tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

mixed-content-and-allowed-schemes.https.window.js (2191B)

      1 // META: script=/service-workers/service-worker/resources/test-helpers.sub.js
      2 // META: script=resources/utils.js
      3 'use strict';
      4 
      5 // Tests that Mixed Content requests are blocked.
      6 // https://w3c.github.io/webappsec-mixed-content/#should-block-fetch
      7 // https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url
      8 // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
      9 
     10 // With an additional restriction that only https:// and loopback http://
     11 // requests are allowed. Hence the wss:, file:, data:, etc schemes are blocked.
     12 // https://github.com/WICG/background-fetch/issues/44
     13 
     14 // This is not a comprehensive test of mixed content blocking - it is just
     15 // intended to check that blocking is enabled.
     16 
     17 backgroundFetchTest((t, bgFetch) => {
     18  return bgFetch.fetch(uniqueId(), 'https://example.com');
     19 }, 'https: fetch should register ok');
     20 
     21 backgroundFetchTest((t, bgFetch) => {
     22  return bgFetch.fetch(uniqueId(), 'http://127.0.0.1');
     23 }, 'loopback IPv4 http: fetch should register ok');
     24 
     25 backgroundFetchTest((t, bgFetch) => {
     26  return bgFetch.fetch(uniqueId(), 'http://[::1]');
     27 }, 'loopback IPv6 http: fetch should register ok');
     28 
     29 backgroundFetchTest((t, bgFetch) => {
     30  return bgFetch.fetch(uniqueId(), 'http://localhost');
     31 }, 'localhost http: fetch should register ok');
     32 
     33 function testBgFetch(bgFetch, url)
     34 {
     35  return bgFetch.fetch(uniqueId(), url).then(fetch => {
     36    return fetch.match(url);
     37  }).then(match => match.responseReady);
     38 }
     39 
     40 backgroundFetchTest((t, bgFetch) => {
     41  return promise_rejects_js(t, TypeError,
     42                         testBgFetch(bgFetch, 'wss:127.0.0.1'));
     43 }, 'wss: fetch should reject');
     44 
     45 backgroundFetchTest((t, bgFetch) => {
     46  return promise_rejects_js(t, TypeError,
     47                         testBgFetch(bgFetch, 'file:///'));
     48 }, 'file: fetch should reject');
     49 
     50 backgroundFetchTest((t, bgFetch) => {
     51  return promise_rejects_js(t, TypeError,
     52                         testBgFetch(bgFetch, 'data:text/plain,foo'));
     53 }, 'data: fetch should reject');
     54 
     55 backgroundFetchTest((t, bgFetch) => {
     56  return promise_rejects_js(t, TypeError,
     57                         testBgFetch(bgFetch, 'foobar:bazqux'));
     58 }, 'unknown scheme fetch should reject');