Home Explore Help
Register Sign In
Apq
/
markdown-viewer
mirror of https://github.com/simov/markdown-viewer.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2bd235c5ba
Branches Tags
markdown-viewer
/
test
/
advanced-csp.js

advanced-csp.js 8.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 
  1. 

  2. var t = require('assert')
    3. 

  3. 

  4. 

  5. module.exports = ({browser, extensions, popup, advanced, content}) => {
    6. 

  6. 

  7.   before(async () => {
    8. 

  8.     // add origin
    9. 

  9.     await advanced.bringToFront()
    10. 

  10.     await advanced.select('.m-select', 'http')
    11. 

  11.     await advanced.type('[type=text]', 'localhost:3000')
    12. 

  12.     await advanced.click('button')
    13. 

  13. 

  14.     // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    15. 

  15.     // await advanced.waitFor(() => document.querySelectorAll('.m-list li').length === 2)
    16. 

  16.     await advanced.waitFor(200)
    17. 

  17. 

  18.     // expand origin
    19. 

  19.     if (!await advanced.evaluate(() =>
    20. 

  20.       document.querySelector('.m-list li:nth-of-type(2)')
    21. 

  21.         .classList.contains('m-exapanded')))
    22. 

  22.     {
    23. 

  23.       await advanced.click('.m-list li:nth-of-type(2)')
    24. 

  24.     }
    25. 

  25. 

  26.     // disable csp
    27. 

  27.     if (await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    28. 

  28.       await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    29. 

  29.     }
    30. 

  30. 

  31.     // enable path matching
    32. 

  32.     await advanced.evaluate(() => {
    33. 

  33.       document.querySelector('.m-list li:nth-of-type(2) input')
    34. 

  34.         .value = 'csp-match-path'
    35. 

  35.       document.querySelector('.m-list li:nth-of-type(2) input')
    36. 

  36.         .dispatchEvent(new Event('keyup'))
    37. 

  37.     })
    38. 

  38.     // there is debounce timeout of 750ms in the options UI
    39. 

  39.     await advanced.waitFor(800)
    40. 

  40.   })
    41. 

  41. 

  42.   describe('preserve state', () => {
    43. 

  43.     it('options page', async () => {
    44. 

  44.       await advanced.bringToFront()
    45. 

  45. 

  46.       // enable csp
    47. 

  47.       if (!await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    48. 

  48.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    49. 

  49.       }
    50. 

  50.       await advanced.reload()
    51. 

  51. 

  52.       // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    53. 

  53.       // await advanced.waitFor('#options')
    54. 

  54.       // await advanced.waitFor(100)
    55. 

  55.       await advanced.waitFor(200)
    56. 

  56. 

  57.       // expand origin
    58. 

  58.       await advanced.click('.m-list li:nth-of-type(2)')
    59. 

  59. 

  60.       t.strictEqual(
    61. 

  61.         await advanced.evaluate(() =>
    62. 

  62.           document.querySelector('.m-list li:nth-of-type(2) .m-switch')
    63. 

  63.             .classList.contains('is-checked')
    64. 

  64.         ),
    65. 

  65.         true,
    66. 

  66.         'csp checkbox should be enabled'
    67. 

  67.       )
    68. 

  68. 

  69.       // disable csp
    70. 

  70.       if (await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    71. 

  71.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    72. 

  72.       }
    73. 

  73.       await advanced.reload()
    74. 

  74.       // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    75. 

  75.       // await advanced.waitFor('#options')
    76. 

  76.       // await advanced.waitFor(100)
    77. 

  77.       await advanced.waitFor(200)
    78. 

  78. 

  79.       // expand origin
    80. 

  80.       await advanced.click('.m-list li:nth-of-type(2)')
    81. 

  81. 

  82.       t.strictEqual(
    83. 

  83.         await advanced.evaluate(() =>
    84. 

  84.           document.querySelector('.m-list li:nth-of-type(2) .m-switch')
    85. 

  85.             .classList.contains('is-checked')
    86. 

  86.         ),
    87. 

  87.         false,
    88. 

  88.         'csp checkbox should be disabled'
    89. 

  89.       )
    90. 

  90.     })
    91. 

  91.   })
    92. 

  92. 

  93.   describe('strip csp header only on matching content type or url', () => {
    94. 

  94.     it('non matching urls should be skipped', async () => {
    95. 

  95.       await advanced.bringToFront()
    96. 

  96. 

  97.       // expand origin
    98. 

  98.       if (!await advanced.evaluate(() =>
    99. 

  99.         document.querySelector('.m-list li:nth-of-type(2)')
    100. 

  100.           .classList.contains('m-exapanded')))
    101. 

  101.       {
    102. 

  102.         await advanced.click('.m-list li:nth-of-type(2)')
    103. 

  103.       }
    104. 

  104. 

  105.       // enable csp
    106. 

  106.       if (!await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    107. 

  107.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    108. 

  108.       }
    109. 

  109. 

  110.       // go to page serving content with strict csp
    111. 

  111.       await content.goto('http://localhost:3000/csp-wrong-path')
    112. 

  112.       await content.bringToFront()
    113. 

  113.       // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    114. 

  114.       // await content.waitFor('pre')
    115. 

  115.       await advanced.waitFor(200)
    116. 

  116. 

  117.       t.strictEqual(
    118. 

  118.         await content.evaluate(() => {
    119. 

  119.           try {
    120. 

  120.             window.localStorage
    121. 

  121.           }
    122. 

  122.           catch (err) {
    123. 

  123.             return err.message.split(':')[1].trim()
    124. 

  124.           }
    125. 

  125.         }),
    126. 

  126.         `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
    127. 

  127.         'localStorage should not be accessible'
    128. 

  128.       )
    129. 

  129.     })
    130. 

  130.   })
    131. 

  131. 

  132.   describe('enable csp', () => {
    133. 

  133.     it('webRequest.onHeadersReceived event is enabled', async () => {
    134. 

  134.       await advanced.bringToFront()
    135. 

  135. 

  136.       // expand origin
    137. 

  137.       if (!await advanced.evaluate(() =>
    138. 

  138.         document.querySelector('.m-list li:nth-of-type(2)')
    139. 

  139.           .classList.contains('m-exapanded')))
    140. 

  140.       {
    141. 

  141.         await advanced.click('.m-list li:nth-of-type(2)')
    142. 

  142.       }
    143. 

  143. 

  144.       // enable csp
    145. 

  145.       if (!await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    146. 

  146.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    147. 

  147.       }
    148. 

  148. 

  149.       // go to page serving content with strict csp
    150. 

  150.       await content.goto('http://localhost:3000/csp-match-path')
    151. 

  151.       await content.bringToFront()
    152. 

  152.       await content.waitFor('#_html')
    153. 

  153. 

  154.       t.strictEqual(
    155. 

  155.         await content.evaluate(() =>
    156. 

  156.           window.localStorage.toString()
    157. 

  157.         ),
    158. 

  158.         '[object Storage]',
    159. 

  159.         'localStorage should be accessible'
    160. 

  160.       )
    161. 

  161.     })
    162. 

  162.   })
    163. 

  163. 

  164.   describe('disable csp', () => {
    165. 

  165.     it('webRequest.onHeadersReceived event is disabled', async () => {
    166. 

  166.       await advanced.bringToFront()
    167. 

  167. 

  168.       // expand origin
    169. 

  169.       if (!await advanced.evaluate(() =>
    170. 

  170.         document.querySelector('.m-list li:nth-of-type(2)')
    171. 

  171.           .classList.contains('m-exapanded')))
    172. 

  172.       {
    173. 

  173.         await advanced.click('.m-list li:nth-of-type(2)')
    174. 

  174.       }
    175. 

  175. 

  176.       // disable csp
    177. 

  177.       if (await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    178. 

  178.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    179. 

  179.       }
    180. 

  180. 

  181.       // go to page serving content with strict csp
    182. 

  182.       await content.goto('http://localhost:3000/csp-match-path')
    183. 

  183.       await content.bringToFront()
    184. 

  184. 

  185.       // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    186. 

  186.       // await content.waitFor('#_html')
    187. 

  187.       await advanced.waitFor(200)
    188. 

  188. 

  189.       t.strictEqual(
    190. 

  190.         await content.evaluate(() => {
    191. 

  191.           try {
    192. 

  192.             window.localStorage
    193. 

  193.           }
    194. 

  194.           catch (err) {
    195. 

  195.             return err.message.split(':')[1].trim()
    196. 

  196.           }
    197. 

  197.         }),
    198. 

  198.         `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
    199. 

  199.         'localStorage should not be accessible'
    200. 

  200.       )
    201. 

  201.     })
    202. 

  202.   })
    203. 

  203. 

  204.   describe('enable csp + suspend the event page', () => {
    205. 

  205.     it('the tab is reloaded on event page wakeup', async () => {
    206. 

  206.       await advanced.bringToFront()
    207. 

  207. 

  208.       // expand origin
    209. 

  209.       if (!await advanced.evaluate(() =>
    210. 

  210.         document.querySelector('.m-list li:nth-of-type(2)')
    211. 

  211.           .classList.contains('m-exapanded')))
    212. 

  212.       {
    213. 

  213.         await advanced.click('.m-list li:nth-of-type(2)')
    214. 

  214.       }
    215. 

  215. 

  216.       // enable csp
    217. 

  217.       if (!await advanced.evaluate(() => state.origins['http://localhost:3000'].csp)) {
    218. 

  218.         await advanced.click('.m-list li:nth-of-type(2) .m-switch')
    219. 

  219.       }
    220. 

  220. 

  221.       await extensions.bringToFront()
    222. 

  222. 

  223.       // enable developer mode
    224. 

  224.       await extensions.evaluate(() => {
    225. 

  225.         Array.from(
    226. 

  226.           document.querySelector('extensions-manager').shadowRoot
    227. 

  227.             .querySelector('extensions-item-list').shadowRoot
    228. 

  228.             .querySelectorAll('extensions-item'))[0].shadowRoot
    229. 

  229.             .querySelector('#enable-toggle').click()
    230. 

  230.       })
    231. 

  231.       // disable the extension
    232. 

  232.       await extensions.evaluate(() => {
    233. 

  233.         Array.from(
    234. 

  234.           document.querySelector('extensions-manager').shadowRoot
    235. 

  235.             .querySelector('extensions-item-list').shadowRoot
    236. 

  236.             .querySelectorAll('extensions-item'))[0].shadowRoot
    237. 

  237.             .querySelector('#enable-toggle').click()
    238. 

  238.       })
    239. 

  239.       // check
    240. 

  240.       t.equal(
    241. 

  241.         await extensions.evaluate(() =>
    242. 

  242.           Array.from(
    243. 

  243.             document.querySelector('extensions-manager').shadowRoot
    244. 

  244.               .querySelector('extensions-item-list').shadowRoot
    245. 

  245.               .querySelectorAll('extensions-item'))[0].shadowRoot
    246. 

  246.               .querySelector('#inspect-views a').innerText
    247. 

  247.         ),
    248. 

  248.         'background page (Inactive)',
    249. 

  249.         'background page should be inactive'
    250. 

  250.       )
    251. 

  251. 

  252.       // go to page serving content with strict csp
    253. 

  253.       await content.goto('http://localhost:3000/csp-match-path')
    254. 

  254.       await content.bringToFront()
    255. 

  255. 

  256.       // TODO: wait for https://github.com/GoogleChrome/puppeteer/pull/2289
    257. 

  257.       // await content.waitFor('#_html')
    258. 

  258.       await content.waitFor(200)
    259. 

  259. 

  260.       t.strictEqual(
    261. 

  261.         await content.evaluate(() =>
    262. 

  262.           window.localStorage.toString()
    263. 

  263.         ),
    264. 

  264.         '[object Storage]',
    265. 

  265.         'localStorage should be accessible'
    266. 

  266.       )
    267. 

  267.     })
    268. 

  268.   })
    269. 

  269. 

  270. }
    271.