test_worker_src.html (3260B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1302667 - Test worker-src</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe style="width:100%;" id="testframe"></iframe> 11 12 <script class="testbody" type="text/javascript"> 13 14 SimpleTest.waitForExplicitFinish(); 15 SimpleTest.requestLongerTimeout(3); 16 17 /* Description of the test: 18 * We load a page inlcuding a worker, a shared worker as well as a 19 * service worker with a CSP of: 20 * >> worker-src https://example.com; child-src 'none'; script-src 'nonce-foo' 21 * and make sure that worker-src governs these three kinds of workers correctly. 22 * In addition, we make sure that child-src as well as script-src is discarded 23 * in case worker-src is specified. Ideally we would use "script-src 'none'" but 24 * we have to allowlist the actual script that spawns the workers, hence the nonce. 25 */ 26 27 let ALLOWED_HOST = "https://example.com/tests/dom/security/test/csp/"; 28 let BLOCKED_HOST = "https://test1.example.com/tests/dom/security/test/csp/"; 29 30 let TESTS = [ 31 // allowed 32 ALLOWED_HOST + "file_worker_src_worker_governs.html", 33 ALLOWED_HOST + "file_worker_src_child_governs.html", 34 ALLOWED_HOST + "file_worker_src_script_governs.html", 35 // blocked 36 BLOCKED_HOST + "file_worker_src_worker_governs.html", 37 BLOCKED_HOST + "file_worker_src_child_governs.html", 38 BLOCKED_HOST + "file_worker_src_script_governs.html", 39 ]; 40 41 let numberSubTests = 3; // 1 web worker, 1 shared worker, 1 service worker 42 let subTestCounter = 0; // keeps track of how many 43 let testIndex = 0; 44 45 function checkFinish() { 46 subTestCounter = 0; 47 testIndex++; 48 if (testIndex < TESTS.length) { 49 runNextTest(); 50 return; 51 } 52 window.removeEventListener("message", receiveMessage); 53 SimpleTest.finish(); 54 } 55 56 window.addEventListener("message", receiveMessage); 57 function receiveMessage(event) { 58 let href = event.data.href; 59 let result = event.data.result; 60 61 if (href.startsWith("https://example.com")) { 62 if (result == "worker-allowed" || 63 result == "shared-worker-allowed" || 64 result == "service-worker-allowed") { 65 ok(true, "allowing worker from https://example.com (" + result + ")"); 66 } 67 else { 68 ok(false, "blocking worker from https://example.com (" + result + ")"); 69 } 70 } 71 else if (href.startsWith("https://test1.example.com")) { 72 if (result == "worker-blocked" || 73 result == "shared-worker-blocked" || 74 result == "service-worker-blocked") { 75 ok(true, "blocking worker from https://test1.example.com (" + result + ")"); 76 } 77 else { 78 ok(false, "allowing worker from https://test1.example.com (" + result + ")"); 79 } 80 } 81 else { 82 // sanity check, we should never enter that branch, bust just in case... 83 ok(false, "unexpected result: " + result); 84 } 85 subTestCounter++; 86 if (subTestCounter < numberSubTests) { 87 return; 88 } 89 checkFinish(); 90 } 91 92 function runNextTest() { 93 document.getElementById("testframe").src = TESTS[testIndex]; 94 } 95 96 SpecialPowers.pushPrefEnv({"set": [ 97 ["dom.serviceWorkers.enabled", true], 98 ["dom.serviceWorkers.testing.enabled", true], 99 ]}, function() { 100 runNextTest(); 101 }); 102 103 </script> 104 </body> 105 </html>