diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/https-first/test_redirect_downgrade.html | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/dom/security/test/https-first/test_redirect_downgrade.html b/dom/security/test/https-first/test_redirect_downgrade.html new file mode 100644 index 0000000000..07f998c085 --- /dev/null +++ b/dom/security/test/https-first/test_redirect_downgrade.html @@ -0,0 +1,59 @@ +<!DOCTYPE HTML> +<html> +<head> +<title>Bug 1707856: Test redirect downgrades with https-first</title> +<script src="/tests/SimpleTest/SimpleTest.js"></script> +<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<script class="testbody" type="text/javascript"> +"use strict"; +/* + * Description of the test: + * We perform three tests where we expect https-first to detect + * that the target site only supports http + * Test 1: Meta Refresh + * Test 2: JS Redirect + * Test 3: 302 redirect + */ + +SimpleTest.waitForExplicitFinish(); + +const REQUEST_URL = + "http://example.com/tests/dom/security/test/https-first/file_redirect_downgrade.sjs"; + +const redirectQueries = ["?test1a", "?test2a","?test3a"]; +let currentTest = 0; +let testWin; +let currentQuery; +window.addEventListener("message", receiveMessage); + +// Receive message and verify that it is from an https site. +// When the message is 'downgraded' then it was send by an http site +// and the redirection worked. +async function receiveMessage(event) { + let data = event.data; + ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery); + ok(data.scheme === "http:", "scheme is 'http' for " + currentQuery ); + testWin.close(); + if (++currentTest < redirectQueries.length) { + runTest(); + return; + } + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); +} + +async function runTest() { + currentQuery = redirectQueries[currentTest]; + testWin = window.open(REQUEST_URL + currentQuery, "_blank"); +} + +SpecialPowers.pushPrefEnv({ set: [ + ["dom.security.https_first", true] + ]}, runTest); + +</script> +</body> +</html> |