test_child-src_worker.html (5425B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1045891</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <p id="display"></p> 11 <div id="content" style="visibility: hidden"> 12 </div> 13 14 <script class="testbody" type="text/javascript"> 15 /* 16 * Description of the test: 17 * We load a page with a given CSP and verify that child frames and workers are correctly 18 * evaluated through the "child-src" directive. 19 */ 20 21 SimpleTest.waitForExplicitFinish(); 22 23 var WORKER_TEST_FILE = "file_child-src_worker.html"; 24 var SERVICE_WORKER_TEST_FILE = "file_child-src_service_worker.html"; 25 var SHARED_WORKER_TEST_FILE = "file_child-src_shared_worker.html"; 26 27 var tests = { 28 'same-src-worker': { 29 id: "same-src-worker", 30 file: WORKER_TEST_FILE, 31 result : "allowed", 32 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888" 33 }, 34 'same-src-service_worker': { 35 id: "same-src-service_worker", 36 file: SERVICE_WORKER_TEST_FILE, 37 result : "allowed", 38 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888" 39 }, 40 'same-src-shared_worker': { 41 id: "same-src-shared_worker", 42 file: SHARED_WORKER_TEST_FILE, 43 result : "allowed", 44 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888" 45 }, 46 'star-src-worker': { 47 id: "star-src-worker", 48 file: WORKER_TEST_FILE, 49 result : "allowed", 50 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 51 }, 52 'star-src-service_worker': { 53 id: "star-src-service_worker", 54 file: SERVICE_WORKER_TEST_FILE, 55 result : "allowed", 56 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 57 }, 58 'star-src-shared_worker': { 59 id: "star-src-shared_worker", 60 file: SHARED_WORKER_TEST_FILE, 61 result : "allowed", 62 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 63 }, 64 'other-src-worker': { 65 id: "other-src-worker", 66 file: WORKER_TEST_FILE, 67 result : "blocked", 68 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org" 69 }, 70 'other-src-service_worker': { 71 id: "other-src-service_worker", 72 file: SERVICE_WORKER_TEST_FILE, 73 result : "blocked", 74 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org" 75 }, 76 'other-src-shared_worker': { 77 id: "other-src-shared_worker", 78 file: SHARED_WORKER_TEST_FILE, 79 result : "blocked", 80 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org" 81 }, 82 'script-src-worker': { 83 id: "script-src-worker", 84 file: WORKER_TEST_FILE, 85 result : "blocked", 86 policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'" 87 }, 88 'script-src-service_worker': { 89 id: "script-src-service_worker", 90 file: SERVICE_WORKER_TEST_FILE, 91 result : "blocked", 92 policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'" 93 }, 94 'script-src-self-shared_worker': { 95 id: "script-src-self-shared_worker", 96 file: SHARED_WORKER_TEST_FILE, 97 result : "blocked", 98 policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'" 99 }, 100 }; 101 102 finished = {}; 103 104 function recvMessage(ev) { 105 is(ev.data.message, tests[ev.data.id].result, "CSP child-src worker test " + ev.data.id); 106 finished[ev.data.id] = ev.data.message; 107 108 if (Object.keys(finished).length == Object.keys(tests).length) { 109 window.removeEventListener('message', recvMessage); 110 SimpleTest.finish(); 111 } 112 } 113 114 window.addEventListener('message', recvMessage); 115 116 function loadNextTest() { 117 for (item in tests) { 118 test = tests[item]; 119 var src = "file_testserver.sjs"; 120 // append the file that should be served 121 src += "?file=" + escape("tests/dom/security/test/csp/" + test.file); 122 // append the CSP that should be used to serve the file 123 src += "&csp=" + escape(test.policy); 124 // add our identifier 125 src += "#" + escape(test.id); 126 127 content = document.getElementById('content'); 128 testframe = document.createElement("iframe"); 129 testframe.setAttribute('id', test.id); 130 content.appendChild(testframe); 131 testframe.src = src; 132 } 133 } 134 135 onload = function() { 136 SpecialPowers.pushPrefEnv({"set": [ 137 ["dom.serviceWorkers.exemptFromPerDomainMax", true], 138 ["dom.serviceWorkers.enabled", true], 139 ["dom.serviceWorkers.testing.enabled", true], 140 ]}, loadNextTest); 141 }; 142 143 // start running the tests 144 //loadNextTest(); 145 </script> 146 </body> 147 </html>