Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Tue, 01 Mar 2016 09:19:28 -0800
changeset 291031 ef37a752e6cd360da991756ffb73d4319780d11a
parent 291030 e769e96e86802aa52db21ec1be64b000d748611e
child 291032 471a58815a860a006858c5c8b5bfc6838b65719a
push id19656
push usergwagner@mozilla.com
push dateMon, 04 Apr 2016 13:43:23 +0000
treeherderb2g-inbound@e99061fde28a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1243586
milestone48.0a1
Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
dom/security/test/unit/xpcshell.ini
new file mode 100644
--- /dev/null
+++ b/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
@@ -0,0 +1,98 @@
+var Cu = Components.utils;
+var Ci = Components.interfaces;
+
+Cu.import("resource://testing-common/httpd.js");
+Cu.import("resource://gre/modules/NetUtil.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "URL", function() {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver =  null;
+var channel = null;
+var curTest = null;
+var testpath = "/footpath";
+
+var tests = [
+  {
+    description: "should not set request header for TYPE_OTHER",
+    expectingHeader: false,
+    contentType: Ci.nsIContentPolicy.TYPE_OTHER
+  },
+  {
+    description: "should set request header for TYPE_DOCUMENT",
+    expectingHeader: true,
+    contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT
+  },
+  {
+    description: "should set request header for TYPE_SUBDOCUMENT",
+    expectingHeader: true,
+    contentType: Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
+  },
+  {
+    description: "should not set request header for TYPE_IMG",
+    expectingHeader: false,
+    contentType: Ci.nsIContentPolicy.TYPE_IMG
+  },
+];
+
+function ChannelListener() {
+}
+
+ChannelListener.prototype = {
+  onStartRequest: function(request, context) { },
+  onDataAvailable: function(request, context, stream, offset, count) {
+    do_throw("Should not get any data!");
+  },
+  onStopRequest: function(request, context, status) {
+    var upgrade_insecure_header = false;
+    try {
+      if (request.getRequestHeader("Upgrade-Insecure-Requests")) {
+        upgrade_insecure_header = true;
+      }
+    }
+    catch (e) {
+      // exception is thrown if header is not available on the request
+    }
+    // debug
+    // dump("executing test: " + curTest.description);
+    do_check_eq(upgrade_insecure_header, curTest.expectingHeader)
+    run_next_test();
+  },
+};
+
+function setupChannel(aContentType) {
+  var chan = NetUtil.newChannel({
+    uri: URL + testpath,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: aContentType
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.requestMethod = "GET";
+  return chan;
+}
+
+function serverHandler(metadata, response) {
+  // no need to perform anything here
+}
+
+function run_next_test() {
+  curTest = tests.shift();
+  if (!curTest) {
+    httpserver.stop(do_test_finished);
+    return;
+  }
+  channel = setupChannel(curTest.contentType);
+  channel.asyncOpen(new ChannelListener(), null);
+}
+
+function run_test() {
+  // set up the test environment
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.start(-1);
+
+  run_next_test();
+  do_test_pending();
+}
--- a/dom/security/test/unit/xpcshell.ini
+++ b/dom/security/test/unit/xpcshell.ini
@@ -1,8 +1,9 @@
 [DEFAULT]
 head =
 tail =
 skip-if = toolkit == 'gonk'
 
 [test_csp_reports.js]
 skip-if = buildapp == 'mulet'
 [test_isURIPotentiallyTrustworthy.js]
+[test_csp_upgrade_insecure_request_header.js]