diff options
Diffstat (limited to 'dom/security/test/https-only/browser_navigation.js')
-rw-r--r-- | dom/security/test/https-only/browser_navigation.js | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/dom/security/test/https-only/browser_navigation.js b/dom/security/test/https-only/browser_navigation.js new file mode 100644 index 0000000000..8c4609a57a --- /dev/null +++ b/dom/security/test/https-only/browser_navigation.js @@ -0,0 +1,94 @@ +"use strict"; + +// For each FIRST_URL_* this test does the following: +// 1. Navigate to FIRST_URL_* +// 2. Check if we are on a HTTPS-Only error page +// 3. Navigate to SECOND_URL +// 4. Navigate back +// 5. Check if we are on a HTTPS-Only error page + +const FIRST_URL_SECURE = "https://example.com"; +const FIRST_URL_INSECURE_REDIRECT = + "http://example.com/browser/dom/security/test/https-only/file_redirect_to_insecure.sjs"; +const FIRST_URL_INSECURE_NOCERT = "http://nocert.example.com"; +const SECOND_URL = "https://example.org"; + +function waitForPage() { + return new Promise(resolve => { + BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser).then(resolve); + BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(resolve); + }); +} + +async function verifyErrorPage(expectErrorPage = true) { + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [expectErrorPage], + async function (_expectErrorPage) { + let doc = content.document; + let innerHTML = doc.body.innerHTML; + let errorPageL10nId = "about-httpsonly-title-alert"; + + is( + innerHTML.includes(errorPageL10nId) && + doc.documentURI.startsWith("about:httpsonlyerror"), + _expectErrorPage, + "we should be on the https-only error page" + ); + } + ); +} + +async function runTest( + firstUrl, + expectErrorPageOnFirstVisit, + expectErrorPageOnSecondVisit +) { + let loaded = waitForPage(); + info("Loading first page"); + BrowserTestUtils.startLoadingURIString(gBrowser, firstUrl); + await loaded; + await verifyErrorPage(expectErrorPageOnFirstVisit); + + loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + info("Navigating to second page"); + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [SECOND_URL], + async url => (content.location.href = url) + ); + await loaded; + + // Go back one site by clicking the back button + loaded = BrowserTestUtils.waitForLocationChange(gBrowser); + info("Clicking back button"); + let backButton = document.getElementById("back-button"); + backButton.click(); + await loaded; + await verifyErrorPage(expectErrorPageOnSecondVisit); +} + +add_task(async function () { + waitForExplicitFinish(); + + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + // We don't expect any HTTPS-Only error pages, on the first and second visit of this URL, + // since the URL is reachable via https. + await runTest(FIRST_URL_SECURE, false, false); + + // Since trying to upgrade this url will result in being redirected again to the insecure + // site, we are not able to upgrade it and a HTTPS-Only error page is shown. + // This is happening both on the first and second visit. + await runTest(FIRST_URL_INSECURE_REDIRECT, true, true); + + // Similar to the previous case, we can not upgrade this URL, since this time it has a + // invalid certificate. We would expect a HTTPS-Only error page on both vists, but it is only + // shown on the first one, on the second one we get an errror page about the invalid + // certificate instead (Bug 1848117). + await runTest(FIRST_URL_INSECURE_NOCERT, true, false); + + finish(); +}); |