| 30 |
30 |
def background_script():
|
| 31 |
31 |
return load_script('background/CORS_bypass_server.js') + ';\nstart();'
|
| 32 |
32 |
|
|
33 |
resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json'
|
|
34 |
|
| 33 |
35 |
@pytest.mark.ext_data({
|
| 34 |
36 |
'content_script': content_script,
|
| 35 |
37 |
'background_script': background_script
|
| ... | ... | |
| 41 |
43 |
Haketilo API.
|
| 42 |
44 |
"""
|
| 43 |
45 |
driver.get('https://gotmyowndoma.in/')
|
| 44 |
|
driver.execute_script(
|
|
46 |
|
|
47 |
# First, verify that it is impossible to normally fetch the resource.
|
|
48 |
with pytest.raises(Exception, match='NetworkError'):
|
|
49 |
driver.execute_script('return fetch(arguments[0]);', resource_url)
|
|
50 |
|
|
51 |
# First, verify that it is possible to fetch the resource using API.
|
|
52 |
response = driver.execute_script(
|
| 45 |
53 |
'''
|
| 46 |
54 |
const fetch_arg = {
|
| 47 |
|
url: "https://anotherdoma.in/resource/blocked/by/CORS.json",
|
| 48 |
|
init: {}
|
|
55 |
url: arguments[0],
|
|
56 |
init: {},
|
|
57 |
verify_that_nonstandard_properties_are_ignored: ":)"
|
| 49 |
58 |
};
|
| 50 |
59 |
|
| 51 |
60 |
const detail = {
|
| 52 |
61 |
data: JSON.stringify(fetch_arg),
|
| 53 |
|
id: "abcdef"
|
|
62 |
id: "abcdef",
|
|
63 |
nonstandard_properties_verify_that_ignored_are: ":o"
|
| 54 |
64 |
};
|
| 55 |
65 |
|
|
66 |
let cb, done = new Promise(_cb => cb = _cb);
|
| 56 |
67 |
window.addEventListener("haketilo_CORS_bypass-abcdef",
|
| 57 |
|
e => window.__response = e.detail);
|
|
68 |
e => cb(JSON.parse(e.detail)));
|
| 58 |
69 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
|
| 59 |
|
''')
|
| 60 |
70 |
|
| 61 |
|
get_response = lambda d: d.execute_script("return window.__response;")
|
| 62 |
|
response = WebDriverWait(driver, 10).until(get_response)
|
| 63 |
|
response = json.loads(response)
|
|
71 |
return done;
|
|
72 |
''',
|
|
73 |
resource_url)
|
| 64 |
74 |
|
| 65 |
75 |
assert response['body'] == some_data.encode().hex()
|
| 66 |
76 |
assert response['status'] == 200
|
| 67 |
77 |
assert type(response['headers']) is list
|
|
78 |
|
|
79 |
@pytest.mark.ext_data({
|
|
80 |
'content_script': content_script,
|
|
81 |
'background_script': background_script
|
|
82 |
})
|
|
83 |
@pytest.mark.usefixtures('webextension')
|
|
84 |
@pytest.mark.parametrize('error', [
|
|
85 |
'bad url',
|
|
86 |
'no_url',
|
|
87 |
'non_string_url',
|
|
88 |
'non_object_init',
|
|
89 |
'non_object_detail',
|
|
90 |
'non_string_id',
|
|
91 |
'non_string_data'
|
|
92 |
])
|
|
93 |
def test_haketilo_apis_CORS_bypass_errors(driver, error):
|
|
94 |
"""
|
|
95 |
Verify errors are returned properly by CORS_bypass API.
|
|
96 |
"""
|
|
97 |
data = {
|
|
98 |
'bad_url': {'url': 'muahahahaha', 'init': {}},
|
|
99 |
'no_url': {'init': {}},
|
|
100 |
'non_string_url': {'url': {}, 'init': {}},
|
|
101 |
'non_object_init': {'url': {}, 'init': ":d"},
|
|
102 |
}.get(error, {'url': resource_url, 'init': {}})
|
|
103 |
|
|
104 |
detail = {
|
|
105 |
'non_object_detail': '!!!',
|
|
106 |
'non_string_id': {'data': json.dumps(data), 'id': None},
|
|
107 |
'non_string_data': {'data': data, 'id': 'abcdef'}
|
|
108 |
}.get(error, {'data': json.dumps(data), 'id': 'abcdef'})
|
|
109 |
|
|
110 |
driver.get('https://gotmyowndoma.in/')
|
|
111 |
|
|
112 |
result = driver.execute_script(
|
|
113 |
'''
|
|
114 |
let cb, done = new Promise(_cb => cb = _cb);
|
|
115 |
window.addEventListener("haketilo_CORS_bypass-abcdef",
|
|
116 |
e => cb(JSON.parse(e.detail)));
|
|
117 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass",
|
|
118 |
{detail: arguments[0]}));
|
|
119 |
setTimeout(() => cb("timeout"), 5000);
|
|
120 |
|
|
121 |
return done;
|
|
122 |
''',
|
|
123 |
detail)
|
|
124 |
|
|
125 |
if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}:
|
|
126 |
assert result['error']['name'] == 'TypeError'
|
|
127 |
|
|
128 |
if error in {'non_object_detail', 'non_string_id', 'non_string_data'}:
|
|
129 |
assert result == 'timeout'
|
add more tests for CORS bypassing feature