mozilla-central/browser/components/mozcachedohttp/test/unit/test_security_validation.js (file symbol)

Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

/* Any copyright is dedicated to the Public Domain.
"use strict";
/**
* Test that the protocol handler only accepts requests from privileged about content.
*/
add_task(async function test_privileged_about_content_only() {
const protocolHandler = new MozCachedOHTTPProtocolHandler();
const testURI = Services.io.newURI(
createTestOHTTPResourceURI("https://example.com/image.jpg")
);
// Test valid privileged about content using system principal for test
const systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
const aboutLoadInfo = NetUtil.newChannel({
uri: testURI,
loadingPrincipal: systemPrincipal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
}).loadInfo;
try {
const channel = protocolHandler.newChannel(testURI, aboutLoadInfo);
Assert.ok(channel, "Should accept requests from system principal in tests");
} catch (e) {
Assert.ok(false, `Should not throw for system principal: ${e.message}`);
}
// Test rejection of regular web content
const webURI = Services.io.newURI("https://example.com");
const webPrincipal = Services.scriptSecurityManager.createContentPrincipal(
webURI,
{}
);
// Create loadInfo using a different URI scheme to avoid calling our protocol handler
const httpURI = Services.io.newURI("https://example.com/web-test");
const webLoadInfo = NetUtil.newChannel({
uri: httpURI,
loadingPrincipal: webPrincipal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
}).loadInfo;
Assert.throws(
() => protocolHandler.newChannel(testURI, webLoadInfo),
/moz-cached-ohttp protocol only accessible from privileged about content/,
"Should reject requests from regular web content"
);
// Test rejection of non-about content
const mozURI = Services.io.newURI("moz-extension://test-extension-id/");
const mozPrincipal = Services.scriptSecurityManager.createContentPrincipal(
mozURI,
{}
);
// Create loadInfo using a different URI scheme to avoid calling our protocol handler
const httpURI2 = Services.io.newURI("https://example.com/moz-test");
const mozLoadInfo = NetUtil.newChannel({
uri: httpURI2,
loadingPrincipal: mozPrincipal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
}).loadInfo;
Assert.throws(
() => protocolHandler.newChannel(testURI, mozLoadInfo),
/moz-cached-ohttp protocol only accessible from privileged about content/,
"Should reject requests from extension content"
);
});
/**
* Test that the protocol handler's security context is preserved.
*/
add_task(async function test_security_context_preservation() {
const testURI = createTestOHTTPResourceURI("https://example.com/image.jpg");
const channel = createTestChannel(testURI);
// Verify that the channel preserves the security context
Assert.ok(channel.loadInfo, "Channel should have loadInfo");
Assert.ok(
channel.loadInfo.loadingPrincipal,
"Channel should have loading principal"
);
const loadingPrincipal = channel.loadInfo.loadingPrincipal;
Assert.ok(
loadingPrincipal.isSystemPrincipal,
"Loading principal should be system principal in tests"
);
// Verify security flags are preserved
Assert.equal(
channel.loadInfo.securityFlags,
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
"Security flags should be preserved"
);
// Verify content policy type
Assert.equal(
channel.loadInfo.externalContentPolicyType,
Ci.nsIContentPolicy.TYPE_OTHER,
"Content policy type should be preserved"
);
});