xhr.open("GET", "beacon-cors-redirect-handler.sjs?verifyRedirectDidNotSucceed", true);
+  xhr.onload = function() {
+    is(xhr.responseText, "green", "SendBeacon does not follow cross origin redirects after preflight!");
+    SimpleTest.finish();
+  };
+  xhr.onerror = function() {
+    ok(false, "xhr request returned error");
+    SimpleTest.finish();
+  };
+  xhr.send();
+}
+
+function runTest() {
+  var data = new Uint8Array([0,1,2,3]);
+  navigator.sendBeacon(BEACON_URL, data);
+
+  // we have to make sure the channel did not follow the redirect hence
+  // we have to wait for 2 seconds before we can query the result.
+  intervalID = setInterval(queryIfRedirectSucceeded, 2000);
+}
+
+</script>
+</pre>
+</body>
+</html>