mirror of
https://github.com/servo/servo.git
synced 2025-07-11 17:33:47 +01:00
143 lines
6.1 KiB
HTML
143 lines
6.1 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<script src='/resources/testharness.js'></script>
|
|
<script src='/resources/testharnessreport.js'></script>
|
|
</head>
|
|
<body>
|
|
<div id=log></div>
|
|
<iframe id=frame></iframe>
|
|
<script>
|
|
// Navigate the frame to a test page with the given policy and wait for
|
|
// postMessage to arrive. Resolve the result promise with the message.
|
|
function navigate(policy) {
|
|
return new Promise(resolve => {
|
|
window.addEventListener("message", event => { resolve(event.data); },
|
|
{ once: true });
|
|
document.getElementById("frame").src =
|
|
"/origin-policy/sec-origin-policy-header.html.py?policy=" + policy;
|
|
});
|
|
}
|
|
|
|
// Check whether the message returned from the frame meets our expectations.
|
|
function expect(expect_script, expect_eval, message) {
|
|
assert_own_property(message, "inline_allowed");
|
|
assert_own_property(message, "eval_allowed");
|
|
assert_equals(message.inline_allowed, expect_script);
|
|
assert_equals(message.eval_allowed, expect_eval);
|
|
}
|
|
|
|
// Generate a more descriptive error message. Re-throw the error.
|
|
function descriptive_message(policy, expect_inline, expect_eval,
|
|
index, error) {
|
|
error.message = `Error occured on entry #${index + 1} ["${policy
|
|
}", ${expect_inline}, ${expect_eval}]: "${error}".`;
|
|
throw(error);
|
|
}
|
|
|
|
// Run the navigation + expectation checking for one test case line.
|
|
function test_case_entry([policy, expect_inline, expect_eval], index) {
|
|
return navigate(policy)
|
|
.then(message => expect(expect_inline, expect_eval, message))
|
|
|
|
// This catch handler merely logs a more friendly message,
|
|
// pointing you to the exact line of the failing test.
|
|
.catch(error => descriptive_message(policy, expect_inline,
|
|
expect_eval, index, error));
|
|
}
|
|
|
|
function origin_policy_csp_test_case(test_case_list) {
|
|
return t => {
|
|
// Setup the promise chain for the test.
|
|
let chain = Promise.resolve();
|
|
for ([index, val] of test_case_list.entries())
|
|
chain = chain.then(test_case_entry.bind(this, val, index));
|
|
|
|
// Delete the policy as the last element of the chain, on both
|
|
// resolve + reject paths, so that a left-over policy won't break
|
|
// subsequent tests.
|
|
return chain.then(() => navigate("0"),
|
|
(error) => { navigate("0"); throw error; });
|
|
}
|
|
}
|
|
|
|
|
|
// Sanity check: A request with no policy.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true], // No policy.
|
|
]), "sanity check");
|
|
|
|
// Basic functionality. A policy should have an effect.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true], // No policy.
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["0", true, true], // Delete the policy again.
|
|
]), "The basics: A policy should have an effect..");
|
|
|
|
// Basic functionality. Set a policy. Make sure it "sticks".
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true], // No policy.
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["", true, false], // No policy. Should remember p...-csp-1.
|
|
["0", true, true], // Delete the policy again.
|
|
]), "The basics: A policy should stick.");
|
|
|
|
// Set, update, and delete a policy.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true],
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["policy-csp-2", false, false], // policy-csp-2, forbids script + eval.
|
|
["0", true, true], // Delete the policy.
|
|
]), "Policy set, update, and delete.");
|
|
|
|
// Set, update, and delete a policy. Check on each step whether it 'sticks'.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true],
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["", true, false],
|
|
["policy-csp-2", false, false], // Forbid script + eval.
|
|
["", false, false],
|
|
["0", true, true], // Delete the policy.
|
|
["", true, true],
|
|
]), "Policy set-update-delete cycle with checks.");
|
|
|
|
// Set a policy, update, then revert to the old one.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true],
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["policy-csp-2", false, false], // Forbid script + eval.
|
|
["policy-csp-1", true, false], // policy-csp-1 again.
|
|
["0", true, true],
|
|
]), "Policy set-update-delete cycle.");
|
|
|
|
// Set, delete, re-set, and re-delete a policy.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true], // No policy.
|
|
["policy-csp-1", true, false], // policy-csp-1, which forbids eval.
|
|
["", true, false],
|
|
["0", true, true], // Delete the policy.
|
|
["", true, true],
|
|
["policy-csp-1", true, false], // Set policy after policy was deleted.
|
|
["", true, false],
|
|
["0", true, true], // Delete the policy again.
|
|
["", true, true],
|
|
]), "Policy re-set and re-delete.");
|
|
|
|
// We've had some bugs with repeated policies being set, so lets just
|
|
// run through a set-update-delete cycle but with every request being
|
|
// made twice.
|
|
promise_test(origin_policy_csp_test_case([
|
|
["", true, true],
|
|
["", true, true],
|
|
["policy-csp-1", true, false],
|
|
["policy-csp-1", true, false],
|
|
["policy-csp-2", false, false],
|
|
["policy-csp-2", false, false],
|
|
["0", true, true],
|
|
["0", true, true],
|
|
["", true, true],
|
|
["", true, true],
|
|
]), "Double Trouble");
|
|
</script>
|
|
</body>
|
|
</html>
|