[tor-commits] [tor-browser] 21/46: Bug 1790311 - update WPT tests for request headers in XHR/Fetch. r=necko-reviewers, valentin, a=dmeehan
gitolite role
git at cupani.torproject.org
Wed Nov 16 20:43:01 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch base-browser-102.5.0esr-12.0-1
in repository tor-browser.
commit 2453c172d732cad1029ffff721509a4a64795547
Author: sunil mayya <smayya at mozilla.com>
AuthorDate: Tue Oct 25 09:50:08 2022 +0000
Bug 1790311 - update WPT tests for request headers in XHR/Fetch. r=necko-reviewers,valentin, a=dmeehan
Depends on D157729
Differential Revision: https://phabricator.services.mozilla.com/D158257
---
.../api/basic/request-forbidden-headers.any.js | 54 ++++++++++++++++++++++
.../xhr/setrequestheader-header-forbidden.htm | 52 +++++++++++++++++++++
2 files changed, 106 insertions(+)
diff --git a/testing/web-platform/tests/fetch/api/basic/request-forbidden-headers.any.js b/testing/web-platform/tests/fetch/api/basic/request-forbidden-headers.any.js
index 5d85c4e62d32..fa5e277abe2f 100644
--- a/testing/web-platform/tests/fetch/api/basic/request-forbidden-headers.any.js
+++ b/testing/web-platform/tests/fetch/api/basic/request-forbidden-headers.any.js
@@ -16,6 +16,21 @@ function requestForbiddenHeaders(desc, forbiddenHeaders) {
}, desc);
}
+function requestValidOverrideHeaders(desc, validHeaders) {
+ var url = RESOURCES_DIR + "inspect-headers.py";
+ var requestInit = {"headers": validHeaders}
+ var urlParameters = "?headers=" + Object.keys(validHeaders).join("|");
+
+ promise_test(function(test){
+ return fetch(url + urlParameters, requestInit).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ for (var header in validHeaders)
+ assert_equals(resp.headers.get("x-request-" + header), validHeaders[header], header + "is not skipped for non-forbidden methods");
+ });
+ }, desc);
+}
+
requestForbiddenHeaders("Accept-Charset is a forbidden request header", {"Accept-Charset": "utf-8"});
requestForbiddenHeaders("Accept-Encoding is a forbidden request header", {"Accept-Encoding": ""});
@@ -41,3 +56,42 @@ requestForbiddenHeaders("Proxy- is a forbidden request header", {"Proxy-": "valu
requestForbiddenHeaders("Proxy-Test is a forbidden request header", {"Proxy-Test": "value"});
requestForbiddenHeaders("Sec- is a forbidden request header", {"Sec-": "value"});
requestForbiddenHeaders("Sec-Test is a forbidden request header", {"Sec-Test": "value"});
+
+let forbiddenMethods = [
+ "TRACE",
+ "TRACK",
+ "CONNECT",
+ "trace",
+ "track",
+ "connect",
+ "trace,",
+ "GET,track ",
+ " connect",
+];
+
+let overrideHeaders = [
+ "x-http-method-override",
+ "x-http-method",
+ "x-method-override",
+ "X-HTTP-METHOD-OVERRIDE",
+ "X-HTTP-METHOD",
+ "X-METHOD-OVERRIDE",
+];
+
+for (forbiddenMethod of forbiddenMethods) {
+ for (overrideHeader of overrideHeaders) {
+ requestForbiddenHeaders(`header ${overrideHeader} is forbidden to use value ${forbiddenMethod}`, {[overrideHeader]: forbiddenMethod});
+ }
+}
+
+let permittedValues = [
+ "GETTRACE",
+ "GET",
+ "\",TRACE\",",
+];
+
+for (permittedValue of permittedValues) {
+ for (overrideHeader of overrideHeaders) {
+ requestValidOverrideHeaders(`header ${overrideHeader} is allowed to use value ${permittedValue}`, {[overrideHeader]: permittedValue});
+ }
+}
diff --git a/testing/web-platform/tests/xhr/setrequestheader-header-forbidden.htm b/testing/web-platform/tests/xhr/setrequestheader-header-forbidden.htm
index cc24d94499cc..0b273776bc10 100644
--- a/testing/web-platform/tests/xhr/setrequestheader-header-forbidden.htm
+++ b/testing/web-platform/tests/xhr/setrequestheader-header-forbidden.htm
@@ -37,6 +37,58 @@
client.setRequestHeader("Sec-X", "TEST")
client.send(null)
assert_equals(client.responseText, "")
+ })
+
+ test (function() {
+
+ let forbiddenMethods = [
+ "TRACE",
+ "TRACK",
+ "CONNECT",
+ "trace",
+ "track",
+ "connect",
+ "trace,",
+ "GET,track ",
+ " connect",
+ ];
+
+ let overrideHeaders = [
+ "x-http-method-override",
+ "x-http-method",
+ "x-method-override",
+ "X-HTTP-METHOD-OVERRIDE",
+ "X-HTTP-METHOD",
+ "X-METHOD-OVERRIDE",
+ ];
+
+ for (forbiddenMethod of forbiddenMethods) {
+ for (overrideHeader of overrideHeaders) {
+ var client = new XMLHttpRequest()
+ client.open("POST",
+ `resources/inspect-headers.py?filter_value=${forbiddenMethod}`, false)
+ client.setRequestHeader(overrideHeader, forbiddenMethod)
+ client.send(null)
+ assert_equals(client.responseText, "")
+ }
+ }
+
+ let permittedValues = [
+ "GETTRACE",
+ "GET",
+ "\",TRACE\",",
+ ];
+
+ for (permittedValue of permittedValues) {
+ for (overrideHeader of overrideHeaders) {
+ var client = new XMLHttpRequest()
+ client.open("POST",
+ `resources/inspect-headers.py?filter_name=${overrideHeader}`, false)
+ client.setRequestHeader(overrideHeader, permittedValue)
+ client.send(null)
+ assert_equals(client.responseText, overrideHeader + ": " + permittedValue + "\n")
+ }
+ }
})
</script>
</body>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list