Closed Bug 1139667 Opened 10 years ago Closed 10 years ago

CSP test for TYPE_FETCH

Categories

(Core :: DOM: Core & HTML, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla39
Tracking Status
firefox39 --- fixed

People

(Reporter: nsm, Assigned: nsm)

References

Details

Attachments

(2 files)

Attached patch testSplinter Review
Like XHR the Fetch API's fetch() function (uses csp type TYPE_FETCH) has connect-src directives. This test is a copy of the XHR test using the fetch() function. https://fetch.spec.whatwg.org/#concept-request-context-frame-type (see table for "fetch" and "xmlhttprequest")
Attachment #8572912 - Attachment is patch: true
Attachment #8572912 - Flags: review?(tanvi)
Comment on attachment 8572912 [details] [diff] [review] test Hi Nikhil, Looked over the test and it looks fine to me, but since this is a CSP test we should probably have Christoph review it.
Attachment #8572912 - Flags: review?(tanvi)
Attachment #8572912 - Flags: review?(mozilla)
Attachment #8572912 - Flags: feedback+
Comment on attachment 8572912 [details] [diff] [review] test Review of attachment 8572912 [details] [diff] [review]: ----------------------------------------------------------------- Nikhil, from a first glance it looks like you could incorporate your test into test_connect-src.html. The only difference I see is that you are loading a different html file for fetch, right? I think it would be great if you could just add an additional argument (e.g. url:) to the test-objects here: http://mxr.mozilla.org/mozilla-central/source/dom/base/test/csp/test_connect-src.html?force=1#30 and add your three tests to the end. That should be an easy change - does that sound ok to you? Thanks for providing the testcase. var tests = [ { url: file_connect-src.html result : "allowed", policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888" }, ... { url: file_connect-src-fetch.html result : "allowed", policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888" }, ...
Attachment #8572912 - Flags: review?(mozilla) → feedback+
Assignee: nobody → nsm.nikhil
Status: NEW → ASSIGNED
Comment on attachment 8573420 [details] [diff] [review] CSP tests for fetch() Review of attachment 8573420 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for the test and thanks for updating it! ::: dom/base/test/csp/test_connect-src.html @@ +26,5 @@ > SimpleTest.waitForExplicitFinish(); > > var tests = [ > { > + url: "tests/dom/base/test/csp/file_connect-src.html", you could have left the path portion in the setup undeneath, e.g. src += "?file=" + escape(""tests/dom/base/test/csp/" + tests[counter].url); but what you have is fine with me too :-)
Attachment #8573420 - Flags: review?(mozilla) → review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: