/ - Diff - Haketilo - Hydrilla issue tracker

« Previous | Next »

Revision fba67f09

Added by koszko over 1 year ago

ID fba67f09ddedda6182d35b2fa1478115dc766905
Parent 60c0b4fe
Child 007de0c0, 6cce0301

allow injected scripts to bypass CORS using provided API

      */
     #FROM common/browser.js IMPORT browser
     #FROM common/misc.js    IMPORT error_data_jsonifiable
     async function on_CORS_bypass(event) {
         const name = "haketilo_CORS_bypass";
         console.warn("delme event", event.detail);
         if (typeof event.detail.id   !== "string" ||
     	typeof event.detail.data !== "string") {
     	console.error(`Haketilo: Invalid detail for ${name}:`,
     		      event.detail);
     	return;
+        }
         try {
     	const data = JSON.parse(event.detail.data);
     	var result = await browser.runtime.sendMessage(["CORS_bypass", data]);
     	if (result === undefined)
     	    throw new Error("Couldn't communicate with Haketilo background script.");
         } catch(e) {
     	var result = {error: error_data_jsonifiable(e)};
+        }
         const response_name = `${name}-${event.detail.id}`;
         const detail = JSON.stringify(result);
         window.dispatchEvent(new CustomEvent(response_name, {detail}));
+    }
     function start() {
         window.addEventListener("haketilo_CORS_bypass", on_CORS_bypass);
+    }
     #EXPORT start

     # SPDX-License-Identifier: CC0-1.0
     """
     Haketilo unit tests - exposing some special functionalities to injected scripts
     """
     # This file is part of Haketilo
+    #
     # Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
+    #
     # This program is free software: you can redistribute it and/or modify
     # it under the terms of the CC0 1.0 Universal License as published by
     # the Creative Commons Corporation.
+    #
     # This program is distributed in the hope that it will be useful,
     # but WITHOUT ANY WARRANTY; without even the implied warranty of
     # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     # CC0 1.0 Universal License for more details.
     import pytest
     import json
     from selenium.webdriver.support.ui import WebDriverWait
     from ..script_loader import load_script
     from ..world_wide_library import some_data
     def content_script():
         return load_script('content/haketilo_apis.js') + ';\nstart();'
     def background_script():
         return load_script('background/CORS_bypass_server.js') + ';\nstart();'
     @pytest.mark.ext_data({
         'content_script': content_script,
         'background_script': background_script
     })
     @pytest.mark.usefixtures('webextension')
     def test_haketilo_apis_CORS_bypass(driver):
         """
         Verify injected scripts will be able to bypass CORS with the help of
         Haketilo API.
         """
         driver.get('https://gotmyowndoma.in/')
         driver.execute_script(
             '''
             const fetch_arg = {
                 url: "https://anotherdoma.in/resource/blocked/by/CORS.json",
                 init: {}
             };
             const detail = {
                 data: JSON.stringify(fetch_arg),
                 id:   "abcdef"
             };
             window.addEventListener("haketilo_CORS_bypass-abcdef",
                                     e => window.__response = e.detail);
             window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
             ''')
         get_response = lambda d: d.execute_script("return window.__response;")
         response = WebDriverWait(driver, 10).until(get_response)
         response = json.loads(response)
         assert response['body'] == some_data.encode().hex()
         assert response['status'] == 200
         assert type(response['headers']) is list

Also available in: Unified diff

Project

General

Profile

Haketilo

Revision fba67f09

Added by koszko over 1 year ago