Skip to content

Commit bb1e0a0

Browse files
authored
Merge pull request #20881 from mozilla/fix-waf-header-config-page
fix(functional-tests): register WAF bypass header on the browser context
2 parents 6208b05 + 818ec22 commit bb1e0a0

3 files changed

Lines changed: 50 additions & 37 deletions

File tree

packages/functional-tests/lib/fixtures/standard.ts

Lines changed: 3 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,12 @@ import { BaseTarget } from '../targets/base';
1717
import { TestAccountTracker } from '../testAccountTracker';
1818
import { PasskeyPage } from '../../pages/passkey';
1919
import { GleanEventsHelper } from '../glean';
20+
import { addWafBypassHeader } from '../waf';
2021
import { existsSync, readFileSync } from 'fs';
2122
import { join, dirname, basename } from 'path';
2223

24+
export { addWafBypassHeader };
25+
2326
// The DEBUG env is used to debug without the playwright inspector, like in vscode
2427
// see .vscode/launch.json
2528
const DEBUG = !!process.env.DEBUG;
@@ -35,42 +38,6 @@ export type TestOptions = {
3538
};
3639
export type WorkerOptions = { targetName: TargetName; target: ServerTarget };
3740

38-
const CI_WAF_TOKEN = process.env.CI_WAF_TOKEN;
39-
40-
/**
41-
* Adds a route handler that injects the WAF bypass header on requests to
42-
* FXA-owned domains only, leaving third-party origins (Stripe, hCaptcha)
43-
* untouched. No-op when CI_WAF_TOKEN is unset.
44-
*/
45-
export async function addWafBypassHeader(page: Page, target: BaseTarget) {
46-
if (!CI_WAF_TOKEN) {
47-
if (target.name === 'stage' || target.name === 'production') {
48-
// eslint-disable-next-line no-console
49-
console.warn(
50-
`⚠ CI_WAF_TOKEN is not set for target "${target.name}". Requests may be blocked by the WAF.`
51-
);
52-
}
53-
return;
54-
}
55-
const fxaDomains = [
56-
new URL(target.contentServerUrl).host,
57-
new URL(target.authServerUrl).host,
58-
new URL(target.paymentsNextUrl).host,
59-
new URL(target.relierUrl).host,
60-
];
61-
const pattern = new RegExp(
62-
fxaDomains.map((d) => d.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')
63-
);
64-
await page.route(pattern, async (route) => {
65-
await route.continue({
66-
headers: {
67-
...route.request().headers(),
68-
'fxa-ci': CI_WAF_TOKEN,
69-
},
70-
});
71-
});
72-
}
73-
7441
export const test = base.extend<TestOptions, WorkerOptions>({
7542
targetName: ['local', { scope: 'worker', option: true }],
7643

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
/* This Source Code Form is subject to the terms of the Mozilla Public
2+
* License, v. 2.0. If a copy of the MPL was not distributed with this
3+
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4+
5+
import { Page } from '@playwright/test';
6+
import { BaseTarget } from './targets/base';
7+
8+
const CI_WAF_TOKEN = process.env.CI_WAF_TOKEN;
9+
10+
/**
11+
* Adds a route handler that injects the WAF bypass header on requests to
12+
* FXA-owned domains only, leaving third-party origins (Stripe, hCaptcha)
13+
* untouched. No-op when CI_WAF_TOKEN is unset.
14+
*
15+
* Registered on the browser context, so it also covers pages opened later
16+
* (e.g. `context().newPage()` in ConfigPage.getConfig), not just this page.
17+
*/
18+
export async function addWafBypassHeader(page: Page, target: BaseTarget) {
19+
if (!CI_WAF_TOKEN) {
20+
if (target.name === 'stage' || target.name === 'production') {
21+
// eslint-disable-next-line no-console
22+
console.warn(
23+
`⚠ CI_WAF_TOKEN is not set for target "${target.name}". Requests may be blocked by the WAF.`
24+
);
25+
}
26+
return;
27+
}
28+
const fxaDomains = [
29+
new URL(target.contentServerUrl).host,
30+
new URL(target.authServerUrl).host,
31+
new URL(target.paymentsNextUrl).host,
32+
new URL(target.relierUrl).host,
33+
];
34+
const pattern = new RegExp(
35+
fxaDomains.map((d) => d.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')
36+
);
37+
await page.context().route(pattern, async (route) => {
38+
await route.continue({
39+
headers: {
40+
...route.request().headers(),
41+
'fxa-ci': CI_WAF_TOKEN,
42+
},
43+
});
44+
});
45+
}

packages/functional-tests/pages/config.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@ export class ConfigPage extends BaseLayout {
99

1010
async getConfig() {
1111
if (!this.config) {
12-
// Create a new page
12+
// Create a new page. The WAF bypass header is registered on the browser
13+
// context (see addWafBypassHeader), so this page inherits it.
1314
const page = await this.page.context().newPage();
1415

1516
await page.goto(this.baseUrl);

0 commit comments

Comments
 (0)