summaryrefslogtreecommitdiff
path: root/test/unit/test_CORS_bypass_server.py
blob: 45e4ebb5bb2b7839ed816dac0186102dfb6e0ff6 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# SPDX-License-Identifier: CC0-1.0

"""
Haketilo unit tests - routing HTTP requests through background script
"""

# This file is part of Haketilo
#
# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the CC0 1.0 Universal License as published by
# the Creative Commons Corporation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# CC0 1.0 Universal License for more details.

import pytest
import json
from selenium.webdriver.support.ui import WebDriverWait

from ..script_loader import load_script
from ..world_wide_library import some_data

urls = {
    'resource': 'https://anotherdoma.in/resource/blocked/by/CORS.json',
    'nonexistent': 'https://nxdoma.in/resource.json',
    'invalid': 'w3csucks://invalid.url/'
}

content_script = '''\
const urls = %s;

function fetch_data(url) {
    return {
        url,
        to_get: ["ok", "status"],
        to_call: ["text", "json"]
    };
}

async function fetch_resources() {
    const results = {};
    const promises = [];
    for (const [name, url] of Object.entries(urls)) {
        const sending = browser.runtime.sendMessage(["CORS_bypass",
                                                     fetch_data(url)]);
        promises.push(sending.then(response => results[name] = response));
    }

    await Promise.all(promises);

    window.wrappedJSObject.haketilo_fetch_results = results;
}

fetch_resources();
'''

content_script = content_script % json.dumps(urls);

@pytest.mark.ext_data({
    'content_script': content_script,
    'background_script':
    lambda: load_script('background/CORS_bypass_server.js') + '; start();'
})
@pytest.mark.usefixtures('webextension')
def test_CORS_bypass_server(driver, execute_in_page):
    """
    Test if CORS bypassing works and if errors get properly forwarded.
    """
    driver.get('https://gotmyowndoma.in/')

    # First, verify that requests without CORS bypass measures fail.
    results = execute_in_page(
        '''
        const result = {};
        let promises = [];
        for (const [name, url] of Object.entries(arguments[0])) {
            const [ok_cb, err_cb] =
                ["ok", "err"].map(status => () => result[name] = status);
            promises.push(fetch(url).then(ok_cb, err_cb));
        }
        // Make the promises non-failing.
        promises = promises.map(p => new Promise(cb => p.then(cb, cb)));
        returnval(Promise.all(promises).then(() => result));
        ''',
        {**urls, 'sameorigin': './nonexistent_resource'})

    assert results == dict([*[(k, 'err') for k in urls.keys()],
                            ('sameorigin', 'ok')])

    done = lambda d: d.execute_script('return window.haketilo_fetch_results;')
    results = WebDriverWait(driver, 10).until(done)

    assert set(results['invalid'].keys()) == {'error'}

    assert set(results['nonexistent'].keys()) == \
        {'ok', 'status', 'text', 'error_json'}
    assert results['nonexistent']['ok'] == False
    assert results['nonexistent']['status'] == 404
    assert results['nonexistent']['text'] == 'Handler for this URL not found.'

    assert set(results['resource'].keys()) == {'ok', 'status', 'text', 'json'}
    assert results['resource']['ok'] == True
    assert results['resource']['status'] == 200
    assert results['resource']['text'] == some_data
    assert results['resource']['json'] == json.loads(some_data)