64 lines
1.8 KiB
JavaScript
64 lines
1.8 KiB
JavaScript
/* Any copyright is dedicated to the Public Domain.
|
|
https://creativecommons.org/publicdomain/zero/1.0/ */
|
|
|
|
"use strict";
|
|
|
|
// Test that HTTPS-Only takes precedence over schemeless HTTPS-First by checking
|
|
// that the HTTPSFIRST_LOAD_INSECURE_ALLOW permission is only respected on
|
|
// schemeless inputs when HTTPS-Only is disabled.
|
|
|
|
ChromeUtils.defineLazyGetter(this, "UrlbarTestUtils", () => {
|
|
const { UrlbarTestUtils: module } = ChromeUtils.importESModule(
|
|
"resource://testing-common/UrlbarTestUtils.sys.mjs"
|
|
);
|
|
module.init(this);
|
|
return module;
|
|
});
|
|
|
|
function runTest(aExpectedScheme, aDesc) {
|
|
return BrowserTestUtils.withNewTab("about:blank", async function (browser) {
|
|
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
|
|
await UrlbarTestUtils.promiseAutocompleteResultPopup({
|
|
window,
|
|
value: "example.com",
|
|
});
|
|
EventUtils.synthesizeKey("KEY_Enter");
|
|
await loaded;
|
|
|
|
is(browser.currentURI.scheme, aExpectedScheme, aDesc);
|
|
});
|
|
}
|
|
|
|
add_task(async function test_schemeless() {
|
|
Services.perms.addFromPrincipal(
|
|
Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
|
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
|
|
"http://example.com"
|
|
),
|
|
"https-only-load-insecure",
|
|
Ci.nsIHttpsOnlyModePermission.HTTPSFIRST_LOAD_INSECURE_ALLOW
|
|
);
|
|
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [
|
|
["dom.security.https_first", true],
|
|
["dom.security.https_first_schemeless", true],
|
|
],
|
|
});
|
|
|
|
await runTest(
|
|
"http",
|
|
"HTTPSFIRST_LOAD_INSECURE_ALLOW should apply if HTTPS-Only is disabled"
|
|
);
|
|
|
|
await SpecialPowers.pushPrefEnv({
|
|
set: [["dom.security.https_only_mode", true]],
|
|
});
|
|
|
|
await runTest(
|
|
"https",
|
|
"HTTPSFIRST_LOAD_INSECURE_ALLOW should not apply if HTTPS-Only is enabled"
|
|
);
|
|
|
|
Services.perms.removeAll();
|
|
});
|