/* Any copyright is dedicated to the Public Domain. * http://creativecommons.org/publicdomain/zero/1.0/ */ "use strict"; // We explicitly need HTTP URLs in this test /* eslint-disable @microsoft/sdl/no-insecure-url */ requestLongerTimeout(2); const TEST_PATH_HTTP = getRootDirectory(gTestPath).replace( "chrome://mochitests/content", "http://example.com" ); async function setPrefsAndResetFog( aHTTPSOnlyPref, aHTTPSFirstPref, aSchemeLessPref ) { Services.fog.testResetFOG(); await SpecialPowers.pushPrefEnv({ set: [ ["dom.security.https_only_mode", aHTTPSOnlyPref], ["dom.security.https_first", aHTTPSFirstPref], ["dom.security.https_first_schemeless", aSchemeLessPref], ], }); } function verifyGleanValues(aDescription, aExpected) { info(aDescription); let notInitialized = aExpected.notInitialized || null; let noUpgrade = aExpected.noUpgrade || null; let alreadyHTTPS = aExpected.alreadyHTTPS || null; let hsts = aExpected.hsts || null; let httpsOnlyUpgrade = aExpected.httpsOnlyUpgrade || null; let httpsOnlyUpgradeDowngrade = aExpected.httpsOnlyUpgradeDowngrade || null; let httpsFirstUpgrade = aExpected.httpsFirstUpgrade || null; let httpsFirstUpgradeDowngrade = aExpected.httpsFirstUpgradeDowngrade || null; let httpsFirstSchemelessUpgrade = aExpected.httpsFirstSchemelessUpgrade || null; let httpsFirstSchemelessUpgradeDowngrade = aExpected.httpsFirstSchemelessUpgradeDowngrade || null; let cspUpgradeInsecureRequests = aExpected.cspUpgradeInsecureRequests || null; let httpsRR = aExpected.httpsRR || null; let webExtensionUpgrade = aExpected.webExtensionUpgrade || null; let upgradeException = aExpected.upgradeException || null; let glean = Glean.networking.httpToHttpsUpgradeReason; is( glean.not_initialized.testGetValue(), notInitialized, "verify not_initialized" ); is(glean.no_upgrade.testGetValue(), noUpgrade, "verify no_upgrade"); is(glean.already_https.testGetValue(), alreadyHTTPS, "verify already_https"); is(glean.hsts.testGetValue(), hsts, "verify hsts"); is( glean.https_only_upgrade.testGetValue(), httpsOnlyUpgrade, "verify https_only_upgrade" ); is( glean.https_only_upgrade_downgrade.testGetValue(), httpsOnlyUpgradeDowngrade, "verify https_only_upgrade_downgrade" ); is( glean.https_first_upgrade.testGetValue(), httpsFirstUpgrade, "verify https_first_upgrade" ); is( glean.https_first_upgrade_downgrade.testGetValue(), httpsFirstUpgradeDowngrade, "verify https_first_upgrade_downgrade" ); is( glean.https_first_schemeless_upgrade.testGetValue(), httpsFirstSchemelessUpgrade, "verify https_first_schemeless_upgrade" ); is( glean.https_first_schemeless_upgrade_downgrade.testGetValue(), httpsFirstSchemelessUpgradeDowngrade, "verify https_first_schemeless_upgrade_downgrade" ); is( glean.csp_uir.testGetValue(), cspUpgradeInsecureRequests, "verify csp_uir" ); is(glean.https_rr.testGetValue(), httpsRR, "verify https_rr"); is( glean.web_extension_upgrade.testGetValue(), webExtensionUpgrade, "verify web_extension_upgrade" ); is( glean.upgrade_exception.testGetValue(), upgradeException, "verify upgrade_exception" ); } async function runUpgradeTest(aURI, aDesc, aAssertURLStartsWith) { await BrowserTestUtils.withNewTab("about:blank", async function (browser) { const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true); BrowserTestUtils.startLoadingURIString(browser, aURI); await loaded; await SpecialPowers.spawn( browser, [aDesc, aAssertURLStartsWith], async function (aDesc, aAssertURLStartsWith) { ok( content.document.location.href.startsWith(aAssertURLStartsWith), aDesc ); } ); await SpecialPowers.removePermission("https-only-load-insecure", aURI); }); } add_task(async function () { info("(1) verify view-source"); await setPrefsAndResetFog( false /* aHTTPSOnlyPref */, false /* aHTTPSFirstPref */, false /* aSchemeLessPref */ ); let random = Math.random(); await runUpgradeTest( "view-source:https://example.com?" + random, "(1) verify view-source", "view-source" ); verifyGleanValues("(1) verify view-source", { alreadyHTTPS: 1 }); }); add_task(async function () { info("(2) verify about: pages"); await setPrefsAndResetFog( false /* aHTTPSOnlyPref */, false /* aHTTPSFirstPref */, false /* aSchemeLessPref */ ); // about:credits resolves to https://www.mozilla.org/credits/ await runUpgradeTest("about:credits", "(2) verify about: pages", "https:"); verifyGleanValues("(2) verify about: pages", { alreadyHTTPS: 1 }); }); add_task(async function () { info("(3) verify top-level csp upgrade-insecure-requests"); await setPrefsAndResetFog( false /* aHTTPSOnlyPref */, false /* aHTTPSFirstPref */, false /* aSchemeLessPref */ ); let random = Math.random(); await BrowserTestUtils.withNewTab( TEST_PATH_HTTP + "file_https_telemetry_csp_uir.html?" + random, async function (browser) { let newTabPromise = BrowserTestUtils.waitForNewTab(gBrowser, null, true); BrowserTestUtils.synthesizeMouse( "#mylink", 2, 2, { accelKey: true }, browser ); let tab = await newTabPromise; is( tab.linkedBrowser.currentURI.scheme, "https", "Should have opened https page." ); BrowserTestUtils.removeTab(tab); } ); // we record 2 loads: // * the load for TEST_PATH_HTTP which results in "no_upgrade" // * the link click where CSP UIR upgrades the load to https verifyGleanValues("(3) verify top-level csp upgrade-insecure-requests", { noUpgrade: 1, cspUpgradeInsecureRequests: 1, }); });