summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-only/browser_httpsonly_prefs.js
blob: a88320038a173a1d2968c1b35415dc72a75208b5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
"use strict";

async function runPrefTest(
  aHTTPSOnlyPref,
  aHTTPSOnlyPrefPBM,
  aExecuteFromPBM,
  aDesc,
  aAssertURLStartsWith
) {
  await SpecialPowers.pushPrefEnv({
    set: [
      ["dom.security.https_only_mode", aHTTPSOnlyPref],
      ["dom.security.https_only_mode_pbm", aHTTPSOnlyPrefPBM],
    ],
  });

  await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
    await ContentTask.spawn(
      browser,
      { aExecuteFromPBM, aDesc, aAssertURLStartsWith },
      async function({ aExecuteFromPBM, aDesc, aAssertURLStartsWith }) {
        const responseURL = await new Promise(resolve => {
          let xhr = new XMLHttpRequest();
          xhr.timeout = 1200;
          xhr.open("GET", "http://example.com");
          if (aExecuteFromPBM) {
            xhr.channel.loadInfo.originAttributes = {
              privateBrowsingId: 1,
            };
          }
          xhr.onreadystatechange = () => {
            // We don't care about the result and it's possible that
            // the requests might even succeed in some testing environments
            if (
              xhr.readyState !== XMLHttpRequest.OPENED ||
              xhr.readyState !== XMLHttpRequest.UNSENT
            ) {
              // Let's make sure this function does not get called anymore
              xhr.onreadystatechange = undefined;
              resolve(xhr.responseURL);
            }
          };
          xhr.send();
        });
        ok(responseURL.startsWith(aAssertURLStartsWith), aDesc);
      }
    );
  });
}

add_task(async function() {
  requestLongerTimeout(2);

  await runPrefTest(
    false,
    false,
    false,
    "Setting no prefs should not upgrade",
    "http://"
  );

  await runPrefTest(
    true,
    false,
    false,
    "Setting aHTTPSOnlyPref should upgrade",
    "https://"
  );

  await runPrefTest(
    false,
    true,
    false,
    "Setting aHTTPSOnlyPrefPBM should not upgrade",
    "http://"
  );

  await runPrefTest(
    false,
    false,
    true,
    "Setting aPBM should not upgrade",
    "http://"
  );

  await runPrefTest(
    true,
    true,
    false,
    "Setting aHTTPSOnlyPref and aHTTPSOnlyPrefPBM should should upgrade",
    "https://"
  );

  await runPrefTest(
    true,
    false,
    true,
    "Setting aHTTPSOnlyPref and aPBM should upgrade",
    "https://"
  );

  await runPrefTest(
    false,
    true,
    true,
    "Setting aHTTPSOnlyPrefPBM and aPBM should upgrade",
    "https://"
  );

  await runPrefTest(
    true,
    true,
    true,
    "Setting aHTTPSOnlyPref and aHTTPSOnlyPrefPBM and aPBM should upgrade",
    "https://"
  );
});