diff options
Diffstat (limited to 'dom/security/test/https-first/file_multiple_redirection.sjs')
| -rw-r--r-- | dom/security/test/https-first/file_multiple_redirection.sjs | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/dom/security/test/https-first/file_multiple_redirection.sjs b/dom/security/test/https-first/file_multiple_redirection.sjs index 49098ccdb7..e34a360fa6 100644 --- a/dom/security/test/https-first/file_multiple_redirection.sjs +++ b/dom/security/test/https-first/file_multiple_redirection.sjs @@ -5,6 +5,8 @@ const REDIRECT_URI = "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?redirect"; const REDIRECT_URI_HTTP = "http://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify"; +const OTHERHOST_REDIRECT_URI_HTTP = + "http://example.org/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify"; const REDIRECT_URI_HTTPS = "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify"; @@ -44,6 +46,11 @@ function sendRedirection(query, response) { if (query.includes("test3")) { response.setHeader("Strict-Transport-Security", "max-age=60"); response.setHeader("Location", REDIRECT_URI_HTTP, false); + return; + } + // send a redirection to a different http uri + if (query.includes("test4")) { + response.setHeader("Location", OTHERHOST_REDIRECT_URI_HTTP, false); } } @@ -53,6 +60,11 @@ function handleRequest(request, response) { // if the query contains a test query start first test if (query.startsWith("test")) { + // all of these should be upgraded + if (request.scheme !== "https") { + response.setStatusLine(request.httpVersion, 500, "OK"); + response.write("Request should have been HTTPS."); + } // send a 302 redirection response.setStatusLine(request.httpVersion, 302, "Found"); response.setHeader("Location", REDIRECT_URI + query, false); @@ -60,6 +72,10 @@ function handleRequest(request, response) { } // Send a redirection if (query.includes("redirect")) { + if (request.scheme !== "https") { + response.setStatusLine(request.httpVersion, 500, "OK"); + response.write("Request should have been HTTPS."); + } response.setStatusLine(request.httpVersion, 302, "Found"); sendRedirection(query, response); return; @@ -83,5 +99,5 @@ function handleRequest(request, response) { // We should never get here, but just in case ... response.setStatusLine(request.httpVersion, 500, "OK"); - response.write("unexepcted query"); + response.write("unexpected query"); } |