browser_cross_process_csp_inheritance.js (4063B)
1 /* Any copyright is dedicated to the Public Domain. 2 http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const TEST_PATH = getRootDirectory(gTestPath).replace( 7 "chrome://mochitests/content", 8 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 9 "http://example.com" 10 ); 11 const TEST_URI = TEST_PATH + "file_cross_process_csp_inheritance.html"; 12 const DATA_URI = 13 "data:text/html,<html>test-same-diff-process-csp-inhertiance</html>"; 14 15 const FISSION_ENABLED = SpecialPowers.useRemoteSubframes; 16 17 function getCurrentPID(aBrowser) { 18 return SpecialPowers.spawn(aBrowser, [], () => { 19 return Services.appinfo.processID; 20 }); 21 } 22 23 function getCurrentURI(aBrowser) { 24 return SpecialPowers.spawn(aBrowser, [], () => { 25 let channel = content.docShell.currentDocumentChannel; 26 return channel.URI.asciiSpec; 27 }); 28 } 29 30 function verifyResult( 31 aTestName, 32 aBrowser, 33 aDataURI, 34 aPID, 35 aSamePID, 36 aFissionEnabled 37 ) { 38 return SpecialPowers.spawn( 39 aBrowser, 40 [{ aTestName, aDataURI, aPID, aSamePID, aFissionEnabled }], 41 async function ({ aTestName, aDataURI, aPID, aSamePID, aFissionEnabled }) { 42 // sanity, to make sure the correct URI was loaded 43 let channel = content.docShell.currentDocumentChannel; 44 is( 45 channel.URI.asciiSpec, 46 aDataURI, 47 aTestName + ": correct data uri loaded" 48 ); 49 50 // check that the process ID is the same/different when opening the new tab 51 let pid = Services.appinfo.processID; 52 if (aSamePID) { 53 is(pid, aPID, aTestName + ": process ID needs to be identical"); 54 } else if (aFissionEnabled) { 55 // TODO: Fission discards dom.noopener.newprocess.enabled and puts 56 // data: URIs in the same process. Unfortunately todo_isnot is not 57 // defined in that scope, hence we have to use a workaround. 58 todo( 59 false, 60 pid == aPID, 61 ": process ID needs to be different in fission" 62 ); 63 } else { 64 isnot(pid, aPID, aTestName + ": process ID needs to be different"); 65 } 66 67 // finally, evaluate that the CSP was set. 68 let cspOBJ = JSON.parse(content.document.cspJSON); 69 let policies = cspOBJ["csp-policies"]; 70 is(policies.length, 1, "should be one policy"); 71 let policy = policies[0]; 72 is( 73 policy["script-src"], 74 "'none'", 75 aTestName + ": script-src directive matches" 76 ); 77 } 78 ); 79 } 80 81 async function simulateCspInheritanceForNewTab(aTestName, aSamePID) { 82 await BrowserTestUtils.withNewTab(TEST_URI, async function () { 83 // do some sanity checks 84 let currentURI = await getCurrentURI(gBrowser.selectedBrowser); 85 is(currentURI, TEST_URI, aTestName + ": correct test uri loaded"); 86 87 let pid = await getCurrentPID(gBrowser.selectedBrowser); 88 let loadPromise = BrowserTestUtils.waitForNewTab(gBrowser, DATA_URI, true); 89 // simulate click 90 BrowserTestUtils.synthesizeMouseAtCenter( 91 "#testLink", 92 {}, 93 gBrowser.selectedBrowser 94 ); 95 let tab = await loadPromise; 96 gBrowser.selectTabAtIndex(2); 97 await verifyResult( 98 aTestName, 99 gBrowser.selectedBrowser, 100 DATA_URI, 101 pid, 102 aSamePID, 103 FISSION_ENABLED 104 ); 105 await BrowserTestUtils.removeTab(tab); 106 }); 107 } 108 109 add_task(async function test_csp_inheritance_diff_process() { 110 // forcing the new data: URI load to happen in a *new* process by flipping the pref 111 // to force <a rel="noopener" ...> to be loaded in a new process. 112 await SpecialPowers.pushPrefEnv({ 113 set: [["dom.noopener.newprocess.enabled", true]], 114 }); 115 await simulateCspInheritanceForNewTab("diff-process-inheritance", false); 116 }); 117 118 add_task(async function test_csp_inheritance_same_process() { 119 // forcing the new data: URI load to happen in a *same* process by resetting the pref 120 // and loaded <a rel="noopener" ...> in the *same* process. 121 await SpecialPowers.pushPrefEnv({ 122 set: [["dom.noopener.newprocess.enabled", false]], 123 }); 124 await simulateCspInheritanceForNewTab("same-process-inheritance", true); 125 });