Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tests for CSS/JSON imports fetch destination and CSP #41665

Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions common/dummy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<!DOCTYPE html>
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
<html>
<head>
<title>connect-src-json-import-allowed</title>
<meta
http-equiv="Content-Security-Policy"
content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>

<body>
<script>
promise_test(async (t) => {
window.addEventListener(
"securitypolicyviolation",
t.unreached_func("No security policy violation should be raised.")
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
);
return import("/common/dummy.json", { with: { type: "json" } });
}, "import should be allowed");
</script>
</body>
</html>
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<!DOCTYPE html>
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
<html>
<head>
<title>connect-src-json-import-blocked</title>
<meta
http-equiv="Content-Security-Policy"
content="connect-src 'none'; script-src 'self' 'unsafe-inline';"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>

<body>
<script>
promise_test((t) => {
let spv = new Promise((resolve, reject) => {
window.addEventListener("securitypolicyviolation", (e) => {
if (e.blockedURI.endsWith("dummy.json")) {
resolve();
} else {
reject();
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
}
});
});

return Promise.all([
promise_rejects_js(t, Error, import("/common/dummy.json", { with: { type: "json" } })),
check_spv,
]);
});
</script>
</body>
</html>
24 changes: 24 additions & 0 deletions content-security-policy/style-src/import-style-allowed.sub.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<title>import-style-allowed</title>
<meta
http-equiv="Content-Security-Policy"
content="style-src 'unsafe-inline' 'self' 'http://{{domains[www1]}}:{{ports[http][0]}}'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>

<body>
<script>
promise_test(async (t) => {
window.addEventListener(
"securitypolicyviolation",
t.unreached_func("No security policy violation should be raised.")
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
);
return import("./resources/allowed.css", { with: { type: "css" } });
}, "import should be allowed");
</script>
</body>
</html>
35 changes: 35 additions & 0 deletions content-security-policy/style-src/import-style-blocked.sub.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<!DOCTYPE html>
<html>
<head>
<title>import-style-disallowed</title>
<meta
http-equiv="Content-Security-Policy"
content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>

<body>
<body>
<script>
promise_test((t) => {
let spv = new Promise((resolve, reject) => {
window.addEventListener("securitypolicyviolation", (e) => {
if (e.blockedURI.endsWith("blocked.css")) {
resolve();
} else {
reject();
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
}
});
});

return Promise.all([
promise_rejects_js(t, Error, import("./resources/blocked.css", { with: { type: "css" } })),
check_spv,
]);
});
</script>
</body>
</body>
</html>
56 changes: 56 additions & 0 deletions fetch/api/request/destination/fetch-destination.https.html
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,44 @@
});
}, 'HTMLLinkElement with rel=stylesheet fetches with a "style" Request.destination');

// Import declaration with `type: "css"` - style destination
promise_test(async t => {
await new Promise((resolve, reject) => {
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
frame.contentWindow.onerror = reject;

let node = frame.contentWindow.document.createElement("script");
node.onload = resolve;
node.onerror = reject;
node.src = "import-declaration-type-css.js";
node.type = "module";
frame.contentWindow.document.body.appendChild(node);
}).then(() => {
frame.contentWindow.onerror = null;
}, (e) => {
assert_unreached("Fetch errored.", e);
});
}, 'Import declaration with `type: "css"` fetches with a "style" Request.destination');

// JSON destination
///////////////////

// Import declaration with `type: "json"` - json destination
promise_test(async t => {
await new Promise((resolve, reject) => {
frame.contentWindow.onerror = reject;
let node = frame.contentWindow.document.createElement("script");
node.onload = resolve;
node.onerror = reject;
node.src = "import-declaration-type-json.js";
node.type = "module";
frame.contentWindow.document.body.appendChild(node);
}).then(() => {
frame.contentWindow.onerror = null;
}, (e) => {
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
assert_unreached("Fetch errored.", e);
});
}, 'Import declaration with `type: "json"` fetches with a "json" Request.destination');

// Preload tests
////////////////
// HTMLLinkElement with rel=preload and as=fetch - empty string destination
Expand Down Expand Up @@ -232,6 +270,24 @@
});
}, 'HTMLLinkElement with rel=preload and as=style fetches with a "style" Request.destination');

// HTMLLinkElement with rel=preload and as=json - json destination
promise_test(async t => {
await new Promise((resolve, reject) => {
let node = frame.contentWindow.document.createElement("link");
node.rel = "preload";
node.as = "json";
if (node.as != "json") {
resolve();
}
node.onload = resolve;
node.onerror = reject;
node.href = "dummy.json?t=2&dest=json";
frame.contentWindow.document.body.appendChild(node);
}).catch(() => {
nicolo-ribaudo marked this conversation as resolved.
Show resolved Hide resolved
assert_unreached("Fetch errored.");
});
}, 'HTMLLinkElement with rel=preload and as=json fetches with a "json" Request.destination');

// HTMLLinkElement with rel=preload and as=script - script destination
promise_test(async t => {
await new Promise((resolve, reject) => {
Expand Down
Empty file.
1 change: 1 addition & 0 deletions fetch/api/request/destination/resources/dummy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since you are reusing this file, I guess you can just put it in the top-level /common

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I now moved the other dummy.json files, but I left this one here because it needs to be in the correct scope for the service worker.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
import "./dummy.css?dest=style" with { type: "css" };
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
import "./dummy.json?dest=json" with { type: "json" };
1 change: 1 addition & 0 deletions preload/modulepreload-as.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
<link rel="modulepreload" href="resources/module1.js?frame" as="frame" data-as="frame">
<link rel="modulepreload" href="resources/module1.js?iframe" as="iframe" data-as="iframe">
<link rel="modulepreload" href="resources/module1.js?image" as="image" data-as="image">
<link rel="modulepreload" href="resources/module1.js?json" as="json" data-as="json">
<link rel="modulepreload" href="resources/module1.js?manifest" as="manifest" data-as="manifest">
<link rel="modulepreload" href="resources/module1.js?object" as="object" data-as="object">
<link rel="modulepreload" href="resources/module1.js?paintworklet" as="paintworklet" data-as="paintworklet">
Expand Down
3 changes: 2 additions & 1 deletion preload/preload-csp.sub.html
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none';">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none'; connect-src 'none'">
<title>Makes sure that preload requests respect CSP</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/preload/resources/preload_helper.js"></script>
<link rel=preload href="http://{{host}}:{{ports[http][1]}}/preload/resources/stash-put.py?key={{uuid()}}" as=style>
<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=style>
<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=json>
<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=image>
<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=font crossorigin>
<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=video>
Expand Down
9 changes: 8 additions & 1 deletion preload/preload-type-match.html
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
ttf: '/fonts/Ahem.ttf',
script: 'resources/dummy.js',
css: 'resources/dummy.css',
track: '/media/foo.vtt'
track: '/media/foo.vtt',
json: '/common/dummy.json',
}

function test_type_with_destination(type, as, resourceType, expect) {
Expand Down Expand Up @@ -68,4 +69,10 @@
test_type_with_destination('text/plain', 'track', 'track', 'timeout');
test_type_with_destination('not-a-mime', 'track', 'track', 'timeout');

test_type_with_destination('application/json', 'json', 'json', 'load');
test_type_with_destination('text/json', 'json', 'json', 'load');
test_type_with_destination('application/geo+json', 'json', 'json', 'load');
test_type_with_destination('text/plain', 'json', 'json', 'timeout');
test_type_with_destination('application/javascript', 'json', 'json', 'timeout');

</script>
1 change: 1 addition & 0 deletions preload/reflected-as-value.html
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"audio": "audio",
"track": "track",
"fetch": "fetch",
"json": "json",
};
var link = document.createElement("link");
var keys = Object.keys(values);
Expand Down