-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests for ORB nosniff and status conditions.
Differential Revision: https://phabricator.services.mozilla.com/D162822 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1802088 gecko-commit: c1a849c20687395a364be52b21a228b6c7e41ece gecko-reviewers: sefeng
- Loading branch information
Showing
5 changed files
with
113 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
// META: script=/fetch/orb/resources/utils.js | ||
|
||
const path = "http://{{domains[www1]}}:{{ports[http][0]}}/fetch/orb/resources"; | ||
|
||
promise_test( | ||
t => | ||
promise_rejects_js( | ||
t, | ||
TypeError, | ||
fetchORB( | ||
`${path}/text.txt`, | ||
null, | ||
contentType("text/plain"), | ||
contentTypeOptions("nosniff") | ||
) | ||
), | ||
"ORB should block opaque text/plain with nosniff" | ||
); | ||
|
||
promise_test( | ||
t => | ||
promise_rejects_js( | ||
t, | ||
TypeError, | ||
fetchORB( | ||
`${path}/data.json`, | ||
null, | ||
contentType("application/json"), | ||
contentTypeOptions("nosniff") | ||
) | ||
), | ||
"ORB should block opaque-response-blocklisted MIME type with nosniff" | ||
); | ||
|
||
promise_test( | ||
t => | ||
promise_rejects_js( | ||
t, | ||
TypeError, | ||
fetchORB( | ||
`${path}/data.json`, | ||
null, | ||
contentType(""), | ||
contentTypeOptions("nosniff") | ||
) | ||
), | ||
"ORB should block opaque response with empty Content-Type and nosniff" | ||
); | ||
|
||
promise_test( | ||
() => | ||
fetchORB( | ||
`${path}/image.png`, | ||
null, | ||
contentType(""), | ||
contentTypeOptions("nosniff") | ||
), | ||
"ORB shouldn't block opaque image with empty Content-Type and nosniff" | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
// META: script=/fetch/orb/resources/utils.js | ||
|
||
const path = "http://{{domains[www1]}}:{{ports[http][0]}}/fetch/orb/resources"; | ||
|
||
promise_test( | ||
t => | ||
promise_rejects_js( | ||
t, | ||
TypeError, | ||
fetchORB( | ||
`${path}/data.json`, | ||
null, | ||
contentType("application/json"), | ||
"status(206)" | ||
) | ||
), | ||
"ORB should block opaque-response-blocklisted MIME type with status 206" | ||
); | ||
|
||
promise_test( | ||
t => | ||
promise_rejects_js( | ||
t, | ||
TypeError, | ||
fetchORB( | ||
`${path}/data.json`, | ||
null, | ||
contentType("application/json"), | ||
"status(302)" | ||
) | ||
), | ||
"ORB should block opaque response with non-ok status" | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
'use strict'; | ||
|
||
<script src=/resources/testharness.js></script> | ||
<script src=/resources/testharnessreport.js></script> | ||
<div id=log></div> | ||
<script> | ||
async_test(function(t) { | ||
let url = "http://{{domains[www1]}}:{{ports[http][0]}}" | ||
url = `${url}/fetch/orb/resources/sound.mp3?pipe=status(301)|header(Content-Type,)` | ||
|
||
const video = document.createElement("video"); | ||
video.src = url; | ||
video.onerror = t.step_func_done(); | ||
video.onload = t.unreached_func("Unexpected error event"); | ||
document.body.appendChild(video); | ||
}, "ORB should block initial media requests with status not 200 or 206"); | ||
</script> |