93 lines
2.5 KiB
HTML
93 lines
2.5 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<!--
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=713980
|
|
-->
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Test for Bug 713980</title>
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
|
|
<!-- Load a cross-origin webfont without CORS (common pain point -->
|
|
<style>
|
|
@font-face {
|
|
font-family: "bad_cross_origin_webfont";
|
|
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
|
}
|
|
div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<pre id="test">
|
|
|
|
<script class="testbody" type="text/javascript">
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
var tests = {
|
|
font : {
|
|
uri_test : "font_bad",
|
|
result : null
|
|
},
|
|
xhr : {
|
|
uri_test : "http://invalid",
|
|
result : null
|
|
},
|
|
}
|
|
|
|
function testsComplete() {
|
|
for (var testName in tests) {
|
|
var test = tests[testName];
|
|
if (test.result == null)
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
SpecialPowers.registerConsoleListener(function CORSMsgListener(aMsg) {
|
|
if (!/Cross-Origin Request Blocked/.test(aMsg.message))
|
|
return;
|
|
|
|
for (var testName in tests) {
|
|
var test = tests[testName];
|
|
if (test.result != null)
|
|
continue;
|
|
|
|
var testRegexp = new RegExp(test.uri_test);
|
|
if (testRegexp.test(aMsg.message)) {
|
|
test.result = true;
|
|
ok(true, "Got \"Cross-site request blocked\" warning message for " + testName);
|
|
ok(aMsg.category == "CORS", "Got warning message with category \"" + aMsg.category + "\", expected \"CORS\"");
|
|
// Got the message we wanted - make sure it is destined for a valid inner window
|
|
ok(aMsg.windowID != 0, "Valid (non-zero) windowID for the cross-site request blocked message.");
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (testsComplete()) {
|
|
SimpleTest.executeSoon(cleanup);
|
|
}
|
|
});
|
|
|
|
function cleanup() {
|
|
SpecialPowers.postConsoleSentinel();
|
|
SimpleTest.finish();
|
|
}
|
|
|
|
// Send a cross-origin XHR request without CORS
|
|
var xhr = new XMLHttpRequest();
|
|
xhr.open("GET", "http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http://invalid", true);
|
|
xhr.send(null);
|
|
|
|
// Create a div that triggers a cross-origin webfont request
|
|
// We do this in Javascript in order to guarantee the console listener has
|
|
// already been registered; otherwise, there could be a race.
|
|
var badDiv = document.createElement('div');
|
|
badDiv.setAttribute('id', 'bad_webfont');
|
|
document.body.appendChild(badDiv);
|
|
</script>
|
|
|
|
</pre>
|
|
</body>
|
|
</html>
|