summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:40:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:40:09 +0000
commitc1701504b2366542c32c5e6eeff1ba62cc75f8f6 (patch)
tree81b15ef2846efcdbb09422dd283399e769cb7ef9 /dom/security/test/https-first
parentReleasing progress-linux version 115.10.0esr-1~progress7.99u1. (diff)
downloadfirefox-esr-c1701504b2366542c32c5e6eeff1ba62cc75f8f6.tar.xz
firefox-esr-c1701504b2366542c32c5e6eeff1ba62cc75f8f6.zip
Merging upstream version 115.11.0esr.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/https-first')
-rw-r--r--dom/security/test/https-first/browser.ini4
-rw-r--r--dom/security/test/https-first/browser_subdocument_downgrade.js60
-rw-r--r--dom/security/test/https-first/file_empty.html1
-rw-r--r--dom/security/test/https-first/file_subdocument_downgrade.sjs8
4 files changed, 73 insertions, 0 deletions
diff --git a/dom/security/test/https-first/browser.ini b/dom/security/test/https-first/browser.ini
index 9e355423dc..3beeab3766 100644
--- a/dom/security/test/https-first/browser.ini
+++ b/dom/security/test/https-first/browser.ini
@@ -33,3 +33,7 @@ support-files =
test.wav
[browser_beforeunload_permit_http.js]
support-files = file_beforeunload_permit_http.html
+[browser_subdocument_downgrade.js]
+support-files =
+ file_empty.html
+ file_subdocument_downgrade.sjs
diff --git a/dom/security/test/https-first/browser_subdocument_downgrade.js b/dom/security/test/https-first/browser_subdocument_downgrade.js
new file mode 100644
index 0000000000..4cb5b4ed2e
--- /dev/null
+++ b/dom/security/test/https-first/browser_subdocument_downgrade.js
@@ -0,0 +1,60 @@
+/* Any copyright is dedicated to the Public Domain.
+ https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const EMPTY_URL =
+ "http://example.com/browser/dom/security/test/https-first/file_empty.html";
+const SUBDOCUMENT_URL =
+ "https://example.com/browser/dom/security/test/https-first/file_subdocument_downgrade.sjs";
+
+add_task(async function test_subdocument_downgrade() {
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ // We want to test HTTPS-First
+ ["dom.security.https_first", true],
+ // Makes it easier to detect the error
+ ["security.mixed_content.block_active_content", false],
+ ],
+ });
+
+ // Open a empty document with origin http://example.com, which gets upgraded
+ // to https://example.com by HTTPS-First and thus is marked as
+ // HTTPS_ONLY_UPGRADED_HTTPS_FIRST.
+ await BrowserTestUtils.withNewTab(EMPTY_URL, async browser => {
+ await SpecialPowers.spawn(
+ browser,
+ [SUBDOCUMENT_URL],
+ async SUBDOCUMENT_URL => {
+ function isCrossOriginIframe(iframe) {
+ try {
+ return !iframe.contentDocument;
+ } catch (e) {
+ return true;
+ }
+ }
+ const subdocument = content.document.createElement("iframe");
+ // We open https://example.com/.../file_subdocument_downgrade.sjs in a
+ // iframe, which sends a invalid response if the scheme is https. Thus
+ // we should get an error. But if we accidentally copy the
+ // HTTPS_ONLY_UPGRADED_HTTPS_FIRST flag from the parent into the iframe
+ // loadinfo, HTTPS-First will try to downgrade the iframe. We test that
+ // this doesn't happen.
+ subdocument.src = SUBDOCUMENT_URL;
+ const loadPromise = new Promise(resolve => {
+ subdocument.addEventListener("load", () => {
+ ok(
+ // If the iframe got downgraded, it should now have the origin
+ // http://example.com, which we can detect as being cross-origin.
+ !isCrossOriginIframe(subdocument),
+ "Subdocument should not be downgraded"
+ );
+ resolve();
+ });
+ });
+ content.document.body.appendChild(subdocument);
+ await loadPromise;
+ }
+ );
+ });
+});
diff --git a/dom/security/test/https-first/file_empty.html b/dom/security/test/https-first/file_empty.html
new file mode 100644
index 0000000000..39d495653e
--- /dev/null
+++ b/dom/security/test/https-first/file_empty.html
@@ -0,0 +1 @@
+<!doctype html><html><body></body></html>
diff --git a/dom/security/test/https-first/file_subdocument_downgrade.sjs b/dom/security/test/https-first/file_subdocument_downgrade.sjs
new file mode 100644
index 0000000000..53ced94ba8
--- /dev/null
+++ b/dom/security/test/https-first/file_subdocument_downgrade.sjs
@@ -0,0 +1,8 @@
+function handleRequest(request, response) {
+ if (request.scheme === "https") {
+ response.setStatusLine("1.1", 429, "Too Many Requests");
+ } else {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write("<!doctype html><html><body></body></html>");
+ }
+}