File: test_bug_1725646.html

package info (click to toggle)
firefox 143.0.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,617,328 kB
  • sloc: cpp: 7,478,492; javascript: 6,417,157; ansic: 3,720,058; python: 1,396,372; xml: 627,523; asm: 438,677; java: 186,156; sh: 63,477; makefile: 19,171; objc: 13,059; perl: 12,983; yacc: 4,583; cs: 3,846; pascal: 3,405; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (97 lines) | stat: -rw-r--r-- 3,090 bytes parent folder | download | duplicates (12) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
<!DOCTYPE html>

<!--
  Description:

  1. We visit http://example.com/A
  2. HTTPS-First upgrades to https://example.com/A
  3. https://example.com/A redirects us to http://example.com/B, because we
     visit it via https
  4. HTTPS-First fails to upgrade to https://example.com/B as it gets redirected
     back to http, which means we set an HTTPS-Only/First exception for
     "http://example.com"
  5. http://example.com/B sends HTML informing the user that HTTPS is not
     supported, and redirecting the user back to http://example.com/A via
     window.location = "...".
  6. The load to http://example.com/A will not be upgraded again
  7. Subsequent visits of http://example.com/A will also not be upgraded
-->

<html>
  <head>
    <meta charset="utf-8" />
    <title>HTTPS-First-Mode - Simulate site similar to bom.gov.au</title>
    <script src="/tests/SimpleTest/SimpleTest.js"></script>
    <link rel="stylesheet" href="/tests/SimpleTest/test.css" />
  </head>
  <body>
    <script class="testbody" type="text/javascript">
      "use strict";
      /* eslint-disable @microsoft/sdl/no-insecure-url */

      const URL_A =
        "http://example.com/tests/dom/security/test/https-first/file_bug_1725646_a.sjs";
      const URL_B =
        "http://example.com/tests/dom/security/test/https-first/file_bug_1725646_b.sjs";

      SimpleTest.waitForExplicitFinish();

      let testWin;
      let messageNumber = 0;

      async function receiveMessage(event) {
        switch (messageNumber) {
          case 0:
            is(
              event.data.location,
              URL_B,
              "We should land on page B after being HTTP redirected"
            );
            break;

          case 1:
            is(
              event.data.location,
              URL_A,
              "We should land on page B after being redirected back through JS and not upgraded again"
            );
            ok(
              await SpecialPowers.testPermission(
                "https-only-load-insecure",
                SpecialPowers.Ci.nsIHttpsOnlyModePermission
                  .HTTPSFIRST_LOAD_INSECURE_ALLOW,
                URL_A
              ),
              "A temporary HTTPS-First exception should have been added for the site"
            );
            testWin.close();
            testWin = window.open(URL_A);
            break;

          case 2:
            is(event.data.location, URL_A, "We should directly land on page A");
            testWin.close();
            window.removeEventListener("message", this);
            await SpecialPowers.removePermission(
              "https-only-load-insecure",
              URL_A
            );
            SimpleTest.finish();
            break;

          default:
            throw Error("Received too many messages");
        }
        messageNumber++;
      }

      window.addEventListener("message", receiveMessage);

      SpecialPowers.pushPrefEnv({
        set: [["dom.security.https_first", true]],
      }).then(() => {
        testWin = window.open(URL_A);
      });
    </script>
  </body>
</html>