tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_net_block-csp.js (2989B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 /**
      7 * Test that CSP violations display in the netmonitor when blocked
      8 */
      9 
     10 add_task(async function () {
     11  info("Test requests blocked by CSP in the top level document");
     12  await testRequestsBlockedByCSP(
     13    HTTPS_EXAMPLE_URL,
     14    HTTPS_EXAMPLE_URL + "html_csp-test-page.html"
     15  );
     16 
     17  // The html_csp-frame-test-page.html (in the .com domain) includes
     18  // an iframe from the .org domain
     19  info("Test requests blocked by CSP in remote frames");
     20  await testRequestsBlockedByCSP(
     21    HTTPS_EXAMPLE_ORG_URL,
     22    HTTPS_EXAMPLE_URL + "html_csp-frame-test-page.html"
     23  );
     24 });
     25 
     26 async function testRequestsBlockedByCSP(baseUrl, page) {
     27  const { monitor } = await initNetMonitor(page, { requestCount: 3 });
     28 
     29  const { document, store, windowRequire } = monitor.panelWin;
     30  const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
     31  const { getDisplayedRequests } = windowRequire(
     32    "devtools/client/netmonitor/src/selectors/index"
     33  );
     34 
     35  const scriptFileName = "js_websocket-worker-test.js";
     36  const styleFileName = "internal-loaded.css";
     37 
     38  store.dispatch(Actions.batchEnable(false));
     39 
     40  const wait = waitForNetworkEvents(monitor, 3);
     41  await reloadBrowser();
     42  info("Waiting until the requests appear in netmonitor");
     43  await wait;
     44 
     45  const displayedRequests = getDisplayedRequests(store.getState());
     46 
     47  const styleRequest = displayedRequests.find(request =>
     48    request.url.includes(styleFileName)
     49  );
     50 
     51  info("Ensure the attempt to load a CSS file shows a blocked CSP error");
     52 
     53  await verifyRequestItemTarget(
     54    document,
     55    displayedRequests,
     56    styleRequest,
     57    "GET",
     58    baseUrl + styleFileName,
     59    {
     60      transferred: "CSP",
     61      cause: { type: "stylesheet" },
     62      type: "",
     63    }
     64  );
     65 
     66  const scriptRequest = displayedRequests.find(request =>
     67    request.url.includes(scriptFileName)
     68  );
     69 
     70  info("Test that the attempt to load a JS file shows a blocked CSP error");
     71 
     72  await verifyRequestItemTarget(
     73    document,
     74    displayedRequests,
     75    scriptRequest,
     76    "GET",
     77    baseUrl + scriptFileName,
     78    {
     79      transferred: "CSP",
     80      cause: { type: "script" },
     81      type: "",
     82    }
     83  );
     84 
     85  info("Test that header infomation is available for blocked CSP requests");
     86 
     87  const requestEl = document.querySelector(
     88    `.requests-list-column[title*="${scriptFileName}"]`
     89  ).parentNode;
     90 
     91  const waitForHeadersPanel = waitUntil(() =>
     92    document.querySelector("#headers-panel .panel-container")
     93  );
     94  clickElement(requestEl, monitor);
     95  await waitForHeadersPanel;
     96 
     97  ok(
     98    document.querySelector(".headers-overview"),
     99    "There is request overview details"
    100  );
    101  ok(
    102    document.querySelector(".accordion #requestHeaders"),
    103    "There is request header information"
    104  );
    105  ok(
    106    !document.querySelector(".accordion #responseHeaders"),
    107    "There is no response header information"
    108  );
    109 
    110  await teardown(monitor);
    111 }