Bug 1367531: Update CSP frame ancestors test to make sure paths are ignored. r=dveditz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Tue, 06 Jun 2017 09:12:32 +0200
changeset 413019 ebc4d874b576956224e0b66ccb91658a9bf8b347
parent 413018 c4cbc063a8e72f5799157a5dd52138d3d465dbac
child 413020 b5195ecbebe63d1a72448636283040c5a16ee5d4
push id1490
push usermtabara@mozilla.com
push dateMon, 31 Jul 2017 14:08:16 +0000
treeherdermozilla-release@70e32e6bf15e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz
bugs1367531
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1367531: Update CSP frame ancestors test to make sure paths are ignored. r=dveditz
dom/security/test/csp/file_frameancestors_main.js
--- a/dom/security/test/csp/file_frameancestors_main.js
+++ b/dom/security/test/csp/file_frameancestors_main.js
@@ -4,17 +4,20 @@ function setupFrames() {
 
   var $ = function(v) { return document.getElementById(v); }
   var base = {
         self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
         a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
         b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
   };
 
-  var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
+  // In both cases (base.a, base.b) the path starts with /tests/. Let's make sure this
+  // path within the CSP policy is completely ignored when enforcing frame ancestors.
+  // To test this behavior we use /foo/ and /bar/ as dummy values for the path.
+  var host = { a: 'http://mochi.test:8888/foo/', b: 'http://example.com:80/bar/' };
 
   var innerframeuri = null;
   var elt = null;
 
   elt = $('aa_allow');
   elt.src = base.a + "?testid=aa_allow&internalframe=aa_a&csp=" +
             escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");