def test_connect_src_xhr_allowed(browser, header, meta):
"""
Test sending xhr is allowed if CSP is "connect-src 'self'"
"""
policy = "connect-src 'self'"
params = "xhr=true"
server = Server(config['server_address'], config['server_port'])
server.update_log_pointer()
url = generate_test_url(policy, header=header, meta=meta, allow=True,
fixture_url='connect-src', params=params)
page = TestResultPage(browser).open(url)
res = page.get_test_results()
assert (res == 'Pass')
assert server.is_request_received('get', '/ping')
def test_form_action_allowed(browser, header, meta, method):
"""
Test submitting a form is allowed if CSP is "form-action 'self'"
"""
policy = "form-action 'self'"
params = "method={0}".format(method)
server = Server(config['server_address'], config['server_port'])
server.update_log_pointer()
url = generate_test_url(policy, header=header, meta=meta, allow=True,
fixture_url='form-action', params=params)
form_page = FormActionPage(browser).open(url)
echo_page = form_page.submit_form()
assert echo_page.on_page(wait_for_page_to_load=True)
assert server.is_request_received(method, '/echo', ignore_query=True)
def test_font_src_blocked(browser, header, meta):
"""
Test loading fonts is blocked if CSP is "font-src 'none'"
"""
policy = "connect-src 'none'"
params = "xhr=true"
server = Server(config['server_address'], config['server_port'])
server.update_log_pointer()
url = generate_test_url(policy, header=header, meta=meta, allow=False,
fixture_url='connect-src', params=params)
page = TestResultPage(browser).open(url)
res = page.get_test_results()
assert (res == 'Pass')
assert not server.is_request_received('get', '/ping')
def test_connect_src_websocket_allowed(browser, header, meta):
"""
Test websocket connection is allowed if
CSP is "connect-src ws://127.0.0.1:8000"
"""
policy = "connect-src ws://127.0.0.1:8000"
params = "websocket=true"
server = Server(config['server_address'], config['server_port'])
server.update_log_pointer()
url = generate_test_url(policy, header=header, meta=meta, allow=True,
fixture_url='connect-src', params=params)
page = TestResultPage(browser).open(url)
res = page.get_test_results()
assert (res == 'Pass')
assert server.is_request_received('get', '/echo')
def test_connect_src_event_src_blocked(browser, header, meta):
"""
Test calls to EventSource is blocked if CSP is "connect-src 'none'"
TODO: fix failing tests for Firefox
"""
policy = "connect-src 'none'"
params = "event=true"
server = Server(config['server_address'], config['server_port'])
server.update_log_pointer()
url = generate_test_url(policy, header=header, meta=meta, allow=False,
fixture_url='connect-src', params=params)
page = TestResultPage(browser).open(url)
res = page.get_test_results()
assert (res == 'Pass')
assert not server.is_request_received('get', '/events')