Bug 959388 - Add csp worker test cases. r=kmckinley
MozReview-Commit-ID: L51Df74GjWu
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_child_worker.js
@@ -0,0 +1,39 @@
+function doXHR(uri) {
+ try {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", uri);
+ xhr.send();
+ } catch(ex) {}
+}
+
+var sameBase = "http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=";
+var crossBase = "http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=";
+
+onmessage = (e) => {
+ for (base of [sameBase, crossBase]) {
+ var prefix;
+ var suffix;
+ if (e.data.inherited == "parent") {
+ //Worker inherits CSP from parent worker
+ prefix = base + "worker_child_inherited_parent_";
+ suffix = base == sameBase ? "_good" : "_bad";
+ } else if (e.data.inherited == "document") {
+ //Worker inherits CSP from owner document -> parent worker -> subworker
+ prefix = base + "worker_child_inherited_document_";
+ suffix = base == sameBase ? "_good" : "_bad";
+ } else {
+ // Worker delivers CSP from HTTP header
+ prefix = base + "worker_child_";
+ suffix = base == sameBase ? "_same_bad" : "_cross_bad";
+ }
+
+ doXHR(prefix + "xhr" + suffix);
+ // Fetch is likely failed in subworker
+ // See Bug 1273070 - Failed to fetch in subworker
+ // Enable fetch test after the bug is fixed
+ // fetch(prefix + "xhr" + suffix);
+ try {
+ importScripts(prefix + "script" + suffix);
+ } catch(ex) {}
+ }
+}
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_child_worker.js^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: default-src 'none'
--- a/dom/security/test/csp/file_main.js
+++ b/dom/security/test/csp/file_main.js
@@ -1,28 +1,53 @@
-function doXHR(uri) {
+function doXHR(uri, callback) {
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", uri);
+ xhr.responseType = "blob";
xhr.send();
+ xhr.onload = function () {
+ if (callback) callback(xhr.response);
+ }
} catch(ex) {}
}
doXHR("http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good");
doXHR("http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad");
fetch("http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=fetch_good");
fetch("http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=fetch_bad");
navigator.sendBeacon("http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=beacon_good");
try {
navigator.sendBeacon("http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=beacon_bad");
} catch(ex) {}
+var topWorkerBlob;
+var nestedWorkerBlob;
-new Worker("file_main_worker.js").postMessage({inherited : false});
+doXHR("file_main_worker.js", function (topResponse) {
+ topWorkerBlob = URL.createObjectURL(topResponse);
+ doXHR("file_child_worker.js", function (response) {
+ nestedWorkerBlob = URL.createObjectURL(response);
+ runWorker();
+ });
+});
+function runWorker() {
+ // Top level worker, no subworker
+ // Worker does not inherit CSP from owner document
+ new Worker("file_main_worker.js").postMessage({inherited : "none"});
-var blobxhr = new XMLHttpRequest();
-blobxhr.open("GET", "file_main_worker.js")
-blobxhr.responseType = "blob";
-blobxhr.send();
-blobxhr.onload = () => {
- new Worker(URL.createObjectURL(blobxhr.response)).postMessage({inherited : true});
+ // Top level worker, no subworker
+ // Worker inherits CSP from owner document
+ new Worker(topWorkerBlob).postMessage({inherited : "document"});
+
+ // Subworker
+ // Worker does not inherit CSP from parent worker
+ new Worker("file_main_worker.js").postMessage({inherited : "none", nested : nestedWorkerBlob});
+
+ // Subworker
+ // Worker inherits CSP from parent worker
+ new Worker("file_main_worker.js").postMessage({inherited : "parent", nested : nestedWorkerBlob});
+
+ // Subworker
+ // Worker inherits CSP from owner document -> parent worker -> subworker
+ new Worker(topWorkerBlob).postMessage({inherited : "document", nested : nestedWorkerBlob});
}
--- a/dom/security/test/csp/file_main_worker.js
+++ b/dom/security/test/csp/file_main_worker.js
@@ -5,24 +5,44 @@ function doXHR(uri) {
xhr.send();
} catch(ex) {}
}
var sameBase = "http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=";
var crossBase = "http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=";
onmessage = (e) => {
+ // Tests of nested worker
+ if (e.data.nested) {
+ if (e.data.inherited != "none") {
+ // Worker inherits CSP
+ new Worker(e.data.nested).postMessage({inherited : e.data.inherited});
+ }
+ else {
+ // Worker does not inherit CSP
+ new Worker("file_child_worker.js").postMessage({inherited : e.data.inherited});
+ }
+ return;
+ }
+
+ //Tests of top level worker
for (base of [sameBase, crossBase]) {
var prefix;
var suffix;
- if (e.data.inherited) {
- prefix = base + "worker_inherited_"
+ if (e.data.inherited != "none") {
+ // Top worker inherits CSP from owner document
+ prefix = base + "worker_inherited_";
suffix = base == sameBase ? "_good" : "_bad";
}
else {
- prefix = base + "worker_"
- suffix = base == sameBase ? "_same_good" : "_cross_good";
+ // Top worker delivers CSP from HTTP header
+ prefix = base + "worker_";
+ suffix = base == sameBase ? "_same_bad" : "_cross_good";
}
+
doXHR(prefix + "xhr" + suffix);
fetch(prefix + "fetch" + suffix);
- try { importScripts(prefix + "script" + suffix); } catch(ex) {}
+ try {
+ if (e.data.inherited == "none") suffix = base == sameBase ? "_same_good" : "_cross_bad";
+ importScripts(prefix + "script" + suffix);
+ } catch(ex) {}
}
}
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_main_worker.js^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: default-src 'self' blob: ; connect-src http://example.com
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -36,16 +36,19 @@ support-files =
file_inlinestyle_main.html^headers^
file_inlinestyle_main_allowed.html
file_inlinestyle_main_allowed.html^headers^
file_invalid_source_expression.html
file_main.html
file_main.html^headers^
file_main.js
file_main_worker.js
+ file_main_worker.js^headers^
+ file_child_worker.js
+ file_child_worker.js^headers^
file_web_manifest.html
file_web_manifest_remote.html
file_web_manifest_https.html
file_web_manifest.json
file_web_manifest.json^headers^
file_web_manifest_https.json
file_web_manifest_mixed_content.html
file_bug836922_npolicies.html
--- a/dom/security/test/csp/test_CSP.html
+++ b/dom/security/test/csp/test_CSP.html
@@ -24,28 +24,40 @@ window.tests = {
script_good: -1,
script_bad: -1,
xhr_good: -1,
xhr_bad: -1,
fetch_good: -1,
fetch_bad: -1,
beacon_good: -1,
beacon_bad: -1,
- worker_xhr_same_good: -1,
+ worker_xhr_same_bad: -1,
worker_xhr_cross_good: -1,
- worker_fetch_same_good: -1,
+ worker_fetch_same_bad: -1,
worker_fetch_cross_good: -1,
worker_script_same_good: -1,
- worker_script_cross_good: -1,
+ worker_script_cross_bad: -1,
worker_inherited_xhr_good: -1,
worker_inherited_xhr_bad: -1,
worker_inherited_fetch_good: -1,
worker_inherited_fetch_bad: -1,
worker_inherited_script_good: -1,
worker_inherited_script_bad: -1,
+ worker_child_xhr_same_bad: -1,
+ worker_child_xhr_cross_bad: -1,
+ worker_child_script_same_bad: -1,
+ worker_child_script_cross_bad: -1,
+ worker_child_inherited_parent_xhr_bad: -1,
+ worker_child_inherited_parent_xhr_good: -1,
+ worker_child_inherited_parent_script_good: -1,
+ worker_child_inherited_parent_script_bad: -1,
+ worker_child_inherited_document_xhr_good: -1,
+ worker_child_inherited_document_xhr_bad: -1,
+ worker_child_inherited_document_script_good: -1,
+ worker_child_inherited_document_script_bad: -1,
media_good: -1,
media_bad: -1,
font_good: -1,
font_bad: -1,
object_good: -1,
object_bad: -1,
};
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/csp_worker.js^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: default-src 'self' blob: ; script-src 'unsafe-eval'
--- a/dom/workers/test/mochitest.ini
+++ b/dom/workers/test/mochitest.ini
@@ -13,16 +13,17 @@ support-files =
clearTimeouts_worker.js
closeOnGC_server.sjs
closeOnGC_worker.js
close_worker.js
content_worker.js
console_worker.js
consoleReplaceable_worker.js
csp_worker.js
+ csp_worker.js^headers^
404_server.sjs
errorPropagation_iframe.html
errorPropagation_worker.js
errorwarning_worker.js
eventDispatch_worker.js
fibonacci_worker.js
file_bug1010784_worker.js
file_getcookie.sjs