browser_external_loads.js (4860B)
1 "use strict"; 2 3 const TEST_PATH = getRootDirectory(gTestPath).replace( 4 "chrome://mochitests/content", 5 "https://example.com" 6 ); 7 8 var gExpectedHeader = {}; 9 10 function checkSecFetchUser(subject) { 11 let channel = subject.QueryInterface(Ci.nsIHttpChannel); 12 if (!channel.URI.spec.startsWith("https://example.com")) { 13 return; 14 } 15 16 info(`testing headers for load of ${channel.URI.spec}`); 17 18 const secFetchHeaders = [ 19 "sec-fetch-mode", 20 "sec-fetch-dest", 21 "sec-fetch-user", 22 "sec-fetch-site", 23 ]; 24 25 secFetchHeaders.forEach(header => { 26 const expectedValue = gExpectedHeader[header]; 27 try { 28 is( 29 channel.getRequestHeader(header), 30 expectedValue, 31 `${header} is set to ${expectedValue}` 32 ); 33 } catch (e) { 34 if (expectedValue) { 35 ok(false, `${header} should be set`); 36 } else { 37 ok(true, `${header} should not be set`); 38 } 39 } 40 }); 41 } 42 43 add_task(async function external_load() { 44 waitForExplicitFinish(); 45 Services.obs.addObserver(checkSecFetchUser, "http-on-stop-request"); 46 47 let headersChecked = new Promise(resolve => { 48 let reqStopped = async () => { 49 Services.obs.removeObserver(reqStopped, "http-on-stop-request"); 50 resolve(); 51 }; 52 Services.obs.addObserver(reqStopped, "http-on-stop-request"); 53 }); 54 55 // System fetch. Shouldn't use Sec- headers for that. 56 gExpectedHeader = { 57 "sec-fetch-site": null, 58 "sec-fetch-mode": null, 59 "sec-fetch-dest": null, 60 "sec-fetch-user": null, 61 }; 62 await window.fetch(`${TEST_PATH}file_dummy_link.html?sysfetch`); 63 await headersChecked; 64 65 // Simulate an external load in the *current* window with 66 // Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL and the system principal. 67 gExpectedHeader = { 68 "sec-fetch-site": "none", 69 "sec-fetch-mode": "navigate", 70 "sec-fetch-dest": "document", 71 "sec-fetch-user": "?1", 72 }; 73 74 let loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); 75 window.browserDOMWindow.openURI( 76 makeURI(`${TEST_PATH}file_dummy_link.html`), 77 null, 78 Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, 79 Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL, 80 Services.scriptSecurityManager.getSystemPrincipal() 81 ); 82 await loaded; 83 84 // Open a link in a *new* window through the context menu. 85 gExpectedHeader = { 86 "sec-fetch-site": "same-origin", 87 "sec-fetch-mode": "navigate", 88 "sec-fetch-dest": "document", 89 "sec-fetch-user": "?1", 90 }; 91 92 loaded = BrowserTestUtils.waitForNewWindow({ 93 url: `${TEST_PATH}file_dummy_link_location.html`, 94 }); 95 BrowserTestUtils.waitForEvent(document, "popupshown", false, event => { 96 document.getElementById("context-openlink").doCommand(); 97 event.target.hidePopup(); 98 return true; 99 }); 100 BrowserTestUtils.synthesizeMouseAtCenter( 101 "#dummylink", 102 { type: "contextmenu", button: 2 }, 103 gBrowser.selectedBrowser 104 ); 105 106 let win = await loaded; 107 win.close(); 108 109 // Simulate an external load in a *new* window with 110 // Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL and the system principal. 111 gExpectedHeader = { 112 "sec-fetch-site": "none", 113 "sec-fetch-mode": "navigate", 114 "sec-fetch-dest": "document", 115 "sec-fetch-user": "?1", 116 }; 117 118 loaded = BrowserTestUtils.waitForNewWindow({ 119 url: "https://example.com/newwindow", 120 }); 121 window.browserDOMWindow.openURI( 122 makeURI("https://example.com/newwindow"), 123 null, 124 Ci.nsIBrowserDOMWindow.OPEN_NEWWINDOW, 125 Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL, 126 Services.scriptSecurityManager.getSystemPrincipal() 127 ); 128 win = await loaded; 129 win.close(); 130 131 // Open a *new* window through window.open without user activation. 132 gExpectedHeader = { 133 "sec-fetch-site": "same-origin", 134 "sec-fetch-mode": "navigate", 135 "sec-fetch-dest": "document", 136 }; 137 138 loaded = BrowserTestUtils.waitForNewWindow({ 139 url: "https://example.com/windowopen", 140 }); 141 await SpecialPowers.spawn(gBrowser.selectedBrowser, [], () => { 142 content.window.open( 143 "https://example.com/windowopen", 144 "_blank", 145 "height=500,width=500" 146 ); 147 }); 148 win = await loaded; 149 win.close(); 150 151 // Open a *new* window through window.open with user activation. 152 gExpectedHeader = { 153 "sec-fetch-site": "same-origin", 154 "sec-fetch-mode": "navigate", 155 "sec-fetch-dest": "document", 156 "sec-fetch-user": "?1", 157 }; 158 159 loaded = BrowserTestUtils.waitForNewWindow({ 160 url: "https://example.com/windowopen_withactivation", 161 }); 162 await SpecialPowers.spawn(gBrowser.selectedBrowser, [], () => { 163 content.document.notifyUserGestureActivation(); 164 content.window.open( 165 "https://example.com/windowopen_withactivation", 166 "_blank", 167 "height=500,width=500" 168 ); 169 content.document.clearUserGestureActivation(); 170 }); 171 win = await loaded; 172 win.close(); 173 174 Services.obs.removeObserver(checkSecFetchUser, "http-on-stop-request"); 175 finish(); 176 });