From a06ce3f03b260d59199dba7e01ea8afb3de1ef59 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Fri, 25 Aug 2017 09:25:03 +0200 Subject: CSP: Upgrade SO navigational requests per spec. --- .../test/csp/file_upgrade_insecure_navigation.sjs | 79 ++++++++++++++++ dom/security/test/csp/mochitest.ini | 2 + .../test/csp/test_upgrade_insecure_navigation.html | 103 +++++++++++++++++++++ 3 files changed, 184 insertions(+) create mode 100644 dom/security/test/csp/file_upgrade_insecure_navigation.sjs create mode 100644 dom/security/test/csp/test_upgrade_insecure_navigation.html (limited to 'dom/security') diff --git a/dom/security/test/csp/file_upgrade_insecure_navigation.sjs b/dom/security/test/csp/file_upgrade_insecure_navigation.sjs new file mode 100644 index 0000000000..51afa39bf7 --- /dev/null +++ b/dom/security/test/csp/file_upgrade_insecure_navigation.sjs @@ -0,0 +1,79 @@ +// Custom *.sjs file specifically for the needs of +// https://bugzilla.mozilla.org/show_bug.cgi?id=1271173 + +"use strict"; +Components.utils.importGlobalProperties(["URLSearchParams"]); + +const TEST_NAVIGATIONAL_UPGRADE = ` + + + + + clickme + + + `; + +const FRAME_NAV = ` + + + + + + + `; + +const DOC_NAV = ` + + + + + + + `; + +function handleRequest(request, response) { + const query = new URLSearchParams(request.queryString); + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + if (query.get("csp")) { + response.setHeader("Content-Security-Policy", query.get("csp"), false); + } + + if (query.get("action") === "perform_navigation") { + response.write(TEST_NAVIGATIONAL_UPGRADE); + return; + } + + if (query.get("action") === "framenav") { + response.write(FRAME_NAV); + return; + } + + if (query.get("action") === "docnav") { + response.write(DOC_NAV); + return; + } + + // we should never get here, but just in case + // return something unexpected + response.write("do'h"); +} diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini index 5351097521..04401b063d 100644 --- a/dom/security/test/csp/mochitest.ini +++ b/dom/security/test/csp/mochitest.ini @@ -210,6 +210,7 @@ support-files = file_ignore_xfo.html^headers^ file_ro_ignore_xfo.html file_ro_ignore_xfo.html^headers^ + file_upgrade_insecure_navigation.sjs [test_base-uri.html] [test_blob_data_schemes.html] @@ -296,6 +297,7 @@ tags = mcb [test_strict_dynamic.html] [test_strict_dynamic_parser_inserted.html] [test_strict_dynamic_default_src.html] +[test_upgrade_insecure_navigation.html] [test_iframe_sandbox_srcdoc.html] [test_iframe_srcdoc.html] [test_sandbox_allow_scripts.html] diff --git a/dom/security/test/csp/test_upgrade_insecure_navigation.html b/dom/security/test/csp/test_upgrade_insecure_navigation.html new file mode 100644 index 0000000000..db6a6a1bed --- /dev/null +++ b/dom/security/test/csp/test_upgrade_insecure_navigation.html @@ -0,0 +1,103 @@ + + + + Bug 1271173 - Missing spec on Upgrade Insecure Requests(Navigational Upgrades) + + + + + + + + + + + -- cgit v1.2.3