content/base/test/csp/test_csp_report.html@6474c204b198
content/base/test/csp/test_csp_report.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE HTML>
2 <html>
3 <!--
4 https://bugzilla.mozilla.org/show_bug.cgi?id=548193
5 -->
6 <head>
7 <title>Test for Bug 548193</title>
8 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
9 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
10 </head>
11 <body>
12 <p id="display"></p>
13 <div id="content" style="display: none">
14 </div>
16 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
17 <script class="testbody" type="text/javascript">
18 // This is used to watch requests go out so we can see if the report is
19 // sent correctly
20 function examiner() {
21 SpecialPowers.addObserver(this, "http-on-opening-request", false);
22 }
23 examiner.prototype = {
24 observe: function(subject, topic, data) {
25 // subject should be an nsURI
26 if (!SpecialPowers.can_QI(subject))
27 return;
29 const reportURI = "http://mochi.test:8888/csp-report.cgi";
31 if (topic === "http-on-opening-request") {
32 var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
33 if (asciiSpec !== reportURI) return;
35 // Verify that the report was properly formatted.
36 // We'll parse the report text as JSON and verify that the properties
37 // have expected values.
38 var reportText = "{}";
39 try {
40 var uploadStream = SpecialPowers.wrap(SpecialPowers.do_QueryInterface(subject, "nsIUploadChannel")).uploadStream;
42 if (uploadStream) {
43 // get the bytes from the request body
44 var binstream = SpecialPowers.Cc["@mozilla.org/binaryinputstream;1"]
45 .createInstance(SpecialPowers.Ci.nsIBinaryInputStream);
46 binstream.setInputStream(uploadStream);
48 var segments = [];
49 for (var count = uploadStream.available(); count; count = uploadStream.available()) {
50 var data = binstream.readBytes(count);
51 segments.push(data);
52 }
54 var reportText = segments.join("");
55 // rewind stream as we are supposed to - there will be an assertion later if we don't.
56 SpecialPowers.do_QueryInterface(uploadStream, "nsISeekableStream").seek(SpecialPowers.Ci.nsISeekableStream.NS_SEEK_SET, 0);
57 }
58 }
59 catch(e) {}
61 var reportObj = JSON.parse(reportText);
63 // test for the proper values in the report object
64 window.checkResults(reportObj);
66 // finish up
67 window.examiner.remove();
68 SimpleTest.finish();
69 }
70 },
72 // remove the listener
73 remove: function() {
74 SpecialPowers.removeObserver(this, "http-on-opening-request");
75 }
76 }
78 // content file that triggers a violation report
79 var testFile = "file_csp_report.sjs";
81 window.checkResults = function(reportObj) {
82 var cspReport = reportObj["csp-report"];
83 // correct violating request
84 is(cspReport["document-uri"],
85 "http://mochi.test:8888/tests/content/base/test/csp/" + testFile,
86 "Incorrect violating request");
87 // correct blocked-uri
88 is(cspReport["blocked-uri"],
89 "http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png",
90 "Incorrect blocked uri");
91 // correct violated-directive
92 is(cspReport["violated-directive"], "default-src http://mochi.test:8888",
93 "Incorrect violated directive");
94 // not practical to test request-headers as header names and values will
95 // change with the trunk
96 }
98 window.examiner = new examiner();
100 SimpleTest.waitForExplicitFinish();
102 // load the resource which will generate a CSP violation report
103 document.getElementById("cspframe").src = testFile;
105 </script>
106 </pre>
107 </body>
108 </html>
