browser_auth_spoofing_url_copy.js (3636B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const { UrlbarTestUtils } = ChromeUtils.importESModule( 7 "resource://testing-common/UrlbarTestUtils.sys.mjs" 8 ); 9 10 let TEST_PATH = getRootDirectory(gTestPath).replace( 11 "chrome://mochitests/content", 12 "https://example.com" 13 ); 14 15 let TEST_PATH_AUTH = getRootDirectory(gTestPath).replace( 16 "chrome://mochitests/content", 17 "https://example.org" 18 ); 19 20 const CROSS_DOMAIN_URL = TEST_PATH + "redirect-crossDomain.html"; 21 22 const AUTH_URL = TEST_PATH_AUTH + "auth-route.sjs"; 23 24 /** 25 * Opens a new tab with a url that redirects us cross domain 26 * tests that auth anti-spoofing mechanisms cover url copy while prompt is open 27 * 28 */ 29 async function trigger401AndHandle() { 30 await SpecialPowers.pushPrefEnv({ 31 set: [["privacy.authPromptSpoofingProtection", true]], 32 }); 33 let dialogShown = waitForDialogAndCopyURL(); 34 await BrowserTestUtils.withNewTab(CROSS_DOMAIN_URL, async function () { 35 await dialogShown; 36 }); 37 await new Promise(resolve => { 38 Services.clearData.deleteData( 39 Ci.nsIClearDataService.CLEAR_AUTH_CACHE, 40 resolve 41 ); 42 }); 43 } 44 45 async function waitForDialogAndCopyURL() { 46 await TestUtils.topicObserved("common-dialog-loaded"); 47 let dialog = gBrowser.getTabDialogBox(gBrowser.selectedBrowser) 48 ._tabDialogManager._topDialog; 49 let dialogDocument = dialog._frame.contentDocument; 50 51 //select the whole URL 52 gURLBar.focus(); 53 await SimpleTest.promiseClipboardChange(AUTH_URL, () => { 54 Assert.equal( 55 gURLBar.value, 56 UrlbarTestUtils.trimURL(AUTH_URL), 57 "url bar copy value set" 58 ); 59 gURLBar.select(); 60 goDoCommand("cmd_copy"); 61 }); 62 63 // select only part of the URL 64 gURLBar.focus(); 65 let endOfSelectionRange = 66 UrlbarTestUtils.trimURL(AUTH_URL).indexOf("/auth-route.sjs"); 67 68 let isProtocolTrimmed = AUTH_URL.startsWith( 69 UrlbarTestUtils.getTrimmedProtocolWithSlashes() 70 ); 71 await SimpleTest.promiseClipboardChange( 72 AUTH_URL.substring( 73 0, 74 endOfSelectionRange + 75 (isProtocolTrimmed 76 ? UrlbarTestUtils.getTrimmedProtocolWithSlashes().length 77 : 0) 78 ), 79 () => { 80 Assert.equal( 81 gURLBar.value, 82 UrlbarTestUtils.trimURL(AUTH_URL), 83 "url bar copy value set" 84 ); 85 gURLBar.selectionStart = 0; 86 gURLBar.selectionEnd = endOfSelectionRange; 87 goDoCommand("cmd_copy"); 88 } 89 ); 90 let onDialogClosed = BrowserTestUtils.waitForEvent( 91 window, 92 "DOMModalDialogClosed" 93 ); 94 dialogDocument.getElementById("commonDialog").cancelDialog(); 95 96 await onDialogClosed; 97 Assert.equal( 98 window.gURLBar.value, 99 UrlbarTestUtils.trimURL(CROSS_DOMAIN_URL), 100 "No location is provided by the prompt" 101 ); 102 103 //select the whole URL after URL is reset to normal 104 gURLBar.focus(); 105 await SimpleTest.promiseClipboardChange(CROSS_DOMAIN_URL, () => { 106 Assert.equal( 107 gURLBar.value, 108 UrlbarTestUtils.trimURL(CROSS_DOMAIN_URL), 109 "url bar copy value set" 110 ); 111 gURLBar.select(); 112 goDoCommand("cmd_copy"); 113 }); 114 } 115 116 /** 117 * Tests that the 401 auth spoofing mechanisms covers the url bar copy action properly, 118 * canceling the prompt 119 */ 120 add_task(async function testUrlCopy() { 121 SpecialPowers.pushPrefEnv({ 122 set: [ 123 ["browser.urlbar.trimHttps", false], 124 ["browser.urlbar.trimURLs", true], 125 ], 126 }); 127 await trigger401AndHandle(); 128 SpecialPowers.popPrefEnv(); 129 130 SpecialPowers.pushPrefEnv({ 131 set: [ 132 ["browser.urlbar.trimHttps", true], 133 ["browser.urlbar.trimURLs", true], 134 ], 135 }); 136 await trigger401AndHandle(); 137 });