def test_connect_src_xhr_allowed(browser, header, meta): """ Test sending xhr is allowed if CSP is "connect-src 'self'" """ policy = "connect-src 'self'" params = "xhr=true" server = Server(config['server_address'], config['server_port']) server.update_log_pointer() url = generate_test_url(policy, header=header, meta=meta, allow=True, fixture_url='connect-src', params=params) page = TestResultPage(browser).open(url) res = page.get_test_results() assert (res == 'Pass') assert server.is_request_received('get', '/ping')
def test_form_action_allowed(browser, header, meta, method): """ Test submitting a form is allowed if CSP is "form-action 'self'" """ policy = "form-action 'self'" params = "method={0}".format(method) server = Server(config['server_address'], config['server_port']) server.update_log_pointer() url = generate_test_url(policy, header=header, meta=meta, allow=True, fixture_url='form-action', params=params) form_page = FormActionPage(browser).open(url) echo_page = form_page.submit_form() assert echo_page.on_page(wait_for_page_to_load=True) assert server.is_request_received(method, '/echo', ignore_query=True)
def test_font_src_blocked(browser, header, meta): """ Test loading fonts is blocked if CSP is "font-src 'none'" """ policy = "connect-src 'none'" params = "xhr=true" server = Server(config['server_address'], config['server_port']) server.update_log_pointer() url = generate_test_url(policy, header=header, meta=meta, allow=False, fixture_url='connect-src', params=params) page = TestResultPage(browser).open(url) res = page.get_test_results() assert (res == 'Pass') assert not server.is_request_received('get', '/ping')
def test_connect_src_websocket_allowed(browser, header, meta): """ Test websocket connection is allowed if CSP is "connect-src ws://127.0.0.1:8000" """ policy = "connect-src ws://127.0.0.1:8000" params = "websocket=true" server = Server(config['server_address'], config['server_port']) server.update_log_pointer() url = generate_test_url(policy, header=header, meta=meta, allow=True, fixture_url='connect-src', params=params) page = TestResultPage(browser).open(url) res = page.get_test_results() assert (res == 'Pass') assert server.is_request_received('get', '/echo')
def test_connect_src_event_src_blocked(browser, header, meta): """ Test calls to EventSource is blocked if CSP is "connect-src 'none'" TODO: fix failing tests for Firefox """ policy = "connect-src 'none'" params = "event=true" server = Server(config['server_address'], config['server_port']) server.update_log_pointer() url = generate_test_url(policy, header=header, meta=meta, allow=False, fixture_url='connect-src', params=params) page = TestResultPage(browser).open(url) res = page.get_test_results() assert (res == 'Pass') assert not server.is_request_received('get', '/events')