aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--content/haketilo_apis.js28
-rw-r--r--test/haketilo_test/unit/test_haketilo_apis.py67
2 files changed, 95 insertions, 0 deletions
diff --git a/content/haketilo_apis.js b/content/haketilo_apis.js
index 36e987d..772e843 100644
--- a/content/haketilo_apis.js
+++ b/content/haketilo_apis.js
@@ -43,7 +43,35 @@
*/
#FROM common/browser.js IMPORT browser
+#FROM common/misc.js IMPORT error_data_jsonifiable
+
+async function on_CORS_bypass(event) {
+ const name = "haketilo_CORS_bypass";
+
+ console.warn("delme event", event.detail);
+
+ if (typeof event.detail.id !== "string" ||
+ typeof event.detail.data !== "string") {
+ console.error(`Haketilo: Invalid detail for ${name}:`,
+ event.detail);
+ return;
+ }
+
+ try {
+ const data = JSON.parse(event.detail.data);
+ var result = await browser.runtime.sendMessage(["CORS_bypass", data]);
+ if (result === undefined)
+ throw new Error("Couldn't communicate with Haketilo background script.");
+ } catch(e) {
+ var result = {error: error_data_jsonifiable(e)};
+ }
+
+ const response_name = `${name}-${event.detail.id}`;
+ const detail = JSON.stringify(result);
+ window.dispatchEvent(new CustomEvent(response_name, {detail}));
+}
function start() {
+ window.addEventListener("haketilo_CORS_bypass", on_CORS_bypass);
}
#EXPORT start
diff --git a/test/haketilo_test/unit/test_haketilo_apis.py b/test/haketilo_test/unit/test_haketilo_apis.py
new file mode 100644
index 0000000..7dca4db
--- /dev/null
+++ b/test/haketilo_test/unit/test_haketilo_apis.py
@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: CC0-1.0
+
+"""
+Haketilo unit tests - exposing some special functionalities to injected scripts
+"""
+
+# This file is part of Haketilo
+#
+# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the CC0 1.0 Universal License as published by
+# the Creative Commons Corporation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# CC0 1.0 Universal License for more details.
+
+import pytest
+import json
+from selenium.webdriver.support.ui import WebDriverWait
+
+from ..script_loader import load_script
+from ..world_wide_library import some_data
+
+def content_script():
+ return load_script('content/haketilo_apis.js') + ';\nstart();'
+
+def background_script():
+ return load_script('background/CORS_bypass_server.js') + ';\nstart();'
+
+@pytest.mark.ext_data({
+ 'content_script': content_script,
+ 'background_script': background_script
+})
+@pytest.mark.usefixtures('webextension')
+def test_haketilo_apis_CORS_bypass(driver):
+ """
+ Verify injected scripts will be able to bypass CORS with the help of
+ Haketilo API.
+ """
+ driver.get('https://gotmyowndoma.in/')
+ driver.execute_script(
+ '''
+ const fetch_arg = {
+ url: "https://anotherdoma.in/resource/blocked/by/CORS.json",
+ init: {}
+ };
+
+ const detail = {
+ data: JSON.stringify(fetch_arg),
+ id: "abcdef"
+ };
+
+ window.addEventListener("haketilo_CORS_bypass-abcdef",
+ e => window.__response = e.detail);
+ window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
+ ''')
+
+ get_response = lambda d: d.execute_script("return window.__response;")
+ response = WebDriverWait(driver, 10).until(get_response)
+ response = json.loads(response)
+
+ assert response['body'] == some_data.encode().hex()
+ assert response['status'] == 200
+ assert type(response['headers']) is list