1 files changed, 104 insertions, 0 deletions

diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js b/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js
new file mode 100644
index 0000000000..3d8b4b3331
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js
@@ -0,0 +1,104 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Tests that errors about invalid HSTS security headers are logged to the web console.
+
+"use strict";
+
+const TEST_URI =
+  "data:text/html;charset=utf-8,<!DOCTYPE html>Web Console HSTS invalid header test";
+const SJS_URL =
+  "https://example.com/browser/devtools/client/webconsole/" +
+  "/test/browser/test_hsts-invalid-headers.sjs";
+const LEARN_MORE_URI =
+  "https://developer.mozilla.org/docs/Web/HTTP/Headers/" +
+  "Strict-Transport-Security" +
+  DOCS_GA_PARAMS;
+
+add_task(async function () {
+  const hud = await openNewTabAndConsole(TEST_URI);
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?badSyntax",
+      name: "Could not parse header error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that could " +
+        "not be parsed successfully.",
+    },
+    hud
+  );
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?noMaxAge",
+      name: "No max-age error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that did " +
+        "not include a \u2018max-age\u2019 directive.",
+    },
+    hud
+  );
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?invalidIncludeSubDomains",
+      name: "Invalid includeSubDomains error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that " +
+        "included an invalid \u2018includeSubDomains\u2019 directive.",
+    },
+    hud
+  );
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?invalidMaxAge",
+      name: "Invalid max-age error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that " +
+        "included an invalid \u2018max-age\u2019 directive.",
+    },
+    hud
+  );
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?multipleIncludeSubDomains",
+      name: "Multiple includeSubDomains error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that " +
+        "included multiple \u2018includeSubDomains\u2019 directives.",
+    },
+    hud
+  );
+
+  await navigateAndCheckWarningMessage(
+    {
+      url: SJS_URL + "?multipleMaxAge",
+      name: "Multiple max-age error displayed successfully",
+      text:
+        "Strict-Transport-Security: The site specified a header that " +
+        "included multiple \u2018max-age\u2019 directives.",
+    },
+    hud
+  );
+});
+
+async function navigateAndCheckWarningMessage({ url, name, text }, hud) {
+  await clearOutput(hud);
+
+  const onMessage = waitForMessageByType(hud, text, ".warn");
+  await navigateTo(url);
+  const { node } = await onMessage;
+  ok(node, name);
+
+  const learnMoreNode = node.querySelector(".learn-more-link");
+  ok(learnMoreNode, `There is a "Learn more" link`);
+  const navigationResponse = await simulateLinkClick(learnMoreNode);
+  is(
+    navigationResponse.link,
+    LEARN_MORE_URI,
+    "Click on the learn more link navigates the user to the expected url"
+  );
+}