Bug 1904870 - [devtools] Add test for local script override with CSP r=devtools-reviewers,bomsy

Depends on D217029 Differential Revision: https://phabricator.services.mozilla.com/D217030
2024-11-23 21:01:08 +00:00 · 2024-07-26 12:33:14 +00:00 · 2024-07-26 12:33:14 +00:00 · 57c8aa3275
commit 57c8aa3275
parent 6584a1f3dc
5 changed files with 113 additions and 10 deletions
--- a/devtools/shared/network-observer/test/browser/browser.toml
+++ b/devtools/shared/network-observer/test/browser/browser.toml
@ -3,11 +3,13 @@ tags = "devtools"
 subsuite = "devtools"
 support-files = [
  "head.js",
+  "csp_script_to_override.js",
  "doc_network-observer-missing-service-worker.html",
  "doc_network-observer.html",
  "gzipped.sjs",
  "override.html",
  "override.js",
+  "override_script_src_self.html",
  "serviceworker.js",
  "sjs_network-auth-listener-test-server.sjs",
  "sjs_network-observer-test-server.sjs",
--- a/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js
+++ b/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js
@ -4,8 +4,10 @@
 "use strict";

 const TEST_URL = URL_ROOT + "doc_network-observer.html";
+const TEST_URL_CSP = URL_ROOT + "override_script_src_self.html";
 const REQUEST_URL =
  URL_ROOT + `sjs_network-observer-test-server.sjs?sts=200&fmt=html`;
+const CSP_SCRIPT_TO_OVERRIDE = URL_ROOT + "csp_script_to_override.js";
 const GZIPPED_REQUEST_URL = URL_ROOT + `gzipped.sjs`;
 const OVERRIDE_FILENAME = "override.js";
 const OVERRIDE_HTML_FILENAME = "override.html";
@ -37,14 +39,14 @@ add_task(async function testLocalOverride() {
      const requestcontent = await request.text();
      is(
        requestcontent,
-        `"use strict";\ndocument.title = "evaluated";\n`,
+        `"use strict";\ndocument.title = "Override script loaded";\n`,
        "the request content has been overriden"
      );
      const secondRequest = await content.wrappedJSObject.fetch(_url);
      const secondRequestcontent = await secondRequest.text();
      is(
        secondRequestcontent,
-        `"use strict";\ndocument.title = "evaluated";\n`,
+        `"use strict";\ndocument.title = "Override script loaded";\n`,
        "the cached request content has been overriden"
      );
    }
@ -64,7 +66,7 @@ add_task(async function testLocalOverride() {
      await onLoad;
      is(
        content.document.title,
-        "evaluated",
+        "Override script loaded",
        "The <script> tag content has been overriden and correctly evaluated"
      );
    }
@ -139,15 +141,15 @@ add_task(async function testLocalOverrideGzipped() {
      const requestcontent = await request.text();
      is(
        requestcontent,
-        `"use strict";\ndocument.title = "evaluated";\n`,
-        "the request content has been overriden"
+        `"use strict";\ndocument.title = "Override script loaded";\n`,
+        "the request content for the gzipped script has been overriden"
      );
      const secondRequest = await content.wrappedJSObject.fetch(_url);
      const secondRequestcontent = await secondRequest.text();
      is(
        secondRequestcontent,
-        `"use strict";\ndocument.title = "evaluated";\n`,
-        "the cached request content has been overriden"
+        `"use strict";\ndocument.title = "Override script loaded";\n`,
+        "the cached request content for the gzipped script has been overriden"
      );
    }
  );
@ -165,8 +167,8 @@ add_task(async function testLocalOverrideGzipped() {
      await onLoad;
      is(
        content.document.title,
-        "evaluated",
-        "The <script> tag content has been overriden and correctly evaluated"
+        "Override script loaded",
+        "The <script> tag content for the gzipped script has been overriden and correctly evaluated"
      );
    }
  );
@ -175,3 +177,91 @@ add_task(async function testLocalOverrideGzipped() {

  networkObserver.destroy();
 });
+
+// Check that the override works even if the page uses script 'self' as CSP.
+add_task(async function testLocalOverrideCSP() {
+  await addTab(TEST_URL_CSP);
+
+  const url = CSP_SCRIPT_TO_OVERRIDE;
+  const browser = gBrowser.selectedBrowser;
+  const originalText = await getRequestText(url, browser);
+  is(
+    originalText,
+    `"use strict";\ndocument.title = "CSP script to override loaded";\n`,
+    "the request content for the CSP script is the original one"
+  );
+
+  let eventsCount = 0;
+  const networkObserver = new NetworkObserver({
+    ignoreChannelFunction: channel => channel.URI.spec !== url,
+    onNetworkEvent: event => {
+      info("received a network event");
+      eventsCount++;
+      return createNetworkEventOwner(event);
+    },
+  });
+
+  const overrideFile = getChromeDir(getResolvedURI(gTestPath));
+  overrideFile.append(OVERRIDE_FILENAME);
+  info(" override " + url + " to " + overrideFile.path + "\n");
+  networkObserver.override(url, overrideFile.path);
+
+  const overriddenText = await getRequestText(url, browser);
+  is(
+    overriddenText,
+    `"use strict";\ndocument.title = "Override script loaded";\n`,
+    "the request content for the CSP script has been overriden"
+  );
+  const cachedOverriddenText = await getRequestText(url, browser);
+  is(
+    cachedOverriddenText,
+    `"use strict";\ndocument.title = "Override script loaded";\n`,
+    "the cached request content for the CSP script has been overriden"
+  );
+
+  await SpecialPowers.spawn(browser, [url], async _url => {
+    const script = await content.document.createElement("script");
+    const onLoad = new Promise(resolve =>
+      script.addEventListener("load", resolve, { once: true })
+    );
+    script.src = _url;
+    content.document.body.appendChild(script);
+    await onLoad;
+    is(
+      content.document.title,
+      "Override script loaded",
+      "The <script> tag content  for the CSP script has been overriden and correctly evaluated"
+    );
+  });
+
+  await BrowserTestUtils.waitForCondition(() => eventsCount >= 1);
+
+  info("Remove the override for " + url);
+  networkObserver.removeOverride(url);
+  const restoredText = await getRequestText(url, browser);
+  is(
+    restoredText,
+    `"use strict";\ndocument.title = "CSP script to override loaded";\n`,
+    "the request content for the CSP script is back to the original one"
+  );
+
+  networkObserver.destroy();
+});
+
+/**
+ * Retrieve the text content for a request to the provided url, as fetched by
+ * the provided browser.
+ *
+ * @param {string} url
+ *     The URL of the request to fetch.
+ * @param {Browser} browser
+ *     The content browser where the request should be fetched.
+ * @returns {string}
+ *     The text content of the fetch request.
+ */
+async function getRequestText(url, browser) {
+  return SpecialPowers.spawn(browser, [url], async _url => {
+    const request = await content.wrappedJSObject.fetch(_url);
+    return await request.text();
+  });
+}
--- a/devtools/shared/network-observer/test/browser/csp_script_to_override.js
+++ b/devtools/shared/network-observer/test/browser/csp_script_to_override.js
@ -0,0 +1,2 @@
+"use strict";
+document.title = "CSP script to override loaded";
--- a/devtools/shared/network-observer/test/browser/override.js
+++ b/devtools/shared/network-observer/test/browser/override.js
@ -1,2 +1,2 @@
 "use strict";
-document.title = "evaluated";
+document.title = "Override script loaded";
--- a/devtools/shared/network-observer/test/browser/override_script_src_self.html
+++ b/devtools/shared/network-observer/test/browser/override_script_src_self.html
@ -0,0 +1,9 @@
+<html>
+  <head>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="script-src 'self'"
+    />
+  </head>
+  <body>Override test page with CSP</body>
+</html>