tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

accumulated-oversized-payload.https.window.js (2680B)

      1 // META: script=/common/get-host-info.sub.js
      2 // META: script=/common/utils.js
      3 // META: script=/fetch/fetch-later/resources/fetch-later-helper.js
      4 // META: script=/fetch/fetch-later/quota/resources/helper.js
      5 'use strict';
      6 
      7 const {HTTPS_ORIGIN, HTTPS_NOTSAMESITE_ORIGIN} = get_host_info();
      8 
      9 // Skips FormData & URLSearchParams, as browser adds extra bytes to them
     10 // in addition to the user-provided content. It is difficult to test a
     11 // request right at the quota limit.
     12 // Skips File & Blob as it's difficult to estimate what additional data are
     13 // added into them.
     14 const dataType = BeaconDataType.String;
     15 
     16 // Request headers are counted into total request size.
     17 const headers = new Headers({'Content-Type': 'text/plain;charset=UTF-8'});
     18 
     19 const requestUrl = `${HTTPS_ORIGIN}/`;
     20 const quota = getRemainingQuota(QUOTA_PER_ORIGIN, requestUrl, headers);
     21 const halfQuota = Math.ceil(quota / 2);
     22 
     23 
     24 // Tests that a reporting origin only allow queuing requests within its quota.
     25 test(
     26    () => {
     27      const controller = new AbortController();
     28 
     29      // Queues with the 1st call (POST) that sends max/2 quota.
     30      fetchLater(requestUrl, {
     31        method: 'POST',
     32        signal: controller.signal,
     33        body: makeBeaconData(generatePayload(halfQuota), dataType),
     34        // Required, as the size of referrer also take up quota.
     35        referrer: '',
     36      });
     37 
     38      // Makes the 2nd call (POST) to the same reporting origin that sends
     39      // max bytes, which should be rejected.
     40      assert_throws_quotaexceedederror(
     41        () => {
     42          fetchLater(requestUrl, {
     43            method: 'POST',
     44            signal: controller.signal,
     45            body: makeBeaconData(generatePayload(quota), dataType),
     46            // Required, as the size of referrer also take up quota.
     47            referrer: '',
     48          });
     49        },
     50        // Either no information should be provided, or it should exactly
     51        // be the expected values
     52        (requested) => [QUOTA_PER_ORIGIN, null].includes(requested),
     53        (remaining) => [halfQuota - 1, null].includes(remaining)
     54      );
     55 
     56      // Makes the 3rd call (GET) to the same reporting origin, where its
     57      // request size is len(requestUrl) + headers, which should be accepted.
     58      fetchLater(requestUrl, {
     59        method: 'GET',
     60        signal: controller.signal,
     61        // Required, as the size of referrer also take up quota.
     62        referrer: '',
     63      });
     64 
     65      // Release quota taken by the pending requests for subsequent tests.
     66      controller.abort();
     67    },
     68    `The 2nd fetchLater(same-origin) call in the top-level document is not allowed to exceed per-origin quota for its POST body of ${
     69        dataType}.`);