Bug 1198397 - Add a test for interception of requests upgraded through the CSP upgrade-insecure-requests directive; r=jdm
authorEhsan Akhgari <ehsan@mozilla.com>
Sun, 04 Oct 2015 16:07:02 -0400
changeset 303551 831c479eb4217171fee1410247d17ab69d896ce7
parent 303550 db1ff61773234f17844f63c88cffd6e0a07611a6
child 303552 938c7a3c65e4875a1fb960c3a51c327e5cfee19f
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm
bugs1198397
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1198397 - Add a test for interception of requests upgraded through the CSP upgrade-insecure-requests directive; r=jdm
dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html
dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html^headers^
dom/workers/test/serviceworkers/fetch/upgrade-insecure/image-20px.png
dom/workers/test/serviceworkers/fetch/upgrade-insecure/image-40px.png
dom/workers/test/serviceworkers/fetch/upgrade-insecure/image.html
dom/workers/test/serviceworkers/fetch/upgrade-insecure/realindex.html
dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html
dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html
dom/workers/test/serviceworkers/fetch/upgrade-insecure/upgrade-insecure_test.js
dom/workers/test/serviceworkers/mochitest.ini
dom/workers/test/serviceworkers/test_csp_upgrade-insecure_intercept.html
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script>
+  window.onmessage = function(e) {
+    window.parent.postMessage(e.data, "*");
+    if (e.data.status == "protocol") {
+      document.querySelector("iframe").src = "image.html";
+    }
+  };
+</script>
+<iframe src="http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/index.html"></iframe>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..ae6a8a6b88403959c75efce931b0bf4293efc956
GIT binary patch
literal 87
zc%17D@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE;=oTrOph(&MmkMjpU%%3$Q@ydZf
kW_Mm0(}F7pCT1xxd^;`67yW*X5Ktw9r>mdKI;Vst0D!m{_W%F@
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..fe391dc8a2d797360651fe8cf77161a3fc891194
GIT binary patch
literal 123
zc%17D@N?(olHy`uVBq!ia0vp^8X(NU1|)m_?Z^dEPM$7~ArY-_&utWBP~c%$*z@jL
z8rOSWjTbX5i}z1sXJLKaupmKJKx7SbQ&Xu!zy>}Ju4{~r2dxw|BEXUllDQ?<M0xZq
S5i$mv#^CAd=d#Wzp$PyI1tgjP
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/image.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script>
+onload=function(){
+  var img = new Image();
+  img.src = "http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/image-20px.png";
+  img.onload = function() {
+    window.parent.postMessage({status: "image", data: img.width}, "*");
+  };
+  img.onerror = function() {
+    window.parent.postMessage({status: "image", data: "error"}, "*");
+  };
+};
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/realindex.html
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+  window.parent.postMessage({status: "protocol", data: location.protocol}, "*");
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script>
+  function ok(v, msg) {
+    window.parent.postMessage({status: "ok", result: !!v, message: msg}, "*");
+  }
+
+  function done(reg) {
+    ok(reg.active, "The active worker should be available.");
+    window.parent.postMessage({status: "registrationdone"}, "*");
+  }
+
+  navigator.serviceWorker.ready.then(done);
+  navigator.serviceWorker.register("upgrade-insecure_test.js", {scope: "."});
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<script>
+  navigator.serviceWorker.getRegistration(".").then(function(registration) {
+    registration.unregister().then(function(success) {
+      if (success) {
+        window.parent.postMessage({status: "unregistrationdone"}, "*");
+      }
+    }, function(e) {
+      dump("Unregistering the SW failed with " + e + "\n");
+    });
+  });
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/fetch/upgrade-insecure/upgrade-insecure_test.js
@@ -0,0 +1,11 @@
+self.addEventListener("fetch", function(event) {
+  if (event.request.url.indexOf("index.html") >= 0) {
+    event.respondWith(fetch("realindex.html"));
+  } else if (event.request.url.indexOf("image-20px.png") >= 0) {
+    if (event.request.url.indexOf("https://") == 0) {
+      event.respondWith(fetch("image-40px.png"));
+    } else {
+      event.respondWith(Response.error());
+    }
+  }
+});
--- a/dom/workers/test/serviceworkers/mochitest.ini
+++ b/dom/workers/test/serviceworkers/mochitest.ini
@@ -80,16 +80,25 @@ support-files =
   fetch/requesturl/requesturl_test.js
   fetch/requesturl/secret.html
   fetch/requesturl/unregister.html
   fetch/sandbox/index.html
   fetch/sandbox/intercepted_index.html
   fetch/sandbox/register.html
   fetch/sandbox/unregister.html
   fetch/sandbox/sandbox_test.js
+  fetch/upgrade-insecure/upgrade-insecure_test.js
+  fetch/upgrade-insecure/embedder.html
+  fetch/upgrade-insecure/embedder.html^headers^
+  fetch/upgrade-insecure/image.html
+  fetch/upgrade-insecure/image-20px.png
+  fetch/upgrade-insecure/image-40px.png
+  fetch/upgrade-insecure/realindex.html
+  fetch/upgrade-insecure/register.html
+  fetch/upgrade-insecure/unregister.html
   match_all_properties_worker.js
   match_all_clients/match_all_controlled.html
   test_serviceworker_interfaces.js
   serviceworker_wrapper.js
   message_receiver.html
   close_test.js
   serviceworker_not_sharedworker.js
   match_all_client/match_all_client_id.html
@@ -265,8 +274,10 @@ skip-if = toolkit == "android" || toolki
 [test_xslt.html]
 [test_escapedSlashes.html]
 [test_eventsource_intercept.html]
 [test_not_intercept_plugin.html]
 [test_file_blob_upload.html]
 [test_unresolved_fetch_interception.html]
 [test_hsts_upgrade_intercept.html]
 skip-if = e10s # Bug 1214305
+[test_csp_upgrade-insecure_intercept.html]
+skip-if = e10s # Bug 1214305
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/serviceworkers/test_csp_upgrade-insecure_intercept.html
@@ -0,0 +1,56 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test that a CSP upgraded request can be intercepted by a service worker</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content">
+<iframe></iframe>
+</div>
+<pre id="test"></pre>
+<script class="testbody" type="text/javascript">
+
+  var iframe;
+  function runTest() {
+    iframe = document.querySelector("iframe");
+    iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html";
+    window.onmessage = function(e) {
+      if (e.data.status == "ok") {
+        ok(e.data.result, e.data.message);
+      } else if (e.data.status == "registrationdone") {
+        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html";
+      } else if (e.data.status == "protocol") {
+        is(e.data.data, "https:", "Correct protocol expected");
+      } else if (e.data.status == "image") {
+        is(e.data.data, 40, "The image request was upgraded before interception");
+        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html";
+      } else if (e.data.status == "unregistrationdone") {
+        window.onmessage = null;
+        SimpleTest.finish();
+      }
+    };
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  onload = function() {
+    SpecialPowers.pushPrefEnv({"set": [
+      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+      ["dom.serviceWorkers.enabled", true],
+      ["dom.serviceWorkers.testing.enabled", true],
+      ["dom.serviceWorkers.interception.enabled", true],
+      // This is needed so that we can test upgrading a non-secure load inside an https iframe.
+      ["security.mixed_content.block_active_content", false],
+      ["security.mixed_content.block_display_content", false],
+    ]}, runTest);
+  };
+</script>
+</pre>
+</body>
+</html>