tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_103_csp_images.js (4768B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 "use strict";
      6 
      7 Services.prefs.setBoolPref("network.early-hints.enabled", true);
      8 
      9 // This verifies hints, requests server-side and client-side that the image actually loaded
     10 async function test_image_preload_hint_request_loaded(
     11  input,
     12  expected_results,
     13  image_should_load
     14 ) {
     15  // reset the count
     16  let headers = new Headers();
     17  headers.append("X-Early-Hint-Count-Start", "");
     18  await fetch(
     19    "https://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs",
     20    { headers }
     21  );
     22 
     23  let requestUrl = `https://example.com/browser/netwerk/test/browser/early_hint_csp_options_html.sjs?as=${
     24    input.resource_type
     25  }&hinted=${input.hinted ? "1" : "0"}${input.csp ? "&csp=" + input.csp : ""}${
     26    input.csp_in_early_hint
     27      ? "&csp_in_early_hint=" + input.csp_in_early_hint
     28      : ""
     29  }${input.host ? "&host=" + input.host : ""}`;
     30 
     31  console.log("requestUrl: " + requestUrl);
     32 
     33  await BrowserTestUtils.withNewTab(
     34    {
     35      gBrowser,
     36      url: requestUrl,
     37      waitForLoad: true,
     38    },
     39    async function (browser) {
     40      let imageLoaded = await ContentTask.spawn(browser, [], function () {
     41        let image = content.document.getElementById("test_image");
     42        return image && image.complete && image.naturalHeight !== 0;
     43      });
     44      await Assert.equal(
     45        image_should_load,
     46        imageLoaded,
     47        "test_image_preload_hint_request_loaded: the image can be loaded as expected " +
     48          requestUrl
     49      );
     50    }
     51  );
     52 
     53  let gotRequestCount = await fetch(
     54    "https://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs"
     55  ).then(response => response.json());
     56 
     57  await Assert.deepEqual(gotRequestCount, expected_results, input.test_name);
     58 
     59  Services.cache2.clear();
     60 }
     61 
     62 // These tests verify whether or not the image actually loaded in the document
     63 add_task(async function test_images_loaded_with_csp() {
     64  let tests = [
     65    {
     66      input: {
     67        test_name: "image loaded - no csp",
     68        resource_type: "image",
     69        csp: "",
     70        csp_in_early_hint: "",
     71        host: "",
     72        hinted: true,
     73      },
     74      expected: { hinted: 1, normal: 0 },
     75      image_should_load: true,
     76    },
     77    {
     78      input: {
     79        test_name: "image loaded - img-src none",
     80        resource_type: "image",
     81        csp: "img-src 'none';",
     82        csp_in_early_hint: "",
     83        host: "",
     84        hinted: true,
     85      },
     86      expected: { hinted: 1, normal: 0 },
     87      image_should_load: false,
     88    },
     89    {
     90      input: {
     91        test_name: "image loaded - img-src none in EH response",
     92        resource_type: "image",
     93        csp: "",
     94        csp_in_early_hint: "img-src 'none';",
     95        host: "",
     96        hinted: true,
     97      },
     98      expected: { hinted: 0, normal: 1 },
     99      image_should_load: true,
    100    },
    101    {
    102      input: {
    103        test_name: "image loaded - img-src none in both headers",
    104        resource_type: "image",
    105        csp: "img-src 'none';",
    106        csp_in_early_hint: "img-src 'none';",
    107        host: "",
    108        hinted: true,
    109      },
    110      expected: { hinted: 0, normal: 0 },
    111      image_should_load: false,
    112    },
    113    {
    114      input: {
    115        test_name: "image loaded - img-src self",
    116        resource_type: "image",
    117        csp: "img-src 'self';",
    118        csp_in_early_hint: "",
    119        host: "",
    120        hinted: true,
    121      },
    122      expected: { hinted: 1, normal: 0 },
    123      image_should_load: true,
    124    },
    125    {
    126      input: {
    127        test_name: "image loaded - img-src self in EH response",
    128        resource_type: "image",
    129        csp: "",
    130        csp_in_early_hint: "img-src 'self';",
    131        host: "",
    132        hinted: true,
    133      },
    134      expected: { hinted: 1, normal: 0 },
    135      image_should_load: true,
    136    },
    137    {
    138      input: {
    139        test_name: "image loaded - conflicting csp, early hint skipped",
    140        resource_type: "image",
    141        csp: "img-src 'self';",
    142        csp_in_early_hint: "img-src 'none';",
    143        host: "",
    144        hinted: true,
    145      },
    146      expected: { hinted: 0, normal: 1 },
    147      image_should_load: true,
    148    },
    149    {
    150      input: {
    151        test_name:
    152          "image loaded - conflicting csp, resource not loaded in document",
    153        resource_type: "image",
    154        csp: "img-src 'none';",
    155        csp_in_early_hint: "img-src 'self';",
    156        host: "",
    157        hinted: true,
    158      },
    159      expected: { hinted: 1, normal: 0 },
    160      image_should_load: false,
    161    },
    162  ];
    163 
    164  for (let test of tests) {
    165    await test_image_preload_hint_request_loaded(
    166      test.input,
    167      test.expected,
    168      test.image_should_load
    169    );
    170  }
    171 });