Bug 1208559 - Tests. r=bholley
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Sun, 18 Oct 2015 19:37:40 -0700
changeset 303511 e2e497ed4a5ceaec54f2b97ef3504153e8760816
parent 303510 b7ee07e45847284efc61ff41a71ddb674883296f
child 303512 dd458f2077e8ec30643b4bf10310c00790cfa970
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1208559
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1208559 - Tests. r=bholley
dom/security/test/csp/file_service_worker.html
dom/security/test/csp/file_service_worker.js
dom/security/test/csp/mochitest.ini
dom/security/test/csp/test_service_worker.html
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_service_worker.html
@@ -0,0 +1,19 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1208559 - ServiceWorker registration not governed by CSP</title>
+</head>
+<body>
+<script>
+  function finish(status) {
+    window.parent.postMessage({result: status}, "*");
+  }
+
+  navigator.serviceWorker.ready.then(finish.bind(null, 'allowed'),
+                                     finish.bind(null, 'blocked'));
+  navigator.serviceWorker
+           .register("file_service_worker.js", {scope: "."})
+           .then(null, finish.bind(null, 'blocked'));
+  </script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_service_worker.js
@@ -0,0 +1,1 @@
+dump("service workers: hello world");
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -125,16 +125,18 @@ support-files =
   file_upgrade_insecure_reporting_server.sjs
   file_upgrade_insecure_referrer.html
   file_upgrade_insecure_referrer_server.sjs
   file_upgrade_insecure_cors.html
   file_upgrade_insecure_cors_server.sjs
   file_report_for_import.css
   file_report_for_import.html
   file_report_for_import_server.sjs
+  file_service_worker.html
+  file_service_worker.js
 
 [test_base-uri.html]
 [test_blob_data_schemes.html]
 [test_connect-src.html]
 [test_CSP.html]
 [test_allow_https_schemes.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_bug663567.html]
@@ -192,8 +194,10 @@ skip-if = buildapp == 'b2g' || buildapp 
 skip-if = buildapp == 'b2g' || buildapp == 'mulet' || toolkit == 'gonk' || toolkit == 'android'
 [test_upgrade_insecure_referrer.html]
 skip-if = buildapp == 'b2g' || buildapp == 'mulet' || toolkit == 'gonk' || toolkit == 'android'
 [test_upgrade_insecure_cors.html]
 skip-if = buildapp == 'b2g' || buildapp == 'mulet' || toolkit == 'gonk' || toolkit == 'android'
 [test_report_for_import.html]
 [test_blocked_uri_in_reports.html]
 skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observer not supported in child process (bug 1009632)
+[test_service_worker.html]
+skip-if = buildapp == 'b2g' #no ssl support
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/test_service_worker.html
@@ -0,0 +1,62 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1208559 - ServiceWorker registration not governed by CSP</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * Spawning a worker from https://example.com but script-src is 'test1.example.com'
+ * CSP is not consulted
+ */
+SimpleTest.waitForExplicitFinish();
+
+var tests = [
+  {
+    policy: "default-src 'self'; script-src test1.example.com 'unsafe-inline'",
+    expected: "blocked"
+  },
+];
+
+var counter = 0;
+var curTest;
+
+window.addEventListener("message", receiveMessage, false);
+function receiveMessage(event) {
+  is(event.data.result, curTest.expected, "Should be (" + curTest.expected + ") in Test " + counter + "!");
+  loadNextTest();
+}
+
+onload = function() {
+  SpecialPowers.pushPrefEnv({"set": [
+    ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+    ["dom.serviceWorkers.interception.enabled", true],
+    ["dom.serviceWorkers.enabled", true],
+    ["dom.serviceWorkers.testing.enabled", true],
+    ["dom.caches.enabled", true]
+  ]}, loadNextTest);
+}
+
+function loadNextTest() {
+  if (counter == tests.length) {
+    SimpleTest.finish();
+    return;
+  }
+  curTest = tests[counter++];
+  var src = "https://example.com/tests/dom/security/test/csp/file_testserver.sjs";
+  // append the file that should be served
+  src += "?file=" + escape("tests/dom/security/test/csp/file_service_worker.html");
+  // append the CSP that should be used to serve the file
+  src += "&csp=" + escape(curTest.policy);
+  document.getElementById("testframe").src = src;
+}
+
+</script>
+</body>
+</html>