tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_allowedDomainsXHR.js (4491B)

      1 const { HttpServer } = ChromeUtils.importESModule("resource://testing-common/httpd.sys.mjs");
      2 
      3 var httpserver = new HttpServer();
      4 var httpserver2 = new HttpServer();
      5 var httpserver3 = new HttpServer();
      6 var testpath = "/simple";
      7 var redirectpath = "/redirect";
      8 var negativetestpath = "/negative";
      9 var httpbody = "<?xml version='1.0' ?><root>0123456789</root>";
     10 
     11 var sb = Cu.Sandbox(["http://www.example.com",
     12                     "http://localhost:4444/redirect",
     13                     "http://localhost:4444/simple",
     14                     "http://localhost:4446/redirect"],
     15                     { wantGlobalProperties: ["XMLHttpRequest"] });
     16 
     17 function createXHR(loc, async)
     18 {
     19  var xhr = new XMLHttpRequest();
     20  xhr.open("GET", "http://localhost:" + loc, async);
     21  return xhr;
     22 }
     23 
     24 function checkResults(xhr)
     25 {
     26  if (xhr.readyState != 4)
     27    return false;
     28 
     29  equal(xhr.status, 200);
     30  equal(xhr.responseText, httpbody);
     31 
     32  var root_node = xhr.responseXML.getElementsByTagName('root').item(0);
     33  equal(root_node.firstChild.data, "0123456789");
     34  return true;
     35 }
     36 
     37 var httpServersClosed = 0;
     38 function finishIfDone()
     39 {
     40  if (++httpServersClosed == 3)
     41    do_test_finished();
     42 }
     43 
     44 function run_test()
     45 {
     46  do_get_profile();
     47  do_test_pending();
     48 
     49  httpserver.registerPathHandler(testpath, serverHandler);
     50  httpserver.registerPathHandler(redirectpath, redirectHandler1);
     51  httpserver.start(4444);
     52 
     53  httpserver2.registerPathHandler(negativetestpath, serverHandler);
     54  httpserver2.start(4445);
     55 
     56  httpserver3.registerPathHandler(redirectpath, redirectHandler2);
     57  httpserver3.start(4446);
     58 
     59  // Test sync XHR sending
     60  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
     61  var res = Cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
     62  Assert.ok(checkResults(res));
     63 
     64  var principal = res.responseXML.nodePrincipal;
     65  Assert.ok(principal.isContentPrincipal);
     66  var requestURL = "http://localhost:4444/redirect";
     67  Assert.equal(principal.spec, requestURL);
     68 
     69  // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
     70  try {
     71    Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
     72    var res = Cu.evalInSandbox('var sync = createXHR("4445/negative"); sync.send(null); sync', sb);
     73    Assert.equal(false, true, "XHR created from sandbox should not have chrome caps");
     74  } catch (e) {
     75    Assert.ok(true);
     76  }
     77 
     78  // Test redirect handling.
     79  // This request bounces to server 2 and then back to server 1.  Neither of
     80  // these servers support CORS, but if the expanded principal is used as the
     81  // triggering principal, this should work.
     82  Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
     83  var res = Cu.evalInSandbox('var sync = createXHR("4444/redirect"); sync.send(null); sync', sb);
     84  Assert.ok(checkResults(res));
     85 
     86  var principal = res.responseXML.nodePrincipal;
     87  Assert.ok(principal.isContentPrincipal);
     88  var requestURL = "http://localhost:4444/redirect";
     89  Assert.equal(principal.spec, requestURL);
     90 
     91  httpserver2.stop(finishIfDone);
     92  httpserver3.stop(finishIfDone);
     93 
     94  // Test async XHR sending
     95  sb.finish = function(){
     96    httpserver.stop(finishIfDone);
     97  }
     98 
     99  // We want to execute checkResults from the scope of the sandbox as well to
    100  // make sure that there are no permission errors related to nsEP. For that
    101  // we need to clone the function into the sandbox and make a few things
    102  // available for it.
    103  Cu.evalInSandbox('var checkResults = ' + checkResults.toSource(), sb);
    104  sb.equal = equal;
    105  sb.httpbody = httpbody;
    106 
    107  function changeListener(event) {
    108    if (checkResults(async))
    109      finish();
    110  }
    111 
    112  var async = Cu.evalInSandbox('var async = createXHR("4444/simple", true);' +
    113                               'async.addEventListener("readystatechange", ' +
    114                                                       changeListener.toString() + ', false);' +
    115                               'async', sb);
    116  async.send(null);
    117 }
    118 
    119 function serverHandler(request, response)
    120 {
    121  response.setHeader("Content-Type", "text/xml", false);
    122  response.bodyOutputStream.write(httpbody, httpbody.length);
    123 }
    124 
    125 function redirectHandler1(request, response)
    126 {
    127  response.setStatusLine(request.httpVersion, 302, "Found");
    128  response.setHeader("Location", "http://localhost:4446/redirect", false);
    129 }
    130 
    131 function redirectHandler2(request, response)
    132 {
    133  response.setStatusLine(request.httpVersion, 302, "Found");
    134  response.setHeader("Location", "http://localhost:4444/simple", false);
    135 }