tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_iframe_history_manipulation.html (2448B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1648825 - Fetch Metadata Headers contain invalid value for Sec-Fetch-Site for history manipulation</title>
      5  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 
     10 <body>
     11 
     12 <script class="testbody" type="text/javascript">
     13 
     14 const REQUEST_PATH = 'tests/dom/security/test/sec-fetch/file_no_cache.sjs'
     15 let sendHome = true;
     16 let testCounter = 0;
     17 let testFrame;
     18 
     19 var script = SpecialPowers.loadChromeScript(() => {
     20  /* eslint-env mozilla/chrome-script */
     21  Services.obs.addObserver(function onExamResp(subject) {
     22    let channel = subject.QueryInterface(Ci.nsIHttpChannel);
     23    info("request observed: " + channel.URI.spec);
     24    if (!channel.URI.spec.startsWith("https://example.org")) {
     25      return;
     26    }
     27    let headerPresent = false;
     28    try {
     29      is(channel.getRequestHeader("Sec-Fetch-Site"), "cross-site", "testing sec-fetch-site is cross-site");
     30 
     31      // This should fail and cause the catch clause to be executed.
     32      channel.getRequestHeader("Sec-Fetch-User");
     33      headerPresent = true;
     34    } catch (e) {
     35      headerPresent = false;
     36    }
     37 
     38    ok(!headerPresent, "testing sec-fetch-user header is not set");
     39 
     40    sendAsyncMessage("test-pass");
     41  }, "http-on-stop-request");
     42 });
     43 
     44 script.addMessageListener("test-pass", () => {
     45  testCounter++;
     46  if(testCounter == 2) {
     47    SimpleTest.finish();
     48  }
     49 }); 
     50 
     51 window.addEventListener("message", function (event) {
     52  iframeAction(event.data.test);
     53 });
     54 
     55 function iframeAction(test) {
     56  info("received message " + test);
     57 
     58  switch (test) {
     59    case 'test':
     60      testFrame.contentWindow.location  = `https://example.org/${REQUEST_PATH}?test#bypass`;
     61      if(sendHome) {
     62        // We need to send the message manually here because there is no request send to the server.
     63        window.postMessage({test: "home"}, "*");
     64        sendHome = false;
     65      }
     66 
     67      break;
     68    case 'home':
     69      testFrame.contentWindow.location  = `/${REQUEST_PATH}?back`;
     70      break;
     71    case 'back':
     72      testFrame.contentWindow.history.back();
     73      break;
     74  }
     75 }
     76 
     77 SimpleTest.waitForExplicitFinish();
     78 
     79 testFrame = document.createElement('iframe');
     80 testFrame.src = `https://example.org/${REQUEST_PATH}?test`;
     81 onload = () => setTimeout(() => document.body.appendChild(testFrame), 0);
     82 
     83 </script>
     84 </body>
     85 </html>