summaryrefslogtreecommitdiffstats
path: root/dom/security/test/unit/test_https_only_https_first_prefs.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/unit/test_https_only_https_first_prefs.js')
-rw-r--r--dom/security/test/unit/test_https_only_https_first_prefs.js361
1 files changed, 361 insertions, 0 deletions
diff --git a/dom/security/test/unit/test_https_only_https_first_prefs.js b/dom/security/test/unit/test_https_only_https_first_prefs.js
new file mode 100644
index 0000000000..9c6ced1fcb
--- /dev/null
+++ b/dom/security/test/unit/test_https_only_https_first_prefs.js
@@ -0,0 +1,361 @@
+const { HttpServer } = ChromeUtils.importESModule(
+ "resource://testing-common/httpd.sys.mjs"
+);
+const { NetUtil } = ChromeUtils.importESModule(
+ "resource://gre/modules/NetUtil.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "HTTP_TEST_URL", function () {
+ return "http://test1.example.com";
+});
+
+const TEST_PATH = "/https_only_https_first_path";
+var httpserver = null;
+var channel = null;
+var curTest = null;
+
+const TESTS = [
+ {
+ // Test 1: all prefs to false
+ description: "Test 1 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 1 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 1 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 1 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "http",
+ },
+ // Test 2: https_only true
+ {
+ description: "Test 2 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 2 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 2 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 2 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ // Test 3: https_only_pbm true
+ {
+ description: "Test 3 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: true,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 3 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: true,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 3 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: true,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 3 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: true,
+ https_first: false,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ // Test 4: https_first true
+ {
+ description: "Test 4 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 4 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 4 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 4 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "http",
+ },
+ // Test 5: https_first_pbm true
+ {
+ description: "Test 5 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: true,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 5 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: true,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 5 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: true,
+ pbm: false,
+ expectedScheme: "http",
+ },
+ {
+ description: "Test 5 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: false,
+ https_only_pbm: false,
+ https_first: false,
+ https_first_pbm: true,
+ pbm: true,
+ expectedScheme: "http",
+ },
+ // Test 6: https_only overrules https_first
+ {
+ description: "Test 6 - top-level",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 6 - top-level - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 6 - sub-resource",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: false,
+ expectedScheme: "https",
+ },
+ {
+ description: "Test 6 - sub-resource - pbm",
+ contentType: Ci.nsIContentPolicy.TYPE_IMAGE,
+ https_only: true,
+ https_only_pbm: false,
+ https_first: true,
+ https_first_pbm: false,
+ pbm: true,
+ expectedScheme: "https",
+ },
+];
+
+function ChannelListener() {}
+
+ChannelListener.prototype = {
+ onStartRequest(request) {
+ var chan = request.QueryInterface(Ci.nsIChannel);
+ var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+ var authHeader = httpChan.getRequestHeader("Authorization");
+ Assert.equal(authHeader, "Basic user:pass", curTest.description);
+ },
+ onDataAvailable(request, stream, offset, count) {
+ do_throw("Should not get any data!");
+ },
+ onStopRequest(request, status) {
+ var chan = request.QueryInterface(Ci.nsIChannel);
+ let requestURL = chan.URI;
+ Assert.equal(
+ requestURL.scheme,
+ curTest.expectedScheme,
+ curTest.description
+ );
+ Assert.equal(requestURL.host, "test1.example.com", curTest.description);
+ Assert.equal(requestURL.filePath, TEST_PATH, curTest.description);
+ run_next_test();
+ },
+};
+
+function setUpPrefs() {
+ // set up the required prefs
+ Services.prefs.setBoolPref(
+ "dom.security.https_only_mode",
+ curTest.https_only
+ );
+ Services.prefs.setBoolPref(
+ "dom.security.https_only_mode_pbm",
+ curTest.https_only_pbm
+ );
+ Services.prefs.setBoolPref("dom.security.https_first", curTest.https_first);
+ Services.prefs.setBoolPref(
+ "dom.security.https_first_pbm",
+ curTest.https_first_pbm
+ );
+}
+
+function setUpChannel() {
+ // 1) Set up Principal using OA in case of Private Browsing
+ let attr = {};
+ if (curTest.pbm) {
+ attr.privateBrowsingId = 1;
+ }
+ let uri = Services.io.newURI("http://test1.example.com");
+ let principal = Services.scriptSecurityManager.createContentPrincipal(
+ uri,
+ attr
+ );
+
+ // 2) Set up Channel
+ var chan = NetUtil.newChannel({
+ uri: HTTP_TEST_URL + TEST_PATH,
+ loadingPrincipal: principal,
+ contentPolicyType: curTest.contentType,
+ securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+ });
+ chan.QueryInterface(Ci.nsIHttpChannel);
+ chan.requestMethod = "GET";
+ chan.setRequestHeader("Authorization", "Basic user:pass", false);
+ return chan;
+}
+
+function serverHandler(metadata, response) {
+ // dummy implementation
+}
+
+function run_next_test() {
+ curTest = TESTS.shift();
+ if (!curTest) {
+ httpserver.stop(do_test_finished);
+ return;
+ }
+
+ setUpPrefs();
+
+ channel = setUpChannel();
+ channel.asyncOpen(new ChannelListener());
+}
+
+function run_test() {
+ do_get_profile();
+
+ // set up the test environment
+ httpserver = new HttpServer();
+ httpserver.registerPathHandler(TEST_PATH, serverHandler);
+ httpserver.start(-1);
+
+ run_next_test();
+ do_test_pending();
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-22 06:26:10 +0000