| author | Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com> |
| Wed, 13 Feb 2019 20:42:34 +0100 | |
| changeset 458939 | 53354f120211 |
| parent 458938 | 943193dd891e |
| child 458940 | 4c1eb1293bbf |
| push id | 35552 |
| push user | shindli@mozilla.com |
| push date | Thu, 14 Feb 2019 04:39:44 +0000 |
| treeherder | mozilla-central@c6829642e2d0 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | jkt |
| bugs | 1509738 |
| milestone | 67.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
new file mode 100644 --- /dev/null +++ b/dom/security/test/csp/file_nonce_snapshot.sjs @@ -0,0 +1,48 @@ +"use strict"; + +const TEST_FRAME = + `<!DOCTYPE HTML> + <html> + <body> + <script id='myScript' nonce='123456789' type='application/javascript'></script> + <script nonce='123456789'> + let myScript = document.getElementById('myScript'); + // 1) start loading the script using the nonce 123456789 + myScript.src='file_nonce_snapshot.sjs?redir-script'; + // 2) dynamically change the nonce, load should use initial nonce + myScript.setAttribute('nonce','987654321'); + </script> + </body> + </html>`; + +const SCRIPT = "window.parent.postMessage('script-loaded', '*');"; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + let queryString = request.queryString; + + if (queryString === "load-frame") { + response.setHeader("Content-Security-Policy", "script-src 'nonce-123456789'", false); + response.setHeader("Content-Type", "text/html", false); + response.write(TEST_FRAME); + return; + } + + if (queryString === "redir-script") { + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", "file_nonce_snapshot.sjs?load-script", false); + return; + } + + if (queryString === "load-script") { + response.setHeader("Content-Type", "application/javascript", false); + response.write(SCRIPT); + return; + } + + // we should never get here but just in case return something unexpected + response.write("do'h"); +}
--- a/dom/security/test/csp/mochitest.ini +++ b/dom/security/test/csp/mochitest.ini @@ -363,8 +363,11 @@ support-files = file_frame_src_inner.html [test_security_policy_violation_event.html] [test_csp_worker_inheritance.html] support-files = worker.sjs worker_helper.js main_csp_worker.html main_csp_worker.html^headers^ +[test_nonce_snapshot.html] +support-files = + file_nonce_snapshot.sjs
new file mode 100644 --- /dev/null +++ b/dom/security/test/csp/test_nonce_snapshot.html @@ -0,0 +1,35 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1509738 - Snapshot nonce at load start time</title> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * a) the test starts loading a script using whitelisted nonce + * b) the nonce of the script gets modified + * c) the script hits a 302 server side redirect + * d) we ensure the script still loads and does not use the modified nonce + */ + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data, "script-loaded", "script loaded even though nonce was dynamically modified"); + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); +} + + +SimpleTest.waitForExplicitFinish(); +let src = "file_nonce_snapshot.sjs?load-frame"; +document.getElementById("testframe").src = src; + +</script> +</body> +</html>