153 lines
5.1 KiB
JavaScript
153 lines
5.1 KiB
JavaScript
// Bug 1625448 - HTTPS Only Mode - Tests for console logging
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1625448
|
|
// This test makes sure that the various console messages from the HTTPS-Only
|
|
// mode get logged to the console.
|
|
"use strict";
|
|
|
|
// Test Cases
|
|
// description: Description of what the subtests expects.
|
|
// expectLogLevel: Expected log-level of a message.
|
|
// expectIncludes: Expected substrings the message should contain.
|
|
let tests = [
|
|
{
|
|
description: "Top-Level upgrade should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.warn,
|
|
expectIncludes: [
|
|
"HTTPS-Only Mode: Upgrading insecure request",
|
|
"to use",
|
|
"file_console_logging.html",
|
|
],
|
|
},
|
|
{
|
|
description: "iFrame upgrade failure should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.error,
|
|
expectIncludes: [
|
|
"HTTPS-Only Mode: Upgrading insecure request",
|
|
"failed",
|
|
"file_console_logging.html",
|
|
],
|
|
},
|
|
{
|
|
description: "WebSocket upgrade should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.warn,
|
|
expectIncludes: [
|
|
"HTTPS-Only Mode: Upgrading insecure request",
|
|
"to use",
|
|
"ws://does.not.exist",
|
|
],
|
|
},
|
|
{
|
|
description: "Sub-Resource upgrade for file_1 should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.warn,
|
|
expectIncludes: ["Upgrading insecure", "request", "file_1.jpg"],
|
|
},
|
|
{
|
|
description: "Sub-Resource upgrade for file_2 should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.warn,
|
|
expectIncludes: ["Upgrading insecure", "request", "to use", "file_2.jpg"],
|
|
},
|
|
{
|
|
description: "Exempt request for file_exempt should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.info,
|
|
expectIncludes: [
|
|
"Not upgrading insecure request",
|
|
"because it is exempt",
|
|
"file_exempt.jpg",
|
|
],
|
|
},
|
|
{
|
|
description: "Sub-Resource upgrade failure for file_2 should get logged",
|
|
expectLogLevel: Ci.nsIConsoleMessage.error,
|
|
expectIncludes: ["Upgrading insecure request", "failed", "file_2.jpg"],
|
|
},
|
|
];
|
|
|
|
const testPathUpgradeable = getRootDirectory(gTestPath).replace(
|
|
"chrome://mochitests/content",
|
|
"http://example.com"
|
|
);
|
|
// DNS errors are not logged as HTTPS-Only Mode upgrade failures, so we have to
|
|
// upgrade to a domain that exists but fails.
|
|
const testPathNotUpgradeable = getRootDirectory(gTestPath).replace(
|
|
"chrome://mochitests/content",
|
|
"http://self-signed.example.com"
|
|
);
|
|
const kTestURISuccess = testPathUpgradeable + "file_console_logging.html";
|
|
const kTestURIFail = testPathNotUpgradeable + "file_console_logging.html";
|
|
const kTestURIExempt = testPathUpgradeable + "file_exempt.jpg";
|
|
|
|
const UPGRADE_DISPLAY_CONTENT =
|
|
"security.mixed_content.upgrade_display_content";
|
|
|
|
add_task(async function () {
|
|
// A longer timeout is necessary for this test than the plain mochitests
|
|
// due to opening a new tab with the web console.
|
|
requestLongerTimeout(4);
|
|
|
|
// Enable HTTPS-Only Mode and register console-listener
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [["dom.security.https_only_mode", true]],
|
|
});
|
|
Services.console.registerListener(on_new_message);
|
|
// 1. Upgrade page to https://
|
|
BrowserTestUtils.startLoadingURIString(
|
|
gBrowser.selectedBrowser,
|
|
kTestURISuccess
|
|
);
|
|
// 2. Make an exempt http:// request
|
|
let xhr = new XMLHttpRequest();
|
|
xhr.open("GET", kTestURIExempt, true);
|
|
xhr.channel.loadInfo.httpsOnlyStatus |= Ci.nsILoadInfo.HTTPS_ONLY_EXEMPT;
|
|
xhr.send();
|
|
// 3. Make Websocket request
|
|
new WebSocket("ws://does.not.exist");
|
|
|
|
await BrowserTestUtils.waitForCondition(() => tests.length === 0);
|
|
|
|
// Clean up
|
|
Services.console.unregisterListener(on_new_message);
|
|
});
|
|
|
|
function on_new_message(msgObj) {
|
|
const message = msgObj.message;
|
|
const logLevel = msgObj.logLevel;
|
|
|
|
// Bools about message and pref
|
|
const isMCL2Enabled = Services.prefs.getBoolPref(UPGRADE_DISPLAY_CONTENT);
|
|
const isHTTPSOnlyModeLog = message.includes("HTTPS-Only Mode:");
|
|
const isMCLog = message.includes("Mixed Content:");
|
|
|
|
// Check for messages about HTTPS-only upgrades (those should be unrelated to mixed content upgrades)
|
|
// or for mixed content upgrades which should only occur if security.mixed_content.upgrade_display_content is enabled
|
|
// (unrelated to https-only logs).
|
|
if (
|
|
(isHTTPSOnlyModeLog && !isMCLog) ||
|
|
(isMCLog && isMCL2Enabled && !isHTTPSOnlyModeLog)
|
|
) {
|
|
for (let i = 0; i < tests.length; i++) {
|
|
const testCase = tests[i];
|
|
// If security.mixed_content.upgrade_display_content is enabled, the mixed content control mechanism is upgrading file2.jpg
|
|
// and HTTPS-Only mode is not failing upgrading file2.jpg, so it won't be logged.
|
|
// so skip last test case
|
|
if (
|
|
testCase.description ==
|
|
"Sub-Resource upgrade failure for file_2 should get logged" &&
|
|
isMCL2Enabled
|
|
) {
|
|
tests.splice(i, 1);
|
|
continue;
|
|
}
|
|
// Check if log-level matches
|
|
if (logLevel !== testCase.expectLogLevel) {
|
|
continue;
|
|
}
|
|
// Check if all substrings are included
|
|
if (testCase.expectIncludes.some(str => !message.includes(str))) {
|
|
continue;
|
|
}
|
|
ok(true, testCase.description);
|
|
tests.splice(i, 1);
|
|
break;
|
|
}
|
|
}
|
|
}
|