tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_reporting_api_disabled.html (2642B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1922967 - Check `report-uri` is used when Reporting API is enabled regardless the existence of `report-to`</title>
      5  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 
     11 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
     12 <script class="testbody" type="text/javascript">
     13 
     14 SimpleTest.waitForExplicitFinish();
     15 
     16 /* Description of the test:
     17 * This test reuses the setup from test_blocked_uri_in_reports.html.
     18 * The only differences is we provide `report-to` directive while Reporting API
     19 * is disabled.
     20 * We want to test `report-uri` still works if Reporting API is disabled.
     21 */
     22 
     23 const reportURI = "http://mochi.test:8888/foo.sjs";
     24 // Note that both `report-to` and `reprot-uri` are provided.
     25 const policy = "report-to csp-group; script-src http://example.com; report-uri " + reportURI;
     26 const testfile = "tests/dom/security/test/csp/file_path_matching_redirect.html";
     27 
     28 var chromeScriptUrl = SimpleTest.getTestFileURL("file_report_chromescript.js");
     29 var script = SpecialPowers.loadChromeScript(chromeScriptUrl);
     30 
     31 script.addMessageListener('opening-request-completed', function ml(msg) {
     32  if (msg.error) {
     33    ok(false, "Could not query report (exception: " + msg.error + ")");
     34  } else {
     35    try {
     36      var reportObj = JSON.parse(msg.report);
     37    } catch (e) {
     38      ok(false, "Could not parse JSON (exception: " + e + ")");
     39    }
     40    try {
     41      var cspReport = reportObj["csp-report"];
     42      // blocked-uri should only be the asciiHost instead of:
     43      // http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js
     44      // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     45      is(cspReport["blocked-uri"], "http://example.com/tests/dom/security/test/csp/file_path_matching_redirect_server.sjs", "Incorrect blocked-uri");
     46    } catch (e) {
     47      ok(false, "Could not query report (exception: " + e + ")");
     48    }
     49  }
     50 
     51  script.removeMessageListener('opening-request-completed', ml);
     52  script.sendAsyncMessage("finish");
     53  SimpleTest.finish();
     54 });
     55 
     56 SimpleTest.waitForExplicitFinish();
     57 
     58 function runTest() {
     59  var src = "file_testserver.sjs";
     60  // append the file that should be served
     61  src += "?file=" + escape(testfile);
     62  // append the CSP that should be used to serve the file
     63  src += "&csp=" + escape(policy);
     64 
     65  document.getElementById("cspframe").src = src;
     66 }
     67 
     68 SpecialPowers.pushPrefEnv({
     69  set: [
     70    ["dom.reporting.enabled", false],
     71  ],
     72 }, runTest);
     73 
     74 </script>
     75 </body>
     76 </html>