tor-browser

keepalive-helper.js (7362B)

---

// Utility functions to help testing keepalive requests.

// Returns a URL to an iframe that loads a keepalive URL on iframe loaded.
//
// The keepalive URL points to a target that stores `token`. The token will then
// be posted back on iframe loaded to the parent document.
// `method` defaults to GET.
// `frameOrigin` to specify the origin of the iframe to load. If not set,
// default to a different site origin.
// `requestOrigin` to specify the origin of the fetch request target.
// `sendOn` to specify the name of the event when the keepalive request should
// be sent instead of the default 'load'.
// `mode` to specify the fetch request's CORS mode.
// `disallowCrossOrigin` to ask the iframe to set up a server that disallows
// cross origin requests.
function getKeepAliveIframeUrl(token, method, {
 frameOrigin = 'DEFAULT',
 requestOrigin = '',
 sendOn = 'load',
 mode = 'cors',
 disallowCrossOrigin = false
} = {}) {
 const https = location.protocol.startsWith('https');
 frameOrigin = frameOrigin === 'DEFAULT' ?
     get_host_info()[https ? 'HTTPS_NOTSAMESITE_ORIGIN' : 'HTTP_NOTSAMESITE_ORIGIN'] :
     frameOrigin;
 return `${frameOrigin}/fetch/api/resources/keepalive-iframe.html?` +
     `token=${token}&` +
     `method=${method}&` +
     `sendOn=${sendOn}&` +
     `mode=${mode}&` + (disallowCrossOrigin ? `disallowCrossOrigin=1&` : ``) +
     `origin=${requestOrigin}`;
}

// Returns a different-site URL to an iframe that loads a keepalive URL.
//
// By default, the keepalive URL points to a target that redirects to another
// same-origin destination storing `token`. The token will then be posted back
// to parent document.
//
// The URL redirects can be customized from `origin1` to `origin2` if provided.
// Sets `withPreflight` to true to get URL enabling preflight.
function getKeepAliveAndRedirectIframeUrl(
   token, origin1, origin2, withPreflight) {
 const https = location.protocol.startsWith('https');
 const frameOrigin =
     get_host_info()[https ? 'HTTPS_NOTSAMESITE_ORIGIN' : 'HTTP_NOTSAMESITE_ORIGIN'];
 return `${frameOrigin}/fetch/api/resources/keepalive-redirect-iframe.html?` +
     `token=${token}&` +
     `origin1=${origin1}&` +
     `origin2=${origin2}&` + (withPreflight ? `with-headers` : ``);
}

async function iframeLoaded(iframe) {
 return new Promise((resolve) => iframe.addEventListener('load', resolve));
}

// Obtains the token from the message posted by iframe after loading
// `getKeepAliveAndRedirectIframeUrl()`.
async function getTokenFromMessage() {
 return new Promise((resolve) => {
   window.addEventListener('message', (event) => {
     resolve(event.data);
   }, {once: true});
 });
}

// Tells if `token` has been stored in the server.
async function queryToken(token) {
 const response = await fetch(`../resources/stash-take.py?key=${token}`);
 const json = await response.json();
 return json;
}

// A helper to assert the existence of `token` that should have been stored in
// the server by fetching ../resources/stash-put.py.
//
// This function simply wait for a custom amount of time before trying to
// retrieve `token` from the server.
// `expectTokenExist` tells if `token` should be present or not.
//
// NOTE:
// In order to parallelize the work, we are going to have an async_test
// for the rest of the work. Note that we want the serialized behavior
// for the steps so far, so we don't want to make the entire test case
// an async_test.
function assertStashedTokenAsync(
   testName, token, {expectTokenExist = true} = {}) {
 async_test(test => {
   new Promise(resolve => test.step_timeout(resolve, 3000 /*ms*/))
       .then(test.step_func(() => {
         return queryToken(token);
       }))
       .then(test.step_func(result => {
         if (expectTokenExist) {
           assert_equals(result, 'on', `token should be on (stashed).`);
           test.done();
         } else {
           assert_not_equals(
               result, 'on', `token should not be on (stashed).`);
           return Promise.reject(`Failed to retrieve token from server`);
         }
       }))
       .catch(test.step_func(e => {
         if (expectTokenExist) {
           test.unreached_func(e);
         } else {
           test.done();
         }
       }));
 }, testName);
}

/**
* In an iframe, and in `load` event handler, test to fetch a keepalive URL that
* involves in redirect to another URL.
*
* `unloadIframe` to unload the iframe before verifying stashed token to
* simulate the situation that unloads after fetching. Note that this test is
* different from `keepaliveRedirectInUnloadTest()` in that the latter
* performs fetch() call directly in `unload` event handler, while this test
* does it in `load`.
*/
function keepaliveRedirectTest(desc, {
 origin1 = '',
 origin2 = '',
 withPreflight = false,
 unloadIframe = false,
 expectFetchSucceed = true,
} = {}) {
 desc = `[keepalive][iframe][load] ${desc}` +
     (unloadIframe ? ' [unload at end]' : '');
 promise_test(async (test) => {
   const tokenToStash = token();
   const iframe = document.createElement('iframe');
   iframe.src = getKeepAliveAndRedirectIframeUrl(
       tokenToStash, origin1, origin2, withPreflight);
   document.body.appendChild(iframe);
   await iframeLoaded(iframe);
   assert_equals(await getTokenFromMessage(), tokenToStash);
   if (unloadIframe) {
     iframe.remove();
   }

   assertStashedTokenAsync(
       desc, tokenToStash, {expectTokenExist: expectFetchSucceed});
 }, `${desc}; setting up`);
}

/**
* Opens a different site window, and in `unload` event handler, test to fetch
* a keepalive URL that involves in redirect to another URL.
*/
function keepaliveRedirectInUnloadTest(desc, {
 origin1 = '',
 origin2 = '',
 url2 = '',
 withPreflight = false,
 expectFetchSucceed = true
} = {}) {
 desc = `[keepalive][new window][unload] ${desc}`;

 promise_test(async (test) => {
   const targetUrl =
       `${HTTP_NOTSAMESITE_ORIGIN}/fetch/api/resources/keepalive-redirect-window.html?` +
       `origin1=${origin1}&` +
       `origin2=${origin2}&` +
       `url2=${url2}&` + (withPreflight ? `with-headers` : ``);
   const w = window.open(targetUrl);
   const token = await getTokenFromMessage();
   w.close();

   assertStashedTokenAsync(
       desc, token, {expectTokenExist: expectFetchSucceed});
 }, `${desc}; setting up`);
}

/**
* utility to create pending keepalive fetch requests
* The pending request state is achieved by ensuring the server (trickle.py) does not
* immediately respond to the fetch requests.
* The response delay is set as a url parameter.
*/

function createPendingKeepAliveRequest(delay, remote = false) {
 // trickle.py is a script that can make a delayed response to the client request
 const trickleRemoteURL = get_host_info().HTTPS_REMOTE_ORIGIN + '/fetch/api/resources/trickle.py?count=1&ms=';
 const trickleLocalURL = get_host_info().HTTP_ORIGIN + '/fetch/api/resources/trickle.py?count=1&ms=';
 url = remote ? trickleRemoteURL : trickleLocalURL;

 const body = '*'.repeat(10);
 return fetch(url + delay, { keepalive: true, body, method: 'POST' }).then(res => {
     return res.text();
 }).then(() => {
     return new Promise(resolve => step_timeout(resolve, 1));
 }).catch((error) => {
     return Promise.reject(error);;
 })
}