diff --git a/fetch/orb/resources/sound.mp3 b/fetch/orb/resources/sound.mp3 new file mode 100644 index 000000000000000..a15d1de328f3f33 Binary files /dev/null and b/fetch/orb/resources/sound.mp3 differ diff --git a/fetch/orb/resources/utils.js b/fetch/orb/resources/utils.js index 3517234e2b92003..94a2177f0792bb2 100644 --- a/fetch/orb/resources/utils.js +++ b/fetch/orb/resources/utils.js @@ -6,6 +6,10 @@ function contentType(type) { return header("Content-Type", type); } +function contentTypeOptions(type) { + return header("X-Content-Type-Options", type); +} + function fetchORB(file, options, ...pipe) { return fetch(`${file}${pipe.length ? `?pipe=${pipe.join("|")}` : ""}`, { ...(options || {}), diff --git a/fetch/orb/tentative/nosniff.sub.any.js b/fetch/orb/tentative/nosniff.sub.any.js new file mode 100644 index 000000000000000..3df9d22e0b7beb0 --- /dev/null +++ b/fetch/orb/tentative/nosniff.sub.any.js @@ -0,0 +1,59 @@ +// META: script=/fetch/orb/resources/utils.js + +const path = "http://{{domains[www1]}}:{{ports[http][0]}}/fetch/orb/resources"; + +promise_test( + t => + promise_rejects_js( + t, + TypeError, + fetchORB( + `${path}/text.txt`, + null, + contentType("text/plain"), + contentTypeOptions("nosniff") + ) + ), + "ORB should block opaque text/plain with nosniff" +); + +promise_test( + t => + promise_rejects_js( + t, + TypeError, + fetchORB( + `${path}/data.json`, + null, + contentType("application/json"), + contentTypeOptions("nosniff") + ) + ), + "ORB should block opaque-response-blocklisted MIME type with nosniff" +); + +promise_test( + t => + promise_rejects_js( + t, + TypeError, + fetchORB( + `${path}/data.json`, + null, + contentType(""), + contentTypeOptions("nosniff") + ) + ), + "ORB should block opaque response with empty Content-Type and nosniff" +); + +promise_test( + () => + fetchORB( + `${path}/image.png`, + null, + contentType(""), + contentTypeOptions("nosniff") + ), + "ORB shouldn't block opaque image with empty Content-Type and nosniff" +); diff --git a/fetch/orb/tentative/status.sub.any.js b/fetch/orb/tentative/status.sub.any.js new file mode 100644 index 000000000000000..b94d8b7f6359a7d --- /dev/null +++ b/fetch/orb/tentative/status.sub.any.js @@ -0,0 +1,33 @@ +// META: script=/fetch/orb/resources/utils.js + +const path = "http://{{domains[www1]}}:{{ports[http][0]}}/fetch/orb/resources"; + +promise_test( + t => + promise_rejects_js( + t, + TypeError, + fetchORB( + `${path}/data.json`, + null, + contentType("application/json"), + "status(206)" + ) + ), + "ORB should block opaque-response-blocklisted MIME type with status 206" +); + +promise_test( + t => + promise_rejects_js( + t, + TypeError, + fetchORB( + `${path}/data.json`, + null, + contentType("application/json"), + "status(302)" + ) + ), + "ORB should block opaque response with non-ok status" +); diff --git a/fetch/orb/tentative/status.sub.html b/fetch/orb/tentative/status.sub.html new file mode 100644 index 000000000000000..a62bdeb35e469a6 --- /dev/null +++ b/fetch/orb/tentative/status.sub.html @@ -0,0 +1,17 @@ +'use strict'; + + + +
+