tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_xhr_forbidden_headers.html (2563B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=308484
      5 -->
      6 <head>
      7  <title>Test for Bug 308484</title>
      8  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      9  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
     10 </head>
     11 <body>
     12 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=308484">Mozilla Bug 308484</a>
     13 <p id="display"></p>
     14 <div id="content" style="display: none">
     15 
     16 </div>
     17 <pre id="test">
     18 <script class="testbody" type="text/javascript">
     19 
     20 /** Test for Bug 308484 */
     21 
     22 var headers = [
     23  "aCCept-chaRset",
     24  "acCePt-eNcoDing",
     25  "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD",
     26  "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs",
     27  "coNnEctIon",
     28  "coNtEnt-LEngth",
     29  "CoOKIe",
     30  "cOOkiE2",
     31  "DATE",
     32  "dNT",
     33  "exPeCt",
     34  "hOSt",
     35  "keep-alive",
     36  "oRiGiN",
     37  "reFERer",
     38  "te",
     39  "trAiLer",
     40  "trANsfEr-eNcoDiNg",
     41  "uPGraDe",
     42  "viA",
     43  "pRoxy-",
     44  "sEc-",
     45  "proxy-fOobar",
     46  "sec-bAZbOx"
     47 ];
     48 var i, request;
     49 
     50 function  startTest() {
     51  // Try setting headers in unprivileged context
     52  request = new XMLHttpRequest();
     53  request.open("GET", window.location.href);
     54  for (i = 0; i < headers.length; i++)
     55    request.setRequestHeader(headers[i], "test" + i);
     56  request.send(); // headers aren't set on the channel until send()
     57 
     58  // Read out headers
     59  channel = SpecialPowers.wrap(request).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannel);
     60  for (i = 0; i < headers.length; i++) {
     61    // Retrieving Content-Length will throw an exception
     62    value = null;
     63    try {
     64      value = channel.getRequestHeader(headers[i]);
     65    }
     66    catch(e) {}
     67 
     68    isnot(value, "test" + i, "Setting " + headers[i] + " header in unprivileged context");
     69  }
     70 
     71  // Try setting headers in privileged context
     72  request = new XMLHttpRequest({mozAnon: true, mozSystem: true});
     73  request.open("GET", window.location.href);
     74  for (i = 0; i < headers.length; i++)
     75    request.setRequestHeader(headers[i], `http://test${i}/`);
     76  request.send(); // headers aren't set on the channel until send()
     77 
     78  // Read out headers
     79  var channel = SpecialPowers.wrap(request).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannel);
     80  for (i = 0; i < headers.length; i++) {
     81    var value = channel.getRequestHeader(headers[i]);
     82    is(value, `http://test${i}/`, "Setting " + headers[i] + " header in privileged context");
     83  }
     84 
     85  SimpleTest.finish();
     86 }
     87 
     88 SimpleTest.waitForExplicitFinish();
     89 
     90 addLoadEvent(function() {
     91   SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], startTest);
     92 });
     93 </script>
     94 </pre>
     95 </body>
     96 </html>