Open Bug 1580548 Opened 5 years ago Updated 2 years ago

Extend mochitest coverage for CSP navigate-to

Categories

(Core :: DOM: Security, task, P3)

task

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog1])

We should extend test-coverage for test_naviagate_to.html:
https://hg.mozilla.org/mozilla-central/diff/90b53eda6606ea56e4db7538588420d1db8c3e0d/dom/security/test/csp/test_navigate_to.html

by adding some more redirect tests.

Summary: Extend mochitest coverage of Origin Policy → Extend mochitest coverage for CSP navigate-to

For example, we want a test that can detect a navigation being blocked after the response has been received. Similar to the following:

{
   // Test path-sensitivity  with 'unsafe-allow-redirects'
   // Allowed to make the request, but blocked when the response is received. 
   result : "blocked",
   policy : "navigate-to 'unsafe-allow-redirects' http://www.example.com/tests/dom/security/test/csp/WRONG/",
   target : "http://www.example.com/tests/dom/security/test/csp/file_navigate_to_request.html"
},

While the navigation is being correctly blocked, this test fails on fission right now.

Severity: normal normal → S3 S3
You need to log in before you can comment on or make changes to this bug.