tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

general.any.js (4334B)

      1 // META: timeout=long
      2 // META: global=window,worker
      3 // META: script=/common/get-host-info.sub.js
      4 // META: script=/common/utils.js
      5 
      6 // Helpers that return headers objects with a particular guard
      7 function headersGuardNone(fill) {
      8  if (fill) return new Headers(fill);
      9  return new Headers();
     10 }
     11 
     12 function headersGuardResponse(fill) {
     13  const opts = {};
     14  if (fill) opts.headers = fill;
     15  return new Response('', opts).headers;
     16 }
     17 
     18 function headersGuardRequest(fill) {
     19  const opts = {};
     20  if (fill) opts.headers = fill;
     21  return new Request('./', opts).headers;
     22 }
     23 
     24 function headersGuardRequestNoCors(fill) {
     25  const opts = { mode: 'no-cors' };
     26  if (fill) opts.headers = fill;
     27  return new Request('./', opts).headers;
     28 }
     29 
     30 const headerGuardTypes = [
     31  ['none', headersGuardNone],
     32  ['response', headersGuardResponse],
     33  ['request', headersGuardRequest]
     34 ];
     35 
     36 for (const [guardType, createHeaders] of headerGuardTypes) {
     37  test(() => {
     38    // There are three ways to set headers.
     39    // Filling, appending, and setting. Test each:
     40    let headers = createHeaders({ Range: 'foo' });
     41    assert_equals(headers.get('Range'), 'foo');
     42 
     43    headers = createHeaders();
     44    headers.append('Range', 'foo');
     45    assert_equals(headers.get('Range'), 'foo');
     46 
     47    headers = createHeaders();
     48    headers.set('Range', 'foo');
     49    assert_equals(headers.get('Range'), 'foo');
     50  }, `Range header setting allowed for guard type: ${guardType}`);
     51 }
     52 
     53 test(() => {
     54  let headers = headersGuardRequestNoCors({ Range: 'foo' });
     55  assert_false(headers.has('Range'));
     56 
     57  headers = headersGuardRequestNoCors();
     58  headers.append('Range', 'foo');
     59  assert_false(headers.has('Range'));
     60 
     61  headers = headersGuardRequestNoCors();
     62  headers.set('Range', 'foo');
     63  assert_false(headers.has('Range'));
     64 }, `Privileged header not allowed for guard type: request-no-cors`);
     65 
     66 promise_test(async () => {
     67  const wavURL = new URL('resources/long-wav.py', location);
     68  const stashTakeURL = new URL('resources/stash-take.py', location);
     69 
     70  function changeToken() {
     71    const stashToken = token();
     72    wavURL.searchParams.set('accept-encoding-key', stashToken);
     73    stashTakeURL.searchParams.set('key', stashToken);
     74  }
     75 
     76  const rangeHeaders = [
     77    'bytes=0-10',
     78    'foo=0-10',
     79    'foo',
     80    ''
     81  ];
     82 
     83  for (const rangeHeader of rangeHeaders) {
     84    changeToken();
     85 
     86    await fetch(wavURL, {
     87      headers: { Range: rangeHeader }
     88    });
     89 
     90    const response = await fetch(stashTakeURL);
     91    assert_equals(await response.json(), 'identity', `Expect identity accept-encoding if range header is ${JSON.stringify(rangeHeader)}`);
     92  }
     93 }, `Fetch with range header will be sent with Accept-Encoding: identity`);
     94 
     95 promise_test(async () => {
     96  const wavURL = new URL(get_host_info().HTTP_REMOTE_ORIGIN + '/fetch/range/resources/long-wav.py');
     97  const stashTakeURL = new URL('resources/stash-take.py', location);
     98 
     99  function changeToken() {
    100    const stashToken = token();
    101    wavURL.searchParams.set('accept-encoding-key', stashToken);
    102    stashTakeURL.searchParams.set('key', stashToken);
    103  }
    104 
    105  const rangeHeaders = [
    106    'bytes=10-9',
    107    'bytes=-0',
    108    'bytes=0000000000000000000000000000000000000000000000000000000000011-0000000000000000000000000000000000000000000000000000000000111',
    109  ];
    110 
    111  for (const rangeHeader of rangeHeaders) {
    112    changeToken();
    113    await fetch(wavURL, { headers: { Range : rangeHeader} }).then(() => { throw "loaded with range header " + rangeHeader }, () => { });
    114  }
    115 }, `Cross Origin Fetch with non safe range header`);
    116 
    117 promise_test(async () => {
    118  const wavURL = new URL(get_host_info().HTTP_REMOTE_ORIGIN + '/fetch/range/resources/long-wav.py');
    119  const stashTakeURL = new URL('resources/stash-take.py', location);
    120 
    121  function changeToken() {
    122    const stashToken = token();
    123    wavURL.searchParams.set('accept-encoding-key', stashToken);
    124    stashTakeURL.searchParams.set('key', stashToken);
    125  }
    126 
    127  const rangeHeaders = [
    128    'bytes=0-10',
    129    'bytes=0-',
    130    'bytes=00000000000000000000000000000000000000000000000000000000011-00000000000000000000000000000000000000000000000000000000000111',
    131  ];
    132 
    133  for (const rangeHeader of rangeHeaders) {
    134    changeToken();
    135    await fetch(wavURL, { headers: { Range: rangeHeader } }).then(() => { }, () => { throw "failed load with range header " + rangeHeader });
    136  }
    137 }, `Cross Origin Fetch with safe range header`);