tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sxg-subresource-header-integrity-mismatch.tentative.html (4420B)

      1 <!DOCTYPE html>
      2 <title>Subresource signed exchange prefetch.</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/get-host-info.sub.js"></script>
      6 <script src="/network-error-logging/support/nel.sub.js"></script>
      7 <script src="../resources/sxg-util.js"></script>
      8 <body>
      9 <script>
     10 nel_iframe_test(async t => {
     11  const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
     12  const test_origin = get_host_info().HTTPS_ORIGIN;
     13  await loadResourceWithBasicPolicyInIframe();
     14  const iframe_path =
     15      alt_origin +
     16      '/signed-exchange/resources/sxg-subresource-mismatch-iframe.html';
     17  const wait_message = (new Promise((resolve) => {
     18    const on_message = (event) => {
     19      window.removeEventListener('message', on_message);
     20      resolve(event.data);
     21    };
     22    window.addEventListener('message', on_message);
     23  }));
     24  withIframe(iframe_path);
     25  const message = await wait_message;
     26  assert_equals(message, 'from server');
     27  const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
     28 
     29  const main_outer_url = alt_origin + '/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg';
     30  const main_inner_url = innerURLOrigin() + '/signed-exchange/resources/sxg-subresource-sxg.html';
     31  const sub_outer_url = alt_origin + '/signed-exchange/resources/sxg/sxg-subresource-script.sxg';
     32  const sub_inner_url = innerURLOrigin() + '/signed-exchange/resources/sxg-subresource-script.js';
     33  const iframe_url = alt_origin + '/signed-exchange/resources/sxg-subresource-mismatch-iframe.html';
     34  assert_true(await reportsExist([
     35    // Normal NEL report for the iframe's HTML.
     36    {
     37      url: iframe_url,
     38      user_agent: navigator.userAgent,
     39      type: "network-error",
     40      body: {
     41        phase: "application",
     42        type: "ok",
     43        status_code: 200,
     44        referrer: location.origin + '/',
     45      },
     46      metadata: {
     47        content_type: "application/reports+json",
     48      },
     49    },
     50    // Normal NEL report for the main resource signed exchange.
     51    {
     52      url: main_outer_url,
     53      user_agent: navigator.userAgent,
     54      type: "network-error",
     55      body: {
     56        phase: "application",
     57        type: "ok",
     58        status_code: 200,
     59        referrer: iframe_url,
     60      },
     61      metadata: {
     62        content_type: "application/reports+json",
     63      },
     64    },
     65    // Signed Exchange NEL report for the main resource signed exchange.
     66    {
     67      url: main_outer_url,
     68      user_agent: navigator.userAgent,
     69      type: "network-error",
     70      body: {
     71        phase: "sxg",
     72        type: "ok",
     73        status_code: 200,
     74        referrer: iframe_url,
     75        sxg: {
     76          outer_url: main_outer_url,
     77          inner_url: main_inner_url,
     78          cert_url: [cert_url]
     79        }
     80      },
     81      metadata: {
     82        content_type: "application/reports+json",
     83      },
     84    },
     85    // Signed Exchange NEL report for the subresource signed exchange header
     86    // integrity mismatch.
     87    {
     88      url: sub_outer_url,
     89      user_agent: navigator.userAgent,
     90      type: "network-error",
     91      body: {
     92        phase: "sxg",
     93        type: "sxg.header_integrity_mismatch",
     94        status_code: 200,
     95        referrer: main_outer_url,
     96        sxg: {
     97          outer_url: sub_outer_url,
     98          inner_url: sub_inner_url,
     99          cert_url: [cert_url]
    100        }
    101      },
    102      metadata: {
    103        content_type: "application/reports+json",
    104      },
    105    },
    106    // Normal NEL report for the main resource signed exchange.
    107    {
    108      url: sub_outer_url,
    109      user_agent: navigator.userAgent,
    110      type: "network-error",
    111      body: {
    112        phase: "application",
    113        type: "ok",
    114        status_code: 200,
    115        referrer: iframe_url,
    116      },
    117      metadata: {
    118        content_type: "application/reports+json",
    119      },
    120    },
    121    // Signed Exchange NEL report for the sub resource signed exchange.
    122    {
    123      url: sub_outer_url,
    124      user_agent: navigator.userAgent,
    125      type: "network-error",
    126      body: {
    127        phase: "sxg",
    128        type: "ok",
    129        status_code: 200,
    130        referrer: iframe_url,
    131        sxg: {
    132          outer_url: sub_outer_url,
    133          inner_url: sub_inner_url,
    134          cert_url: [cert_url]
    135        }
    136      },
    137      metadata: {
    138        content_type: "application/reports+json",
    139      },
    140    },
    141  ]));
    142 }, 'Subresource signed exchange prefetch.');
    143 </script>
    144 </body>