diff --git a/devtools/shared/network-observer/NetworkOverride.sys.mjs b/devtools/shared/network-observer/NetworkOverride.sys.mjs index 7f4820088d57..055b903eafbd 100644 --- a/devtools/shared/network-observer/NetworkOverride.sys.mjs +++ b/devtools/shared/network-observer/NetworkOverride.sys.mjs @@ -63,6 +63,13 @@ function overrideChannelWithFilePath(channel, path) { replacedHttpResponse.setResponseHeader("Content-Type", mimeType, false); } + // Allow all cross origin requests for overrides. + replacedHttpResponse.setResponseHeader( + "Access-Control-Allow-Origin", + "*", + false + ); + channel .QueryInterface(Ci.nsIHttpChannelInternal) .setResponseOverride(replacedHttpResponse); diff --git a/devtools/shared/network-observer/test/browser/browser.toml b/devtools/shared/network-observer/test/browser/browser.toml index 0df629c7fe1a..cf886a69f6a3 100644 --- a/devtools/shared/network-observer/test/browser/browser.toml +++ b/devtools/shared/network-observer/test/browser/browser.toml @@ -6,6 +6,7 @@ support-files = [ "csp_script_to_override.js", "doc_network-observer-missing-service-worker.html", "doc_network-observer.html", + "doc_network-observer.html^headers^", "gzipped.sjs", "override.html", "override.js", diff --git a/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js b/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js index 430debb5a081..ccb4c155453b 100644 --- a/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js +++ b/devtools/shared/network-observer/test/browser/browser_networkobserver_override.js @@ -2,11 +2,12 @@ http://creativecommons.org/publicdomain/zero/1.0/ */ "use strict"; - +requestLongerTimeout(3); const TEST_URL = URL_ROOT + "doc_network-observer.html"; const TEST_URL_CSP = URL_ROOT + "override_script_src_self.html"; const REQUEST_URL = - URL_ROOT + `sjs_network-observer-test-server.sjs?sts=200&fmt=html`; + URL_ROOT + `sjs_network-observer-test-server.sjs?sts=200&fmt=js`; +const CORS_REQUEST_URL = REQUEST_URL.replace("example.com", "plop.example.com"); const CSP_SCRIPT_TO_OVERRIDE = URL_ROOT + "csp_script_to_override.js"; const GZIPPED_REQUEST_URL = URL_ROOT + `gzipped.sjs`; const OVERRIDE_FILENAME = "override.js"; @@ -17,7 +18,8 @@ add_task(async function testLocalOverride() { let eventsCount = 0; const networkObserver = new NetworkObserver({ - ignoreChannelFunction: channel => channel.URI.spec !== REQUEST_URL, + ignoreChannelFunction: channel => + ![REQUEST_URL, CORS_REQUEST_URL].includes(channel.URI.spec), onNetworkEvent: event => { info("received a network event"); eventsCount++; @@ -57,7 +59,7 @@ add_task(async function testLocalOverride() { gBrowser.selectedBrowser, [REQUEST_URL], async _url => { - const script = await content.document.createElement("script"); + const script = content.document.createElement("script"); const onLoad = new Promise(resolve => script.addEventListener("load", resolve, { once: true }) ); @@ -72,6 +74,31 @@ add_task(async function testLocalOverride() { } ); + info(`Assert that JS scripts with crossorigin="anonymous" can be overriden`); + networkObserver.override(CORS_REQUEST_URL, overrideFile.path); + + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [CORS_REQUEST_URL], + async _url => { + content.document.title = "title before crossorigin=anonymous evaluation"; + const script = content.document.createElement("script"); + script.setAttribute("crossorigin", "anonymous"); + script.crossOrigin = "anonymous"; + const onLoad = new Promise(resolve => + script.addEventListener("load", resolve, { once: true }) + ); + script.src = _url; + content.document.body.appendChild(script); + await onLoad; + is( + content.document.title, + "Override script loaded", + `The