1 files changed, 39 insertions, 0 deletions

diff --git a/dom/security/test/https-only/browser_redirect_tainting.js b/dom/security/test/https-only/browser_redirect_tainting.js
new file mode 100644
index 0000000000..0823ec4658
--- /dev/null
+++ b/dom/security/test/https-only/browser_redirect_tainting.js
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Test steps:
+// 1. Load file_redirect_tainting.sjs?html.
+// 2. The server returns an html which loads an image at http://example.net.
+// 3. The image request will be upgraded to HTTPS since HTTPS-only mode is on.
+// 4. In file_redirect_tainting.sjs, we set "Access-Control-Allow-Origin" to
+//    the value of the Origin header.
+// 5. If the vlaue does not match, the image won't be loaded.
+async function do_test() {
+  let requestUrl = `https://example.com/browser/dom/security/test/https-only/file_redirect_tainting.sjs?html`;
+
+  await BrowserTestUtils.withNewTab(
+    {
+      gBrowser,
+      url: requestUrl,
+      waitForLoad: true,
+    },
+    async function (browser) {
+      let imageLoaded = await SpecialPowers.spawn(browser, [], function () {
+        let image = content.document.getElementById("test_image");
+        return image && image.complete && image.naturalHeight !== 0;
+      });
+      await Assert.ok(imageLoaded, "test_image should be loaded");
+    }
+  );
+}
+
+add_task(async function test_https_only_redirect_tainting() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_only_mode", true]],
+  });
+
+  await do_test();
+
+  await SpecialPowers.popPrefEnv();
+});