mirror of
https://github.com/microsoft/playwright.git
synced 2024-12-14 13:45:36 +03:00
104 lines
4.0 KiB
JavaScript
104 lines
4.0 KiB
JavaScript
/**
|
|
* Copyright 2018 Google Inc. All rights reserved.
|
|
* Modifications copyright (c) Microsoft Corporation.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
const utils = require('./utils');
|
|
const {FFOX, CHROMIUM, WEBKIT, MAC, CHANNEL, HEADLESS} = testOptions;
|
|
const {devices} = require('..');
|
|
|
|
it('should bypass CSP meta tag', async({browser, server}) => {
|
|
// Make sure CSP prohibits addScriptTag.
|
|
{
|
|
const context = await browser.newContext();
|
|
const page = await context.newPage();
|
|
await page.goto(server.PREFIX + '/csp.html');
|
|
await page.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
|
|
expect(await page.evaluate(() => window.__injected)).toBe(undefined);
|
|
await context.close();
|
|
}
|
|
|
|
// By-pass CSP and try one more time.
|
|
{
|
|
const context = await browser.newContext({ bypassCSP: true });
|
|
const page = await context.newPage();
|
|
await page.goto(server.PREFIX + '/csp.html');
|
|
await page.addScriptTag({content: 'window.__injected = 42;'});
|
|
expect(await page.evaluate(() => window.__injected)).toBe(42);
|
|
await context.close();
|
|
}
|
|
});
|
|
|
|
it('should bypass CSP header', async({browser, server}) => {
|
|
// Make sure CSP prohibits addScriptTag.
|
|
server.setCSP('/empty.html', 'default-src "self"');
|
|
|
|
{
|
|
const context = await browser.newContext();
|
|
const page = await context.newPage();
|
|
await page.goto(server.EMPTY_PAGE);
|
|
await page.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
|
|
expect(await page.evaluate(() => window.__injected)).toBe(undefined);
|
|
await context.close();
|
|
}
|
|
|
|
// By-pass CSP and try one more time.
|
|
{
|
|
const context = await browser.newContext({ bypassCSP: true });
|
|
const page = await context.newPage();
|
|
await page.goto(server.EMPTY_PAGE);
|
|
await page.addScriptTag({content: 'window.__injected = 42;'});
|
|
expect(await page.evaluate(() => window.__injected)).toBe(42);
|
|
await context.close();
|
|
}
|
|
});
|
|
|
|
it('should bypass after cross-process navigation', async({browser, server}) => {
|
|
const context = await browser.newContext({ bypassCSP: true });
|
|
const page = await context.newPage();
|
|
await page.goto(server.PREFIX + '/csp.html');
|
|
await page.addScriptTag({content: 'window.__injected = 42;'});
|
|
expect(await page.evaluate(() => window.__injected)).toBe(42);
|
|
|
|
await page.goto(server.CROSS_PROCESS_PREFIX + '/csp.html');
|
|
await page.addScriptTag({content: 'window.__injected = 42;'});
|
|
expect(await page.evaluate(() => window.__injected)).toBe(42);
|
|
await context.close();
|
|
});
|
|
|
|
it('should bypass CSP in iframes as well', async({browser, server}) => {
|
|
// Make sure CSP prohibits addScriptTag in an iframe.
|
|
{
|
|
const context = await browser.newContext();
|
|
const page = await context.newPage();
|
|
await page.goto(server.EMPTY_PAGE);
|
|
const frame = await utils.attachFrame(page, 'frame1', server.PREFIX + '/csp.html');
|
|
await frame.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
|
|
expect(await frame.evaluate(() => window.__injected)).toBe(undefined);
|
|
await context.close();
|
|
}
|
|
|
|
// By-pass CSP and try one more time.
|
|
{
|
|
const context = await browser.newContext({ bypassCSP: true });
|
|
const page = await context.newPage();
|
|
await page.goto(server.EMPTY_PAGE);
|
|
const frame = await utils.attachFrame(page, 'frame1', server.PREFIX + '/csp.html');
|
|
await frame.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
|
|
expect(await frame.evaluate(() => window.__injected)).toBe(42);
|
|
await context.close();
|
|
}
|
|
});
|