Bug 991972 - Catch and compensate for expected extra test successes in test_CSP_frameancestors.html. (r=grobinson)
authorSid Stamm <sstamm@mozilla.com>
Wed, 02 Jul 2014 14:39:27 -0700
changeset 191947 fb9619b783fca1e7ac0f80fef9320868dd4b3778
parent 191946 41c78c93db57bcee510b0b70ff1fc59f3700fdf1
child 191948 edcc53a65a0bdac7363f0a0b2f03844f1f887b86
push id45710
push usersstamm@mozilla.com
push dateWed, 02 Jul 2014 21:40:03 +0000
treeherdermozilla-inbound@edcc53a65a0b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgrobinson
bugs991972
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 991972 - Catch and compensate for expected extra test successes in test_CSP_frameancestors.html. (r=grobinson)
content/base/test/csp/test_CSP_frameancestors.html
--- a/content/base/test/csp/test_CSP_frameancestors.html
+++ b/content/base/test/csp/test_CSP_frameancestors.html
@@ -22,41 +22,72 @@ var framesThatShouldLoad = {
   aba_allow: -1,   /* innermost frame allows b,a */
   //aba_block: -1,   /* innermost frame denies b */
   //aba2_block: -1,  /* innermost frame denies a */
   abb_allow: -1,   /* innermost frame allows b,a */
   //abb_block: -1,   /* innermost frame denies b */
   //abb2_block: -1,  /* innermost frame denies a */
 };
 
-var expectedViolationsLeft = 6;
+// we normally expect _6_ violations (6 test cases that cause blocks), but many
+// of the cases cause violations due to the // origin of the test harness (same
+// as 'a'). When the violation is cross-origin, the URI passed to the observers
+// is null (see bug 846978).  This means we can't tell if it's part of the test
+// case or if it is the test harness frame (also origin 'a').
+// As a result, we'll get an extra violation for the following cases:
+//  ab_block    "frame-ancestors 'none'" (outer frame and test harness)
+//  aba2_block  "frame-ancestors b" (outer frame and test harness)
+//  abb2_block   "frame-ancestors b" (outer frame and test harness)
+//
+// and while we can detect the test harness check for this one case since
+// the violations are not cross-origin and we get the URI:
+//  aba2_block  "frame-ancestors b" (outer frame and test harness)
+//
+// we can't for these other ones:
+//  ab_block    "frame-ancestors 'none'" (outer frame and test harness)
+//  abb2_block   "frame-ancestors b" (outer frame and test harness)
+//
+// so that results in 2 extra violation notifications due to the test harness.
+// expected = 6, total = 8
+//
+// Number of tests that pass for this file should be 12 (8 violations 4 loads)
+var expectedViolationsLeft = 8;
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
+    // subject should be an nsURI... though could be null since CSP
+    // prohibits cross-origin URI reporting during frame ancestors checks.
+    if (subject && !SpecialPowers.can_QI(subject))
       return;
 
+    var asciiSpec = subject;
+
+    try {
+      asciiSpec = SpecialPowers.getPrivilegedProps(
+                    SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+                    "asciiSpec");
+
+      // skip checks on the test harness -- can't do this skipping for
+      // cross-origin blocking since the observer doesn't get the URI.  This
+      // can cause this test to over-succeed (but only in specific cases).
+      if (asciiSpec.contains("test_CSP_frameancestors.html")) {
+        return;
+      }
+    } catch (ex) {
+      // was not an nsIURI, so it was probably a cross-origin report.
+    }
+
+
     if (topic === "csp-on-violate-policy") {
       //these were blocked... record that they were blocked
-      var asciiSpec = subject;
-
-      // Except CSP prohibits cross-origin URI reporting during frame ancestors
-      // checks so this URI could be null.
-      try {
-        asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
-      } catch (ex) {
-        // was not an nsIURI, so it was probably a cross-origin report.
-      }
-
       window.frameBlocked(asciiSpec, data);
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");