mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
8edbabf141
CLOSED TREE Backed out changeset 9318cab3bd13 (bug 1117650) Backed out changeset aff44058c799 (bug 1117650) Backed out changeset eef01ed4d406 (bug 1117650) Backed out changeset 1b25392be437 (bug 1117650) --HG-- rename : dom/security/test/TestCSPParser.cpp => dom/base/test/TestCSPParser.cpp rename : dom/security/test/csp/chrome.ini => dom/base/test/csp/chrome.ini rename : dom/security/test/csp/file_CSP.css => dom/base/test/csp/file_CSP.css rename : dom/security/test/csp/file_CSP.sjs => dom/base/test/csp/file_CSP.sjs rename : dom/security/test/csp/file_bug663567.xsl => dom/base/test/csp/file_CSP_bug663567.xsl rename : dom/security/test/csp/file_bug663567_allows.xml => dom/base/test/csp/file_CSP_bug663567_allows.xml rename : dom/security/test/csp/file_bug663567_allows.xml^headers^ => dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^ rename : dom/security/test/csp/file_bug663567_blocks.xml => dom/base/test/csp/file_CSP_bug663567_blocks.xml rename : dom/security/test/csp/file_bug663567_blocks.xml^headers^ => dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^ rename : dom/security/test/csp/file_bug802872.html => dom/base/test/csp/file_CSP_bug802872.html rename : dom/security/test/csp/file_bug802872.html^headers^ => dom/base/test/csp/file_CSP_bug802872.html^headers^ rename : dom/security/test/csp/file_bug802872.js => dom/base/test/csp/file_CSP_bug802872.js rename : dom/security/test/csp/file_bug802872.sjs => dom/base/test/csp/file_CSP_bug802872.sjs rename : dom/security/test/csp/file_bug885433_allows.html => dom/base/test/csp/file_CSP_bug885433_allows.html rename : dom/security/test/csp/file_bug885433_allows.html^headers^ => dom/base/test/csp/file_CSP_bug885433_allows.html^headers^ rename : dom/security/test/csp/file_bug885433_blocks.html => dom/base/test/csp/file_CSP_bug885433_blocks.html rename : dom/security/test/csp/file_bug885433_blocks.html^headers^ => dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^ rename : dom/security/test/csp/file_bug888172.html => dom/base/test/csp/file_CSP_bug888172.html rename : dom/security/test/csp/file_bug888172.sjs => dom/base/test/csp/file_CSP_bug888172.sjs rename : dom/security/test/csp/file_bug909029_none.html => dom/base/test/csp/file_CSP_bug909029_none.html rename : dom/security/test/csp/file_bug909029_none.html^headers^ => dom/base/test/csp/file_CSP_bug909029_none.html^headers^ rename : dom/security/test/csp/file_bug909029_star.html => dom/base/test/csp/file_CSP_bug909029_star.html rename : dom/security/test/csp/file_bug909029_star.html^headers^ => dom/base/test/csp/file_CSP_bug909029_star.html^headers^ rename : dom/security/test/csp/file_bug910139.sjs => dom/base/test/csp/file_CSP_bug910139.sjs rename : dom/security/test/csp/file_bug910139.xml => dom/base/test/csp/file_CSP_bug910139.xml rename : dom/security/test/csp/file_bug910139.xsl => dom/base/test/csp/file_CSP_bug910139.xsl rename : dom/security/test/csp/file_bug941404.html => dom/base/test/csp/file_CSP_bug941404.html rename : dom/security/test/csp/file_bug941404_xhr.html => dom/base/test/csp/file_CSP_bug941404_xhr.html rename : dom/security/test/csp/file_bug941404_xhr.html^headers^ => dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^ rename : dom/security/test/csp/file_evalscript_main.html => dom/base/test/csp/file_CSP_evalscript_main.html rename : dom/security/test/csp/file_evalscript_main.html^headers^ => dom/base/test/csp/file_CSP_evalscript_main.html^headers^ rename : dom/security/test/csp/file_evalscript_main.js => dom/base/test/csp/file_CSP_evalscript_main.js rename : dom/security/test/csp/file_evalscript_main_allowed.html => dom/base/test/csp/file_CSP_evalscript_main_allowed.html rename : dom/security/test/csp/file_evalscript_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^ rename : dom/security/test/csp/file_evalscript_main_allowed.js => dom/base/test/csp/file_CSP_evalscript_main_allowed.js rename : dom/security/test/csp/file_frameancestors.sjs => dom/base/test/csp/file_CSP_frameancestors.sjs rename : dom/security/test/csp/file_frameancestors_main.html => dom/base/test/csp/file_CSP_frameancestors_main.html rename : dom/security/test/csp/file_frameancestors_main.js => dom/base/test/csp/file_CSP_frameancestors_main.js rename : dom/security/test/csp/file_inlinescript_main.html => dom/base/test/csp/file_CSP_inlinescript_main.html rename : dom/security/test/csp/file_inlinescript_main.html^headers^ => dom/base/test/csp/file_CSP_inlinescript_main.html^headers^ rename : dom/security/test/csp/file_inlinescript_main_allowed.html => dom/base/test/csp/file_CSP_inlinescript_main_allowed.html rename : dom/security/test/csp/file_inlinescript_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^ rename : dom/security/test/csp/file_inlinestyle_main.html => dom/base/test/csp/file_CSP_inlinestyle_main.html rename : dom/security/test/csp/file_inlinestyle_main.html^headers^ => dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^ rename : dom/security/test/csp/file_inlinestyle_main_allowed.html => dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html rename : dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^ rename : dom/security/test/csp/file_main.html => dom/base/test/csp/file_CSP_main.html rename : dom/security/test/csp/file_main.html^headers^ => dom/base/test/csp/file_CSP_main.html^headers^ rename : dom/security/test/csp/file_main.js => dom/base/test/csp/file_CSP_main.js rename : dom/security/test/csp/file_base-uri.html => dom/base/test/csp/file_base-uri.html rename : dom/security/test/csp/file_bug836922_npolicies.html => dom/base/test/csp/file_bug836922_npolicies.html rename : dom/security/test/csp/file_bug836922_npolicies.html^headers^ => dom/base/test/csp/file_bug836922_npolicies.html^headers^ rename : dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs => dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs rename : dom/security/test/csp/file_bug836922_npolicies_violation.sjs => dom/base/test/csp/file_bug836922_npolicies_violation.sjs rename : dom/security/test/csp/file_bug886164.html => dom/base/test/csp/file_bug886164.html rename : dom/security/test/csp/file_bug886164.html^headers^ => dom/base/test/csp/file_bug886164.html^headers^ rename : dom/security/test/csp/file_bug886164_2.html => dom/base/test/csp/file_bug886164_2.html rename : dom/security/test/csp/file_bug886164_2.html^headers^ => dom/base/test/csp/file_bug886164_2.html^headers^ rename : dom/security/test/csp/file_bug886164_3.html => dom/base/test/csp/file_bug886164_3.html rename : dom/security/test/csp/file_bug886164_3.html^headers^ => dom/base/test/csp/file_bug886164_3.html^headers^ rename : dom/security/test/csp/file_bug886164_4.html => dom/base/test/csp/file_bug886164_4.html rename : dom/security/test/csp/file_bug886164_4.html^headers^ => dom/base/test/csp/file_bug886164_4.html^headers^ rename : dom/security/test/csp/file_bug886164_5.html => dom/base/test/csp/file_bug886164_5.html rename : dom/security/test/csp/file_bug886164_5.html^headers^ => dom/base/test/csp/file_bug886164_5.html^headers^ rename : dom/security/test/csp/file_bug886164_6.html => dom/base/test/csp/file_bug886164_6.html rename : dom/security/test/csp/file_bug886164_6.html^headers^ => dom/base/test/csp/file_bug886164_6.html^headers^ rename : dom/security/test/csp/file_connect-src.html => dom/base/test/csp/file_connect-src.html rename : dom/security/test/csp/file_allow_https_schemes.html => dom/base/test/csp/file_csp_allow_https_schemes.html rename : dom/security/test/csp/file_bug768029.html => dom/base/test/csp/file_csp_bug768029.html rename : dom/security/test/csp/file_bug768029.sjs => dom/base/test/csp/file_csp_bug768029.sjs rename : dom/security/test/csp/file_bug773891.html => dom/base/test/csp/file_csp_bug773891.html rename : dom/security/test/csp/file_bug773891.sjs => dom/base/test/csp/file_csp_bug773891.sjs rename : dom/security/test/csp/file_invalid_source_expression.html => dom/base/test/csp/file_csp_invalid_source_expression.html rename : dom/security/test/csp/file_path_matching.html => dom/base/test/csp/file_csp_path_matching.html rename : dom/security/test/csp/file_path_matching.js => dom/base/test/csp/file_csp_path_matching.js rename : dom/security/test/csp/file_path_matching_redirect.html => dom/base/test/csp/file_csp_path_matching_redirect.html rename : dom/security/test/csp/file_path_matching_redirect_server.sjs => dom/base/test/csp/file_csp_path_matching_redirect_server.sjs rename : dom/security/test/csp/file_redirects_main.html => dom/base/test/csp/file_csp_redirects_main.html rename : dom/security/test/csp/file_redirects_page.sjs => dom/base/test/csp/file_csp_redirects_page.sjs rename : dom/security/test/csp/file_redirects_resource.sjs => dom/base/test/csp/file_csp_redirects_resource.sjs rename : dom/security/test/csp/file_referrerdirective.html => dom/base/test/csp/file_csp_referrerdirective.html rename : dom/security/test/csp/file_report.html => dom/base/test/csp/file_csp_report.html rename : dom/security/test/csp/file_testserver.sjs => dom/base/test/csp/file_csp_testserver.sjs rename : dom/security/test/csp/file_form-action.html => dom/base/test/csp/file_form-action.html rename : dom/security/test/csp/file_hash_source.html => dom/base/test/csp/file_hash_source.html rename : dom/security/test/csp/file_hash_source.html^headers^ => dom/base/test/csp/file_hash_source.html^headers^ rename : dom/security/test/csp/file_leading_wildcard.html => dom/base/test/csp/file_leading_wildcard.html rename : dom/security/test/csp/file_multi_policy_injection_bypass.html => dom/base/test/csp/file_multi_policy_injection_bypass.html rename : dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^ => dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^ rename : dom/security/test/csp/file_multi_policy_injection_bypass_2.html => dom/base/test/csp/file_multi_policy_injection_bypass_2.html rename : dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ rename : dom/security/test/csp/file_nonce_source.html => dom/base/test/csp/file_nonce_source.html rename : dom/security/test/csp/file_nonce_source.html^headers^ => dom/base/test/csp/file_nonce_source.html^headers^ rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy.html => dom/base/test/csp/file_policyuri_regression_from_multipolicy.html rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ => dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy => dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy rename : dom/security/test/csp/file_redirect_content.sjs => dom/base/test/csp/file_redirect_content.sjs rename : dom/security/test/csp/file_redirect_report.sjs => dom/base/test/csp/file_redirect_report.sjs rename : dom/security/test/csp/file_report_uri_missing_in_report_only_header.html => dom/base/test/csp/file_report_uri_missing_in_report_only_header.html rename : dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ => dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/base/test/csp/file_self_none_as_hostname_confusion.html rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^ rename : dom/security/test/csp/file_subframe_run_js_if_allowed.html => dom/base/test/csp/file_subframe_run_js_if_allowed.html rename : dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^ => dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ rename : dom/security/test/csp/file_worker_redirect.html => dom/base/test/csp/file_worker_redirect.html rename : dom/security/test/csp/file_worker_redirect.sjs => dom/base/test/csp/file_worker_redirect.sjs rename : dom/security/test/csp/mochitest.ini => dom/base/test/csp/mochitest.ini rename : dom/security/test/csp/referrerdirective.sjs => dom/base/test/csp/referrerdirective.sjs rename : dom/security/test/csp/test_301_redirect.html => dom/base/test/csp/test_301_redirect.html rename : dom/security/test/csp/test_302_redirect.html => dom/base/test/csp/test_302_redirect.html rename : dom/security/test/csp/test_303_redirect.html => dom/base/test/csp/test_303_redirect.html rename : dom/security/test/csp/test_307_redirect.html => dom/base/test/csp/test_307_redirect.html rename : dom/security/test/csp/test_CSP.html => dom/base/test/csp/test_CSP.html rename : dom/security/test/csp/test_bug663567.html => dom/base/test/csp/test_CSP_bug663567.html rename : dom/security/test/csp/test_bug802872.html => dom/base/test/csp/test_CSP_bug802872.html rename : dom/security/test/csp/test_bug885433.html => dom/base/test/csp/test_CSP_bug885433.html rename : dom/security/test/csp/test_bug888172.html => dom/base/test/csp/test_CSP_bug888172.html rename : dom/security/test/csp/test_bug909029.html => dom/base/test/csp/test_CSP_bug909029.html rename : dom/security/test/csp/test_bug910139.html => dom/base/test/csp/test_CSP_bug910139.html rename : dom/security/test/csp/test_bug941404.html => dom/base/test/csp/test_CSP_bug941404.html rename : dom/security/test/csp/test_evalscript.html => dom/base/test/csp/test_CSP_evalscript.html rename : dom/security/test/csp/test_frameancestors.html => dom/base/test/csp/test_CSP_frameancestors.html rename : dom/security/test/csp/test_inlinescript.html => dom/base/test/csp/test_CSP_inlinescript.html rename : dom/security/test/csp/test_inlinestyle.html => dom/base/test/csp/test_CSP_inlinestyle.html rename : dom/security/test/csp/test_referrerdirective.html => dom/base/test/csp/test_CSP_referrerdirective.html rename : dom/security/test/csp/test_base-uri.html => dom/base/test/csp/test_base-uri.html rename : dom/security/test/csp/test_bug836922_npolicies.html => dom/base/test/csp/test_bug836922_npolicies.html rename : dom/security/test/csp/test_bug886164.html => dom/base/test/csp/test_bug886164.html rename : dom/security/test/csp/test_bug949549.html => dom/base/test/csp/test_bug949549.html rename : dom/security/test/csp/test_connect-src.html => dom/base/test/csp/test_connect-src.html rename : dom/security/test/csp/test_allow_https_schemes.html => dom/base/test/csp/test_csp_allow_https_schemes.html rename : dom/security/test/csp/test_bug768029.html => dom/base/test/csp/test_csp_bug768029.html rename : dom/security/test/csp/test_bug773891.html => dom/base/test/csp/test_csp_bug773891.html rename : dom/security/test/csp/test_invalid_source_expression.html => dom/base/test/csp/test_csp_invalid_source_expression.html rename : dom/security/test/csp/test_path_matching.html => dom/base/test/csp/test_csp_path_matching.html rename : dom/security/test/csp/test_path_matching_redirect.html => dom/base/test/csp/test_csp_path_matching_redirect.html rename : dom/security/test/csp/test_redirects.html => dom/base/test/csp/test_csp_redirects.html rename : dom/security/test/csp/test_report.html => dom/base/test/csp/test_csp_report.html rename : dom/security/test/csp/test_form-action.html => dom/base/test/csp/test_form-action.html rename : dom/security/test/csp/test_hash_source.html => dom/base/test/csp/test_hash_source.html rename : dom/security/test/csp/test_leading_wildcard.html => dom/base/test/csp/test_leading_wildcard.html rename : dom/security/test/csp/test_multi_policy_injection_bypass.html => dom/base/test/csp/test_multi_policy_injection_bypass.html rename : dom/security/test/csp/test_nonce_source.html => dom/base/test/csp/test_nonce_source.html rename : dom/security/test/csp/test_policyuri_regression_from_multipolicy.html => dom/base/test/csp/test_policyuri_regression_from_multipolicy.html rename : dom/security/test/csp/test_report_uri_missing_in_report_only_header.html => dom/base/test/csp/test_report_uri_missing_in_report_only_header.html rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/base/test/csp/test_self_none_as_hostname_confusion.html rename : dom/security/test/csp/test_subframe_run_js_if_allowed.html => dom/base/test/csp/test_subframe_run_js_if_allowed.html rename : dom/security/test/csp/test_worker_redirect.html => dom/base/test/csp/test_worker_redirect.html rename : dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs => dom/base/test/file_CrossSiteXHR_cache_server.sjs rename : dom/security/test/cors/file_CrossSiteXHR_inner.html => dom/base/test/file_CrossSiteXHR_inner.html rename : dom/security/test/cors/file_CrossSiteXHR_inner.jar => dom/base/test/file_CrossSiteXHR_inner.jar rename : dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs => dom/base/test/file_CrossSiteXHR_inner_data.sjs rename : dom/security/test/cors/file_CrossSiteXHR_server.sjs => dom/base/test/file_CrossSiteXHR_server.sjs rename : dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html => dom/base/test/mixedcontentblocker/bug803225_test_mailto.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_blankTarget.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_grandchild.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_innermost.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_secure.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_secure_grandchild.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_secure_grandchild.html rename : dom/security/test/mixedcontentblocker/file_main.html => dom/base/test/mixedcontentblocker/file_mixed_content_main.html rename : dom/security/test/mixedcontentblocker/file_main_bug803225.html => dom/base/test/mixedcontentblocker/file_mixed_content_main_bug803225.html rename : dom/security/test/mixedcontentblocker/file_main_bug803225_websocket_wsh.py => dom/base/test/mixedcontentblocker/file_mixed_content_main_bug803225_websocket_wsh.py rename : dom/security/test/mixedcontentblocker/file_server.sjs => dom/base/test/mixedcontentblocker/file_mixed_content_server.sjs rename : dom/security/test/mixedcontentblocker/mochitest.ini => dom/base/test/mixedcontentblocker/mochitest.ini rename : dom/security/test/mixedcontentblocker/test_main.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker.html rename : dom/security/test/mixedcontentblocker/test_bug803225.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker_bug803225.html rename : dom/security/test/mixedcontentblocker/test_frameNavigation.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker_frameNavigation.html rename : dom/security/test/cors/test_CrossSiteXHR.html => dom/base/test/test_CrossSiteXHR.html rename : dom/security/test/cors/test_CrossSiteXHR_cache.html => dom/base/test/test_CrossSiteXHR_cache.html rename : dom/security/test/cors/test_CrossSiteXHR_origin.html => dom/base/test/test_CrossSiteXHR_origin.html rename : dom/security/test/unit/test_cspreports.js => dom/base/test/unit/test_cspreports.js
186 lines
6.6 KiB
JavaScript
186 lines
6.6 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
const Cc = Components.classes;
|
|
const Ci = Components.interfaces;
|
|
const Cu = Components.utils;
|
|
const Cr = Components.results;
|
|
|
|
Cu.import('resource://gre/modules/NetUtil.jsm');
|
|
|
|
var httpServer = new HttpServer();
|
|
httpServer.start(-1);
|
|
var testsToFinish = 0;
|
|
|
|
const REPORT_SERVER_PORT = httpServer.identity.primaryPort;
|
|
const REPORT_SERVER_URI = "http://localhost";
|
|
const REPORT_SERVER_PATH = "/report";
|
|
|
|
/**
|
|
* Construct a callback that listens to a report submission and either passes
|
|
* or fails a test based on what it gets.
|
|
*/
|
|
function makeReportHandler(testpath, message, expectedJSON) {
|
|
return function(request, response) {
|
|
// we only like "POST" submissions for reports!
|
|
if (request.method !== "POST") {
|
|
do_throw("violation report should be a POST request");
|
|
return;
|
|
}
|
|
|
|
// obtain violation report
|
|
var reportObj = JSON.parse(
|
|
NetUtil.readInputStreamToString(
|
|
request.bodyInputStream,
|
|
request.bodyInputStream.available()));
|
|
|
|
dump("GOT REPORT:\n" + JSON.stringify(reportObj) + "\n");
|
|
dump("TESTPATH: " + testpath + "\n");
|
|
dump("EXPECTED: \n" + JSON.stringify(expectedJSON) + "\n\n");
|
|
|
|
for (var i in expectedJSON)
|
|
do_check_eq(expectedJSON[i], reportObj['csp-report'][i]);
|
|
|
|
testsToFinish--;
|
|
httpServer.registerPathHandler(testpath, null);
|
|
if (testsToFinish < 1)
|
|
httpServer.stop(do_test_finished);
|
|
else
|
|
do_test_finished();
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Everything created by this assumes it will cause a report. If you want to
|
|
* add a test here that will *not* cause a report to go out, you're gonna have
|
|
* to make sure the test cleans up after itself.
|
|
*/
|
|
function makeTest(id, expectedJSON, useReportOnlyPolicy, callback) {
|
|
testsToFinish++;
|
|
do_test_pending();
|
|
|
|
// set up a new CSP instance for each test.
|
|
var csp = Cc["@mozilla.org/cspcontext;1"]
|
|
.createInstance(Ci.nsIContentSecurityPolicy);
|
|
var policy = "default-src 'none'; " +
|
|
"report-uri " + REPORT_SERVER_URI +
|
|
":" + REPORT_SERVER_PORT +
|
|
"/test" + id;
|
|
var selfuri = NetUtil.newURI(REPORT_SERVER_URI +
|
|
":" + REPORT_SERVER_PORT +
|
|
"/foo/self");
|
|
var selfchan = NetUtil.newChannel(selfuri);
|
|
|
|
dump("Created test " + id + " : " + policy + "\n\n");
|
|
|
|
// make the reports seem authentic by "binding" them to a channel.
|
|
csp.setRequestContext(selfuri, null, selfchan);
|
|
|
|
// Load up the policy
|
|
// set as report-only if that's the case
|
|
csp.appendPolicy(policy, useReportOnlyPolicy);
|
|
|
|
// prime the report server
|
|
var handler = makeReportHandler("/test" + id, "Test " + id, expectedJSON);
|
|
httpServer.registerPathHandler("/test" + id, handler);
|
|
|
|
//trigger the violation
|
|
callback(csp);
|
|
}
|
|
|
|
function run_test() {
|
|
var selfuri = NetUtil.newURI(REPORT_SERVER_URI +
|
|
":" + REPORT_SERVER_PORT +
|
|
"/foo/self");
|
|
|
|
// test that inline script violations cause a report.
|
|
makeTest(0, {"blocked-uri": "self"}, false,
|
|
function(csp) {
|
|
let inlineOK = true, oReportViolation = {'value': false};
|
|
inlineOK = csp.getAllowsInlineScript(oReportViolation);
|
|
|
|
// this is not a report only policy, so it better block inline scripts
|
|
do_check_false(inlineOK);
|
|
// ... and cause reports to go out
|
|
do_check_true(oReportViolation.value);
|
|
|
|
if (oReportViolation.value) {
|
|
// force the logging, since the getter doesn't.
|
|
csp.logViolationDetails(Ci.nsIContentSecurityPolicy.VIOLATION_TYPE_INLINE_SCRIPT,
|
|
selfuri.asciiSpec,
|
|
"script sample",
|
|
0);
|
|
}
|
|
});
|
|
|
|
// test that eval violations cause a report.
|
|
makeTest(1, {"blocked-uri": "self"}, false,
|
|
function(csp) {
|
|
let evalOK = true, oReportViolation = {'value': false};
|
|
evalOK = csp.getAllowsEval(oReportViolation);
|
|
|
|
// this is not a report only policy, so it better block eval
|
|
do_check_false(evalOK);
|
|
// ... and cause reports to go out
|
|
do_check_true(oReportViolation.value);
|
|
|
|
if (oReportViolation.value) {
|
|
// force the logging, since the getter doesn't.
|
|
csp.logViolationDetails(Ci.nsIContentSecurityPolicy.VIOLATION_TYPE_EVAL,
|
|
selfuri.asciiSpec,
|
|
"script sample",
|
|
1);
|
|
}
|
|
});
|
|
|
|
makeTest(2, {"blocked-uri": "http://blocked.test/foo.js"}, false,
|
|
function(csp) {
|
|
// shouldLoad creates and sends out the report here.
|
|
csp.shouldLoad(Ci.nsIContentPolicy.TYPE_SCRIPT,
|
|
NetUtil.newURI("http://blocked.test/foo.js"),
|
|
null, null, null, null);
|
|
});
|
|
|
|
// test that inline script violations cause a report in report-only policy
|
|
makeTest(3, {"blocked-uri": "self"}, true,
|
|
function(csp) {
|
|
let inlineOK = true, oReportViolation = {'value': false};
|
|
inlineOK = csp.getAllowsInlineScript(oReportViolation);
|
|
|
|
// this is a report only policy, so it better allow inline scripts
|
|
do_check_true(inlineOK);
|
|
|
|
// ... and cause reports to go out
|
|
do_check_true(oReportViolation.value);
|
|
|
|
if (oReportViolation.value) {
|
|
// force the logging, since the getter doesn't.
|
|
csp.logViolationDetails(Ci.nsIContentSecurityPolicy.VIOLATION_TYPE_INLINE_SCRIPT,
|
|
selfuri.asciiSpec,
|
|
"script sample",
|
|
3);
|
|
}
|
|
});
|
|
|
|
// test that eval violations cause a report in report-only policy
|
|
makeTest(4, {"blocked-uri": "self"}, true,
|
|
function(csp) {
|
|
let evalOK = true, oReportViolation = {'value': false};
|
|
evalOK = csp.getAllowsEval(oReportViolation);
|
|
|
|
// this is a report only policy, so it better allow eval
|
|
do_check_true(evalOK);
|
|
// ... but still cause reports to go out
|
|
do_check_true(oReportViolation.value);
|
|
|
|
if (oReportViolation.value) {
|
|
// force the logging, since the getter doesn't.
|
|
csp.logViolationDetails(Ci.nsIContentSecurityPolicy.VIOLATION_TYPE_INLINE_SCRIPT,
|
|
selfuri.asciiSpec,
|
|
"script sample",
|
|
4);
|
|
}
|
|
});
|
|
}
|