diff options
Diffstat (limited to 'dom/base/test/test_bug466080.html')
-rw-r--r-- | dom/base/test/test_bug466080.html | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/dom/base/test/test_bug466080.html b/dom/base/test/test_bug466080.html new file mode 100644 index 0000000000..45763d592f --- /dev/null +++ b/dom/base/test/test_bug466080.html @@ -0,0 +1,151 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test bug 466080</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe id="frame1" + src="https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs"> + + This iframe should load the resource via the src-attribute from + a secure server which requires a client-cert. Doing this is + supposed to work, but further below in the test we try to load + the resource from the same url using a XHR, which should not work. + + TODO : What if we change 'src' from JS? Would/should it load? + +</iframe> + +<script class="testbody" type="text/javascript"> + +"use strict"; + +onWindowLoad(); + +let alltests = [ + +// load resource from a relative url - this should work + { url:"bug466080.sjs", + status_check:"==200", + error:"XHR from relative URL"}, + +// TODO - load the resource from a relative url via https..? + +// load a non-existing resource - should get "404 Not Found" + { url:"bug466080-does-not.exist", + status_check:"==404", + error:"XHR loading non-existing resource"}, + +// load resource from cross-site non-secure server + { url:"http://test1.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site plaintext server"}, + +// load resource from cross-site secure server - should work since no credentials are needed + { url:"https://test1.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site secure server"}, + +// load resource from cross-site secure server - should work since the server just requests certs + { url:"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site secure server requesting certificate"}, + +// load resource from cross-site secure server - should NOT work since the server requires cert +// note that this is the url which is used in the iframe.src above + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"!=200", + error:"XHR from cross-site secure server requiring certificate"}, + +// repeat previous, - should NOT work + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR w/ credentials from cross-site secure server requiring certificate", + withCredentials:"true"}, + +// repeat previous, but with credentials - should work + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR w/ credentials from cross-site secure server requiring certificate", + withCredentials:"true"}, + +// repeat previous, withCredentials but using a weird method to force preflight +// should NOT work since our preflight is anonymous and will fail with our simple server + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"!=200", + error:"XHR PREFLIGHT from cross-site secure server requiring certificate", + withCredentials:"true", + method:"XMETHOD"}, + +// repeat previous, withCredentials but using a weird method to force preflight +// Set network.cors_preflight.allow_client_cert pref, that will allow cers on an +// anonymous connection. +// This should work since our preflight will work now. + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR PREFLIGHT from cross-site secure server requiring certificate", + withCredentials:"true", + method:"XMETHOD", + enableCertOnPreflight: true}, + + { cleanEnableCertOnPreflight: true}, +]; + +async function onWindowLoad() { + // First, check that resource was loaded into the iframe + // This check in fact depends on bug #444165... :) + await new Promise(resolve => { + document.getElementById("frame1").onload = () => { resolve(); }; + }); + + async function runTest(test) { + if (test.cleanEnableCertOnPreflight) { + await SpecialPowers.pushPrefEnv({"set": [["network.cors_preflight.allow_client_cert", false]]}); + if (!alltests.length) { + SimpleTest.finish(); + } else { + runTest(alltests.shift()); + } + } else { + if (test.enableCertOnPreflight != null) { + await SpecialPowers.pushPrefEnv({"set": [["network.cors_preflight.allow_client_cert", true]]}); + } + var xhr = new XMLHttpRequest(); + + var method = "GET"; + if (test.method != null) { method = test.method; } + xhr.open(method, test.url); + + xhr.withCredentials = test.withCredentials; + + SpecialPowers.wrap(xhr).setRequestHeader("Connection", "Keep-Alive", false); + + try { + xhr.send(); + } catch(e) { + } + + xhr.onloadend = function() { + // eslint-disable-next-line no-eval + var success = eval(xhr.status + test.status_check); + ok(success, test.error); + + if (!alltests.length) { + SimpleTest.finish(); + } else { + runTest(alltests.shift()); + } + }; + } + } + + runTest(alltests.shift()); +} + +SimpleTest.waitForExplicitFinish(); + +</script> +</body> +</html> |