Bug 1599791: Test CSP and link rel=preload. r=mayhemer
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 30 Mar 2020 15:00:17 +0000
changeset 521089 f2f8ac87d5178d1703c6ac3b967e7238668528a0
parent 521088 360f09e5abbdce59310f36a60a0168cf0c6a6588
child 521090 85b2d74f745170e2826d1dddd26e16cbf22ffe87
push id111469
push userbtara@mozilla.com
push dateMon, 30 Mar 2020 15:24:37 +0000
treeherderautoland@f2f8ac87d517 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer
bugs1599791
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1599791: Test CSP and link rel=preload. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D68718
dom/security/test/csp/file_link_rel_preload.html
dom/security/test/csp/mochitest.ini
dom/security/test/csp/test_link_rel_preload.html
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_link_rel_preload.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html>
+<head>
+  <title>Bug 1599791 - Test link rel=preload</title>
+  <!-- Please note that fakeServer does not exist in our testsuite -->
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'">
+  <link rel="preload" as="script" href="fakeServer?script"></link>
+  <link rel="preload" as="style" href="fakeServer?style"></link>
+  <link rel="preload" as="image" href="fakeServer?image"></link>
+
+  <link rel="stylesheet" href="fakeServer?style">
+</head>
+<body>
+<script src="fakeServer?script"></script>
+<img src="fakeServer?image"></img>
+</body>
+</html>
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -406,8 +406,11 @@ support-files =
 [test_xslt_inherits_csp.html]
 support-files =
   file_xslt_inherits_csp.xml
   file_xslt_inherits_csp.xml^headers^
   file_xslt_inherits_csp.xsl
 [test_object_inherit.html]
 support-files =
   file_object_inherit.html
+[test_link_rel_preload.html]
+support-files =
+  file_link_rel_preload.html
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/test_link_rel_preload.html
@@ -0,0 +1,77 @@
+<!doctype html>
+<html>
+<head>
+  <title>Bug 1599791 - Test link rel=preload</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe id=testframe></iframe>
+<script class="testbody" type="text/javascript">
+
+// Please note that 'fakeServer' does not exist because the test relies
+// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
+// which fire if either the request is blocked or fires. The test does
+// not rely on the result of the load.
+
+let TOTAL_TESTS = 3; // script, style, image
+let seenTests = 0;
+
+function examiner() {
+  SpecialPowers.addObserver(this, "csp-on-violate-policy");
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
+}
+examiner.prototype  = {
+  observe(subject, topic, data) {
+    if (topic === "csp-on-violate-policy") {
+      let asciiSpec = SpecialPowers.getPrivilegedProps(
+                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+                       "asciiSpec");
+
+      if (asciiSpec.includes("fakeServer?script") ||
+          asciiSpec.includes("fakeServer?style") ||
+          asciiSpec.includes("fakeServer?image")) {
+        let type = asciiSpec.substring(asciiSpec.indexOf("?") + 1);
+        ok (true, type + " should be blocked by CSP");
+        checkFinished();
+      }
+    }
+
+    if (topic === "specialpowers-http-notify-request") {
+      if (data.includes("fakeServer?script") ||
+          data.includes("fakeServer?style") ||
+          data.includes("fakeServer?image")) {
+        let type = data.substring(data.indexOf("?") + 1);
+        ok (false, type + " should not be loaded");
+        checkFinished();
+      }
+    }
+  },
+  remove() {
+    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+  }
+}
+
+window.examiner = new examiner();
+
+function checkFinished() {
+  seenTests++;
+  if (seenTests == TOTAL_TESTS) {
+    window.examiner.remove();
+    SimpleTest.finish();
+    return;
+  }
+}
+
+SimpleTest.waitForExplicitFinish();
+
+SpecialPowers.pushPrefEnv(
+  {'set':[["network.preload-experimental", true]]},
+  function() {
+    document.getElementById("testframe").src = "file_link_rel_preload.html";
+  });
+
+</script>
+</body>
+</html>