Closed
Bug 1139667
Opened 10 years ago
Closed 10 years ago
CSP test for TYPE_FETCH
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox39 | --- | fixed |
People
(Reporter: nsm, Assigned: nsm)
References
Details
Attachments
(2 files)
5.93 KB,
patch
|
tanvi
:
feedback+
ckerschb
:
feedback+
|
Details | Diff | Splinter Review |
4.77 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
Like XHR the Fetch API's fetch() function (uses csp type TYPE_FETCH) has connect-src directives. This test is a copy of the XHR test using the fetch() function.
https://fetch.spec.whatwg.org/#concept-request-context-frame-type (see table for "fetch" and "xmlhttprequest")
Assignee | ||
Updated•10 years ago
|
Attachment #8572912 -
Attachment is patch: true
Attachment #8572912 -
Flags: review?(tanvi)
Comment 1•10 years ago
|
||
Comment on attachment 8572912 [details] [diff] [review]
test
Hi Nikhil,
Looked over the test and it looks fine to me, but since this is a CSP test we should probably have Christoph review it.
Attachment #8572912 -
Flags: review?(tanvi)
Attachment #8572912 -
Flags: review?(mozilla)
Attachment #8572912 -
Flags: feedback+
Comment 2•10 years ago
|
||
Comment on attachment 8572912 [details] [diff] [review]
test
Review of attachment 8572912 [details] [diff] [review]:
-----------------------------------------------------------------
Nikhil, from a first glance it looks like you could incorporate your test into test_connect-src.html. The only difference I see is that you are loading a different html file for fetch, right? I think it would be great if you could just add an additional argument (e.g. url:) to the test-objects here:
http://mxr.mozilla.org/mozilla-central/source/dom/base/test/csp/test_connect-src.html?force=1#30
and add your three tests to the end. That should be an easy change - does that sound ok to you?
Thanks for providing the testcase.
var tests = [
{
url: file_connect-src.html
result : "allowed",
policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888"
},
...
{
url: file_connect-src-fetch.html
result : "allowed",
policy : "default-src 'none' script-src 'unsafe-inline'; connect-src http://mochi.test:8888"
},
...
Attachment #8572912 -
Flags: review?(mozilla) → feedback+
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → nsm.nikhil
Status: NEW → ASSIGNED
Comment 4•10 years ago
|
||
Comment on attachment 8573420 [details] [diff] [review]
CSP tests for fetch()
Review of attachment 8573420 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks for the test and thanks for updating it!
::: dom/base/test/csp/test_connect-src.html
@@ +26,5 @@
> SimpleTest.waitForExplicitFinish();
>
> var tests = [
> {
> + url: "tests/dom/base/test/csp/file_connect-src.html",
you could have left the path portion in the setup undeneath, e.g.
src += "?file=" + escape(""tests/dom/base/test/csp/" + tests[counter].url);
but what you have is fine with me too :-)
Attachment #8573420 -
Flags: review?(mozilla) → review+
Assignee | ||
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•