From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:47:29 +0200
Subject: Adding upstream version 115.8.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../test/https-only/browser_upgrade_exceptions.js  | 86 ++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 dom/security/test/https-only/browser_upgrade_exceptions.js

(limited to 'dom/security/test/https-only/browser_upgrade_exceptions.js')

diff --git a/dom/security/test/https-only/browser_upgrade_exceptions.js b/dom/security/test/https-only/browser_upgrade_exceptions.js
new file mode 100644
index 0000000000..8611b32a0f
--- /dev/null
+++ b/dom/security/test/https-only/browser_upgrade_exceptions.js
@@ -0,0 +1,86 @@
+// Bug 1625448 - HTTPS Only Mode - Exceptions for loopback and local IP addresses
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1631384
+// This test ensures that various configurable upgrade exceptions work
+"use strict";
+
+add_task(async function () {
+  requestLongerTimeout(2);
+
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_only_mode", true]],
+  });
+
+  // Loopback test
+  await runTest(
+    "Loopback IP addresses should always be exempt from upgrades (localhost)",
+    "http://localhost",
+    "http://"
+  );
+  await runTest(
+    "Loopback IP addresses should always be exempt from upgrades (127.0.0.1)",
+    "http://127.0.0.1",
+    "http://"
+  );
+  // Default local-IP and onion tests
+  await runTest(
+    "Local IP addresses should be exempt from upgrades by default",
+    "http://10.0.250.250",
+    "http://"
+  );
+  await runTest(
+    "Hosts ending with .onion should be be exempt from HTTPS-Only upgrades by default",
+    "http://grocery.shopping.for.one.onion",
+    "http://"
+  );
+
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["dom.security.https_only_mode.upgrade_local", true],
+      ["dom.security.https_only_mode.upgrade_onion", true],
+    ],
+  });
+
+  // Local-IP and onion tests with upgrade enabled
+  await runTest(
+    "Local IP addresses should get upgraded when 'dom.security.https_only_mode.upgrade_local' is set to true",
+    "http://10.0.250.250",
+    "https://"
+  );
+  await runTest(
+    "Hosts ending with .onion should get upgraded when 'dom.security.https_only_mode.upgrade_onion' is set to true",
+    "http://grocery.shopping.for.one.onion",
+    "https://"
+  );
+  // Local-IP request with HTTPS_ONLY_EXEMPT flag
+  await runTest(
+    "The HTTPS_ONLY_EXEMPT flag should overrule upgrade-prefs",
+    "http://10.0.250.250",
+    "http://",
+    true
+  );
+});
+
+async function runTest(desc, url, startsWith, exempt = false) {
+  const responseURL = await new Promise(resolve => {
+    let xhr = new XMLHttpRequest();
+    xhr.timeout = 1200;
+    xhr.open("GET", url);
+    if (exempt) {
+      xhr.channel.loadInfo.httpsOnlyStatus |= Ci.nsILoadInfo.HTTPS_ONLY_EXEMPT;
+    }
+    xhr.onreadystatechange = () => {
+      // We don't care about the result and it's possible that
+      // the requests might even succeed in some testing environments
+      if (
+        xhr.readyState !== XMLHttpRequest.OPENED ||
+        xhr.readyState !== XMLHttpRequest.UNSENT
+      ) {
+        // Let's make sure this function doesn't get caled anymore
+        xhr.onreadystatechange = undefined;
+        resolve(xhr.responseURL);
+      }
+    };
+    xhr.send();
+  });
+  ok(responseURL.startsWith(startsWith), desc);
+}
-- 
cgit v1.2.3