content/base/test/csp/test_csp_report.html@b8a032363ba2 (annotated)
content/base/test/csp/test_csp_report.html
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | <!DOCTYPE HTML> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <!-- |
| michael@0 | 4 | https://bugzilla.mozilla.org/show_bug.cgi?id=548193 |
| michael@0 | 5 | --> |
| michael@0 | 6 | <head> |
| michael@0 | 7 | <title>Test for Bug 548193</title> |
| michael@0 | 8 | <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> |
| michael@0 | 9 | <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> |
| michael@0 | 10 | </head> |
| michael@0 | 11 | <body> |
| michael@0 | 12 | <p id="display"></p> |
| michael@0 | 13 | <div id="content" style="display: none"> |
| michael@0 | 14 | </div> |
| michael@0 | 15 | |
| michael@0 | 16 | <iframe style="width:200px;height:200px;" id='cspframe'></iframe> |
| michael@0 | 17 | <script class="testbody" type="text/javascript"> |
| michael@0 | 18 | // This is used to watch requests go out so we can see if the report is |
| michael@0 | 19 | // sent correctly |
| michael@0 | 20 | function examiner() { |
| michael@0 | 21 | SpecialPowers.addObserver(this, "http-on-opening-request", false); |
| michael@0 | 22 | } |
| michael@0 | 23 | examiner.prototype = { |
| michael@0 | 24 | observe: function(subject, topic, data) { |
| michael@0 | 25 | // subject should be an nsURI |
| michael@0 | 26 | if (!SpecialPowers.can_QI(subject)) |
| michael@0 | 27 | return; |
| michael@0 | 28 | |
| michael@0 | 29 | const reportURI = "http://mochi.test:8888/csp-report.cgi"; |
| michael@0 | 30 | |
| michael@0 | 31 | if (topic === "http-on-opening-request") { |
| michael@0 | 32 | var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec"); |
| michael@0 | 33 | if (asciiSpec !== reportURI) return; |
| michael@0 | 34 | |
| michael@0 | 35 | // Verify that the report was properly formatted. |
| michael@0 | 36 | // We'll parse the report text as JSON and verify that the properties |
| michael@0 | 37 | // have expected values. |
| michael@0 | 38 | var reportText = "{}"; |
| michael@0 | 39 | try { |
| michael@0 | 40 | var uploadStream = SpecialPowers.wrap(SpecialPowers.do_QueryInterface(subject, "nsIUploadChannel")).uploadStream; |
| michael@0 | 41 | |
| michael@0 | 42 | if (uploadStream) { |
| michael@0 | 43 | // get the bytes from the request body |
| michael@0 | 44 | var binstream = SpecialPowers.Cc["@mozilla.org/binaryinputstream;1"] |
| michael@0 | 45 | .createInstance(SpecialPowers.Ci.nsIBinaryInputStream); |
| michael@0 | 46 | binstream.setInputStream(uploadStream); |
| michael@0 | 47 | |
| michael@0 | 48 | var segments = []; |
| michael@0 | 49 | for (var count = uploadStream.available(); count; count = uploadStream.available()) { |
| michael@0 | 50 | var data = binstream.readBytes(count); |
| michael@0 | 51 | segments.push(data); |
| michael@0 | 52 | } |
| michael@0 | 53 | |
| michael@0 | 54 | var reportText = segments.join(""); |
| michael@0 | 55 | // rewind stream as we are supposed to - there will be an assertion later if we don't. |
| michael@0 | 56 | SpecialPowers.do_QueryInterface(uploadStream, "nsISeekableStream").seek(SpecialPowers.Ci.nsISeekableStream.NS_SEEK_SET, 0); |
| michael@0 | 57 | } |
| michael@0 | 58 | } |
| michael@0 | 59 | catch(e) {} |
| michael@0 | 60 | |
| michael@0 | 61 | var reportObj = JSON.parse(reportText); |
| michael@0 | 62 | |
| michael@0 | 63 | // test for the proper values in the report object |
| michael@0 | 64 | window.checkResults(reportObj); |
| michael@0 | 65 | |
| michael@0 | 66 | // finish up |
| michael@0 | 67 | window.examiner.remove(); |
| michael@0 | 68 | SimpleTest.finish(); |
| michael@0 | 69 | } |
| michael@0 | 70 | }, |
| michael@0 | 71 | |
| michael@0 | 72 | // remove the listener |
| michael@0 | 73 | remove: function() { |
| michael@0 | 74 | SpecialPowers.removeObserver(this, "http-on-opening-request"); |
| michael@0 | 75 | } |
| michael@0 | 76 | } |
| michael@0 | 77 | |
| michael@0 | 78 | // content file that triggers a violation report |
| michael@0 | 79 | var testFile = "file_csp_report.sjs"; |
| michael@0 | 80 | |
| michael@0 | 81 | window.checkResults = function(reportObj) { |
| michael@0 | 82 | var cspReport = reportObj["csp-report"]; |
| michael@0 | 83 | // correct violating request |
| michael@0 | 84 | is(cspReport["document-uri"], |
| michael@0 | 85 | "http://mochi.test:8888/tests/content/base/test/csp/" + testFile, |
| michael@0 | 86 | "Incorrect violating request"); |
| michael@0 | 87 | // correct blocked-uri |
| michael@0 | 88 | is(cspReport["blocked-uri"], |
| michael@0 | 89 | "http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png", |
| michael@0 | 90 | "Incorrect blocked uri"); |
| michael@0 | 91 | // correct violated-directive |
| michael@0 | 92 | is(cspReport["violated-directive"], "default-src http://mochi.test:8888", |
| michael@0 | 93 | "Incorrect violated directive"); |
| michael@0 | 94 | // not practical to test request-headers as header names and values will |
| michael@0 | 95 | // change with the trunk |
| michael@0 | 96 | } |
| michael@0 | 97 | |
| michael@0 | 98 | window.examiner = new examiner(); |
| michael@0 | 99 | |
| michael@0 | 100 | SimpleTest.waitForExplicitFinish(); |
| michael@0 | 101 | |
| michael@0 | 102 | // load the resource which will generate a CSP violation report |
| michael@0 | 103 | document.getElementById("cspframe").src = testFile; |
| michael@0 | 104 | |
| michael@0 | 105 | </script> |
| michael@0 | 106 | </pre> |
| michael@0 | 107 | </body> |
| michael@0 | 108 | </html> |
