From 220a840c7e0c9e1b0d650044ae4048cdd53e6f26 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Fri, 6 Oct 2023 19:25:46 -0700 Subject: [PATCH] tests: add additional tests for loading with sandbox + requiresubdomainiframe ensure 'requiresubdomainiframe' works, doesn't allow loading directly --- package.json | 3 ++- playwright.config.js | 8 +++++++- tests/embed/index-sandbox.html | 19 +++++++++++++++++++ tests/embed/index.html | 2 ++ tests/embed/sandbox/index.html | 22 ++++++++++++++++++++++ tests/embeds.spec.js | 22 ++++++++++++++++++++++ 6 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 tests/embed/index-sandbox.html create mode 100644 tests/embed/sandbox/index.html diff --git a/package.json b/package.json index e64fb967..e73e8fc4 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,8 @@ "build-docs": "bundle install; bundle exec jekyll build", "start-dev": "webpack serve --mode development", "start-prod": "http-server -p 9990 --cors", - "start-test-embed": "cd tests/embed; http-server -p 8020", + "test-start-embed": "cd tests/embed; http-server -p 8020", + "test-start-sandbox": "cd tests/embed/sandbox; http-server -p 8030", "pack": "CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder --publish never", "pack-signed": "electron-builder", "start-electron": "NODE_ENV=development electron ./dist/electron.js $1", diff --git a/playwright.config.js b/playwright.config.js index ecd0487a..cbc47390 100644 --- a/playwright.config.js +++ b/playwright.config.js @@ -9,10 +9,16 @@ export default defineConfig({ reuseExistingServer: !process.env.CI, }, { - command: 'yarn run start-test-embed', + command: 'yarn run test-start-embed', url: 'http://127.0.0.1:8020', timeout: 120 * 1000, reuseExistingServer: !process.env.CI, }, + { + command: 'yarn run test-start-sandbox', + url: 'http://127.0.0.1:8030', + timeout: 120 * 1000, + reuseExistingServer: !process.env.CI, + } ] }); diff --git a/tests/embed/index-sandbox.html b/tests/embed/index-sandbox.html new file mode 100644 index 00000000..ee1be186 --- /dev/null +++ b/tests/embed/index-sandbox.html @@ -0,0 +1,19 @@ + + + + + + + + + + + + diff --git a/tests/embed/index.html b/tests/embed/index.html index 9033f645..65d84404 100644 --- a/tests/embed/index.html +++ b/tests/embed/index.html @@ -1,9 +1,11 @@ + diff --git a/tests/embed/sandbox/index.html b/tests/embed/sandbox/index.html new file mode 100644 index 00000000..37bba18b --- /dev/null +++ b/tests/embed/sandbox/index.html @@ -0,0 +1,22 @@ + + + + + + + + + + + diff --git a/tests/embeds.spec.js b/tests/embeds.spec.js index d37dc24d..efafeb5e 100644 --- a/tests/embeds.spec.js +++ b/tests/embeds.spec.js @@ -18,3 +18,25 @@ test("cross-domain embed is loading", async ({ page }) => { await expect(res).toContainText("Want to help"); }); + + +test("sandbox + cross-domain embed is loading", async ({ page }) => { + await page.goto("http://localhost:8030/"); + + const sandboxFrame = page.locator("iframe"); + await expect(await sandboxFrame.getAttribute("src")).toBe("http://localhost:8020/index-sandbox.html"); + + const res = page.frameLocator("iframe").locator("replay-web-page").frameLocator("iframe").locator("replay-app-main wr-coll wr-coll-replay").frameLocator("iframe").frameLocator("iframe#twitter-widget-0").locator("body"); + + await expect(res).toContainText("Want to help"); +}); + + +test("require subdomain iframe", async ({ page }) => { + // load directly, should be blocked + await page.goto("http://localhost:8020/index-sandbox.html"); + + const res = page.locator("replay-web-page"); + + await expect(res).toContainText("Sorry, due to security settings, this ReplayWeb.page embed only be viewed within a subdomain iframe."); +});