summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/browser_upgrade_onion.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/https-first/browser_upgrade_onion.js')
-rw-r--r--dom/security/test/https-first/browser_upgrade_onion.js60
1 files changed, 60 insertions, 0 deletions
diff --git a/dom/security/test/https-first/browser_upgrade_onion.js b/dom/security/test/https-first/browser_upgrade_onion.js
new file mode 100644
index 0000000000..5987eda580
--- /dev/null
+++ b/dom/security/test/https-first/browser_upgrade_onion.js
@@ -0,0 +1,60 @@
+// This test ensures that various configurable upgrade exceptions work
+"use strict";
+
+async function runTest(desc, url, expectedURI) {
+ await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
+ let loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
+ BrowserTestUtils.startLoadingURIString(browser, url);
+ await loaded;
+
+ await SpecialPowers.spawn(
+ browser,
+ [desc, expectedURI],
+ async function (desc, expectedURI) {
+ // XXX ckerschb: generally we use the documentURI, but our test infra
+ // can not handle .onion, hence we use the URI of the failed channel
+ // stored on the docshell to see if the scheme was upgraded to https.
+ let loadedURI = content.document.documentURI;
+ if (loadedURI.startsWith("about:neterror")) {
+ loadedURI = content.docShell.failedChannel.URI.spec;
+ }
+ is(loadedURI, expectedURI, desc);
+ }
+ );
+ });
+}
+
+// by default local addresses and .onion should *not* get upgraded
+add_task(async function () {
+ requestLongerTimeout(2);
+
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["dom.security.https_first", true],
+ ["dom.security.https_only_mode", false],
+ ["dom.security.https_only_mode.upgrade_local", false],
+ ["dom.security.https_only_mode.upgrade_onion", false],
+ ],
+ });
+
+ await runTest(
+ "Hosts ending with .onion should be be exempt from HTTPS-First upgrades by default",
+ "http://grocery.shopping.for.one.onion/",
+ "http://grocery.shopping.for.one.onion/"
+ );
+
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["dom.security.https_first", true],
+ ["dom.security.https_only_mode", false],
+ ["dom.security.https_only_mode.upgrade_local", false],
+ ["dom.security.https_only_mode.upgrade_onion", true],
+ ],
+ });
+
+ await runTest(
+ "Hosts ending with .onion should get upgraded when 'dom.security.https_only_mode.upgrade_onion' is set to true",
+ "http://grocery.shopping.for.one.onion/",
+ "https://grocery.shopping.for.one.onion/"
+ );
+});
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-22 09:17:19 +0000