summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_upgrade_insecure_referrer.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_upgrade_insecure_referrer.html')
-rw-r--r--dom/security/test/csp/test_upgrade_insecure_referrer.html85
1 files changed, 85 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_upgrade_insecure_referrer.html b/dom/security/test/csp/test_upgrade_insecure_referrer.html
new file mode 100644
index 000000000..890c57335
--- /dev/null
+++ b/dom/security/test/csp/test_upgrade_insecure_referrer.html
@@ -0,0 +1,85 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * We load a page that makes use of the CSP referrer directive as well
+ * as upgrade-insecure-requests. The page loads an image over http.
+ * The test makes sure the request gets upgraded to https and the
+ * correct referrer gets sent.
+ */
+
+var tests = [
+ {
+ query: "test1",
+ description: "upgrade insecure request with 'referrer = origin' (CSP in header)",
+ result: "http://example.com/"
+ },
+ {
+ query: "test2",
+ description: "upgrade insecure request with 'referrer = no-referrer' (CSP in header)",
+ result: ""
+ },
+ {
+ query: "test3",
+ description: "upgrade insecure request with 'referrer = origin' (Meta CSP)",
+ result: "http://example.com/"
+ },
+ {
+ query: "test4",
+ description: "upgrade insecure request with 'referrer = no-referrer' (Meta CSP)",
+ result: ""
+ }
+];
+
+var counter = 0;
+var curTest;
+
+function loadTestPage() {
+ curTest = tests[counter++];
+ var src = "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer.sjs?";
+ // append the query
+ src += curTest.query;
+ document.getElementById("testframe").src = src;
+}
+
+function runNextTest() {
+ // sends a request to the server which is processed async and returns
+ // once the server received the expected image request
+ var myXHR = new XMLHttpRequest();
+ myXHR.open("GET", "file_upgrade_insecure_referrer_server.sjs?queryresult");
+ myXHR.onload = function(e) {
+ is(myXHR.responseText, curTest.result, curTest.description);
+ if (counter == tests.length) {
+ SimpleTest.finish();
+ return;
+ }
+ // move on to the next test by setting off another query request.
+ runNextTest();
+ }
+ myXHR.onerror = function(e) {
+ ok(false, "could not query results from server (" + e.message + ")");
+ SimpleTest.finish();
+ }
+ myXHR.send();
+
+ // give it some time and load the testpage
+ SimpleTest.executeSoon(loadTestPage);
+}
+
+SimpleTest.waitForExplicitFinish();
+runNextTest();
+
+</script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 22:32:59 +0000