Bug 949706 - tests for CSP enforcement on redirects in CSS-based image loading and worker script importing (r=ckerschb)
authorSid Stamm <sstamm@mozilla.com>
Thu, 04 Dec 2014 13:43:54 -0800
changeset 218774 2df3340c1c679b4d422f73fe9c353ea5db417287
parent 218773 eb74c885c0c867a92c23505c662ab5f91d59d392
child 218775 9bf92c31a2d8433d87238ac55271c34e42978713
push id27944
push usercbook@mozilla.com
push dateTue, 09 Dec 2014 11:54:28 +0000
treeherdermozilla-central@acf5660d2048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs949706
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 949706 - tests for CSP enforcement on redirects in CSS-based image loading and worker script importing (r=ckerschb)
dom/base/test/csp/file_csp_redirects_main.html
dom/base/test/csp/file_csp_redirects_page.sjs
dom/base/test/csp/file_csp_redirects_resource.sjs
dom/base/test/csp/test_csp_redirects.html
--- a/dom/base/test/csp/file_csp_redirects_main.html
+++ b/dom/base/test/csp/file_csp_redirects_main.html
@@ -15,16 +15,18 @@ var tests = { "font-src": thisSite+page+
               "frame-src": thisSite+page+"?testid=frame-src&csp=1",
               "img-src":  thisSite+page+"?testid=img-src&csp=1",
               "media-src":  thisSite+page+"?testid=media-src&csp=1",
               "object-src":  thisSite+page+"?testid=object-src&csp=1",
               "script-src":  thisSite+page+"?testid=script-src&csp=1",
               "style-src":  thisSite+page+"?testid=style-src&csp=1",
               "worker":  thisSite+page+"?testid=worker&csp=1",
               "xhr-src":  thisSite+page+"?testid=xhr-src&csp=1",
+              "script-src-from-worker": thisSite+page+"?testid=script-src-from-worker&csp=1",
+              "img-src-from-css":  thisSite+page+"?testid=img-src-from-css&csp=1",
             };
 
 var container = document.getElementById("container");
 
 // load each test in its own iframe
 for (tid in tests) {
   var i = document.createElement("iframe");
   i.id = tid;
--- a/dom/base/test/csp/file_csp_redirects_page.sjs
+++ b/dom/base/test/csp/file_csp_redirects_page.sjs
@@ -71,9 +71,26 @@ function handleRequest(request, response
     return;
   }
 
   // script that XHR's to a resource that redirects to another site
   if (query["testid"] == "xhr-src") {
     response.write('<script src="'+resource+'?res=xhr"></script>');
     return;
   }
+
+  // for bug949706
+  if (query["testid"] == "img-src-from-css") {
+    // loads a stylesheet, which in turn loads an image that redirects.
+    response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=cssLoader&id=img-src-redir-from-css">');
+    return;
+  }
+
+  if (query["testid"] == "script-src-from-worker") {
+    // loads a script; launches a worker; that worker uses importscript; which then gets redirected
+    // So it's:
+    // <script "res=loadWorkerThatImports">
+    //   .. loads Worker("res=importScriptWorker")
+    //         .. calls importScript("res=script")
+    response.write('<script src="'+resource+'?res=loadWorkerThatImports&id=script-src-redir-from-worker"></script>');
+    return;
+  }
 }
--- a/dom/base/test/csp/file_csp_redirects_resource.sjs
+++ b/dom/base/test/csp/file_csp_redirects_resource.sjs
@@ -87,16 +87,44 @@ function handleRequest(request, response
 
   // web worker resource
   if (query["res"] == "worker") {
     response.setHeader("Content-Type", "application/javascript", false);
     response.write("worker script data...");
     return;
   }
 
+  // internal stylesheet that loads an image from an external site
+  if (query["res"] == "cssLoader") {
+    let bgURL = thisSite + resource + '?redir=other&res=image&id=' + query["id"];
+    response.setHeader("Content-Type", "text/css", false);
+    response.write("body { background:url('" + bgURL + "'); }");
+    return;
+  }
+
+  // script that loads an internal worker that uses importScripts on a redirect
+  // to an external script.
+  if (query["res"] == "loadWorkerThatImports") {
+    // this creates a worker (same origin) that imports a redirecting script.
+    let workerURL = thisSite + resource + '?res=importScriptWorker&id=' + query["id"];
+    response.setHeader("Content-Type", "application/javascript", false);
+    response.write("var w=new Worker('" + workerURL + "'); w.onmessage=function(event){ alert(event.data); }");
+    return;
+  }
+
+  // source for a worker that simply calls importScripts on a script that
+  // redirects.
+  if (query["res"] == "importScriptWorker") {
+    // this is code for a worker that imports a redirected script.
+    let scriptURL = thisSite + resource + "?redir=other&res=script&id=" + query["id"];
+    response.setHeader("Content-Type", "application/javascript", false);
+    response.write("importScripts('" + scriptURL + "');");
+    return;
+  }
+
   // script that invokes XHR
   if (query["res"] == "xhr") {
     response.setHeader("Content-Type", "text/html", false);
     var resp = 'var x = new XMLHttpRequest(); x.open("GET", "' + otherSite +
                resource+'?res=xhr-resp&testid=xhr-src-redir", false); ' +
                'x.send(null);';
     response.write(resp);
     return;
--- a/dom/base/test/csp/test_csp_redirects.html
+++ b/dom/base/test/csp/test_csp_redirects.html
@@ -81,16 +81,20 @@ var testExpectedResults = { "font-src": 
                             "script-src": true,
                             "script-src-redir": false,
                             "style-src": true,
                             "style-src-redir": false,
                             "worker": true,
                             "worker-redir": false,
                             "xhr-src": true,
                             "xhr-src-redir": false,
+                            "script-src-from-worker": true, /* test runs */
+                            "script-src-redir-from-worker": false, /* redir is blocked */
+                            "img-src-from-css": true, /* test runs */
+                            "img-src-redir-from-css": false, /* redir is blocked */
                           };
 
 // takes the name of the test, the URL that was tested, and whether the
 // load occurred
 var testResult = function(testName, url, result) {
   log("  testName: "+testName+", result: "+result+", expected: "+testExpectedResults[testName]+"\n");
   is(result, testExpectedResults[testName], testName+" test: "+url);