browser_webconsole_cspro.js (1740B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 /* We are loading: 5 a script that is allowed by the CSP header but not by the CSPRO header 6 an image which is allowed by the CSPRO header but not by the CSP header. 7 8 So we expect a warning (image has been blocked) and a report 9 (script should not load and was reported) 10 11 The expected console messages in the constants CSP_VIOLATION_MSG and 12 CSP_REPORT_MSG are confirmed to be found in the console messages. 13 14 See Bug 1010953. 15 */ 16 17 "use strict"; 18 19 const TEST_URI = 20 "data:text/html;charset=utf8,<!DOCTYPE html>Web Console CSP report only test"; 21 const TEST_VIOLATION = 22 "http://example.com/browser/devtools/client/webconsole/" + 23 "test/browser/test-cspro.html"; 24 25 const bundle = Services.strings.createBundle( 26 "chrome://global/locale/security/csp.properties" 27 ); 28 const CSP_VIOLATION_MSG = bundle.formatStringFromName("CSPGenericViolation", [ 29 "img-src 'self'", 30 "http://some.example.com/cspro.png", 31 "img-src", 32 ]); 33 const CSP_REPORT_MSG = bundle.formatStringFromName("CSPROScriptViolation", [ 34 "script-src 'self'", 35 "http://some.example.com/cspro.js", 36 "script-src-elem", 37 ]); 38 39 add_task(async function () { 40 const hud = await openNewTabAndConsole(TEST_URI); 41 42 const onCspViolationMessage = waitForMessageByType( 43 hud, 44 CSP_VIOLATION_MSG, 45 ".error" 46 ); 47 const onCspReportMessage = waitForMessageByType( 48 hud, 49 CSP_REPORT_MSG, 50 ".error" 51 ); 52 53 info("Load a page with CSP warnings."); 54 await navigateTo(TEST_VIOLATION); 55 56 await onCspViolationMessage; 57 await onCspReportMessage; 58 ok( 59 true, 60 "Confirmed that CSP and CSP-Report-Only log different messages to console" 61 ); 62 63 await clearOutput(hud); 64 });