144 lines
4.6 KiB
JavaScript
144 lines
4.6 KiB
JavaScript
/* Any copyright is dedicated to the Public Domain.
|
|
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
|
|
|
"use strict";
|
|
|
|
// This test checks if we are correctly fixing https URLs by prefixing
|
|
// with www. when we encounter a SSL_ERROR_BAD_CERT_DOMAIN error.
|
|
// For example, https://example.com -> https://www.example.com.
|
|
|
|
async function verifyErrorPage(errorPageURL, feltPrivacy = false) {
|
|
let certErrorLoaded = BrowserTestUtils.waitForErrorPage(
|
|
gBrowser.selectedBrowser
|
|
);
|
|
BrowserTestUtils.startLoadingURIString(gBrowser, errorPageURL);
|
|
await certErrorLoaded;
|
|
|
|
await SpecialPowers.spawn(
|
|
gBrowser.selectedBrowser,
|
|
[feltPrivacy],
|
|
async isFeltPrivacy => {
|
|
let ec;
|
|
if (isFeltPrivacy) {
|
|
let netErrorCard =
|
|
content.document.querySelector("net-error-card").wrappedJSObject;
|
|
await netErrorCard.getUpdateComplete();
|
|
netErrorCard.advancedButton.click();
|
|
await ContentTaskUtils.waitForCondition(() => {
|
|
return (ec = netErrorCard.errorCode);
|
|
}, "Error code has been set inside the net-error-card advanced panel");
|
|
|
|
is(
|
|
ec.textContent.split(" ").at(-1),
|
|
"SSL_ERROR_BAD_CERT_DOMAIN",
|
|
"Correct error code is shown"
|
|
);
|
|
} else {
|
|
await ContentTaskUtils.waitForCondition(() => {
|
|
ec = content.document.getElementById("errorCode");
|
|
return ec.textContent;
|
|
}, "Error code has been set inside the advanced button panel");
|
|
is(
|
|
ec.textContent,
|
|
"SSL_ERROR_BAD_CERT_DOMAIN",
|
|
"Correct error code is shown"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
// Turn off the pref and ensure that we show the error page as expected.
|
|
add_task(async function testNoFixupDisabledByPref() {
|
|
for (let feltPrivacyEnabled of [true, false]) {
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [
|
|
["security.bad_cert_domain_error.url_fix_enabled", false],
|
|
["security.certerrors.felt-privacy-v1", feltPrivacyEnabled],
|
|
],
|
|
});
|
|
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
|
|
|
|
await verifyErrorPage(
|
|
"https://badcertdomain.example.com",
|
|
feltPrivacyEnabled
|
|
);
|
|
await verifyErrorPage(
|
|
"https://www.badcertdomain2.example.com",
|
|
feltPrivacyEnabled
|
|
);
|
|
|
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
|
await SpecialPowers.popPrefEnv();
|
|
}
|
|
});
|
|
|
|
// Test that "www." is prefixed to a https url when we encounter a bad cert domain
|
|
// error if the "www." form is included in the certificate's subjectAltNames.
|
|
add_task(async function testAddPrefixForBadCertDomain() {
|
|
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
|
|
let loadSuccessful = BrowserTestUtils.browserLoaded(
|
|
gBrowser.selectedBrowser,
|
|
false,
|
|
"https://www.badcertdomain.example.com/"
|
|
);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
gBrowser,
|
|
"https://badcertdomain.example.com"
|
|
);
|
|
await loadSuccessful;
|
|
|
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
|
});
|
|
|
|
// Test that we don't prefix "www." to a https url when we encounter a bad cert domain
|
|
// error under certain conditions.
|
|
add_task(async function testNoFixupCases() {
|
|
for (let feltPrivacyEnabled of [true, false]) {
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [["security.certerrors.felt-privacy-v1", feltPrivacyEnabled]],
|
|
});
|
|
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
|
|
|
|
// Test for when "www." form is not present in the certificate.
|
|
await verifyErrorPage(
|
|
"https://mismatch.badcertdomain.example.com",
|
|
feltPrivacyEnabled
|
|
);
|
|
|
|
// Test that urls with IP addresses are not fixed.
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [["network.proxy.allow_hijacking_localhost", true]],
|
|
});
|
|
await verifyErrorPage("https://127.0.0.3:433", feltPrivacyEnabled);
|
|
await SpecialPowers.popPrefEnv();
|
|
|
|
// Test that urls with ports are not fixed.
|
|
await verifyErrorPage(
|
|
"https://badcertdomain.example.com:82",
|
|
feltPrivacyEnabled
|
|
);
|
|
|
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
|
|
|
await SpecialPowers.popPrefEnv();
|
|
}
|
|
});
|
|
|
|
// Test removing "www." prefix if the "www."-less form is included in the
|
|
// certificate's subjectAltNames.
|
|
add_task(async function testRemovePrefixForBadCertDomain() {
|
|
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
|
|
let loadSuccessful = BrowserTestUtils.browserLoaded(
|
|
gBrowser.selectedBrowser,
|
|
false,
|
|
"https://badcertdomain2.example.com/"
|
|
);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
gBrowser,
|
|
"https://www.badcertdomain2.example.com"
|
|
);
|
|
await loadSuccessful;
|
|
|
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
|
});
|