forked from cypress-io/cypress
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathweb_security_spec.js
110 lines (100 loc) · 2.58 KB
/
web_security_spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
const systemTests = require('../lib/system-tests').default
const onServer = function (app) {
app.get('/link', (req, res) => {
res.send('<html><h1>link</h1><a href=\'https://www.foo.com:44665/cross_origin\'>second</a></html>')
})
app.get('/cross_origin', (req, res) => {
res.send('<html><h1>cross origin</h1></html>')
})
app.get('/form', (req, res) => {
res.send(`\
<html>
<h1>form</h1>
<form method='POST' action='https://www.foo.com:44665/submit'>
<input type='submit' name='foo' value='bar' />
</form>
</html>\
`)
})
app.post('/submit', (req, res) => {
res.redirect('https://www.foo.com:44665/cross_origin')
})
app.get('/javascript', (req, res) => {
res.send(`\
<html>
<script type='text/javascript'>
window.redirect = function(){
window.location.href = 'https://www.foo.com:44665/cross_origin'
}
</script>
<h1>javascript</h1>
<button onclick='redirect()'>click me</button>
</html>\
`)
})
app.get('/cors', (req, res) => {
res.send(`<script>
fetch('https://www.foo.com:44665/cross_origin')
.then((res) => res.text())
.then(text => {
if (text.includes('cross origin')) document.write('success!')
})
.catch(err => document.write(err.message))
</script>`)
})
}
describe('e2e web security', () => {
systemTests.setup({
servers: [{
port: 4466,
onServer,
}, {
port: 44665,
https: true,
onServer,
}],
settings: {
hosts: {
'*.foo.com': '127.0.0.1',
'*.bar.com': '127.0.0.1',
'*.foobar.com': '127.0.0.1',
},
e2e: {},
},
})
context('when enabled', () => {
systemTests.it('fails', {
browser: '!webkit', // TODO(webkit): fix+unskip
spec: 'web_security.cy.js',
config: {
pageLoadTimeout: 5000,
},
snapshot: true,
expectedExitCode: 4,
})
})
context('when disabled', () => {
systemTests.it('passes', {
spec: 'web_security.cy.js',
config: {
chromeWebSecurity: false,
},
snapshot: true,
browser: ['chrome', 'electron'],
})
})
context('firefox', () => {
systemTests.it('displays warning when firefox and chromeWebSecurity:false', {
spec: 'simple_passing.cy.js',
snapshot: true,
// TODO(webkit): run this test in webkit
browser: 'firefox',
config: {
chromeWebSecurity: false,
},
onStdout (stdout) {
expect(stdout).include('Your project has set the configuration option: `chromeWebSecurity` to `false`.\n\nThis option will not have an effect in Firefox.')
},
})
})
})