diff options
Diffstat (limited to 'netwerk/test/mochitests/test_loadinfo_redirectchain.html')
-rw-r--r-- | netwerk/test/mochitests/test_loadinfo_redirectchain.html | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/netwerk/test/mochitests/test_loadinfo_redirectchain.html b/netwerk/test/mochitests/test_loadinfo_redirectchain.html new file mode 100644 index 0000000000..a657ce678c --- /dev/null +++ b/netwerk/test/mochitests/test_loadinfo_redirectchain.html @@ -0,0 +1,269 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1194052 - Append Principal to RedirectChain within LoadInfo before the channel is succesfully openend</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* + * We perform the following tests on the redirectchain of the loadinfo: + * (1) checkLoadInfoWithoutRedirects: + * checks the length of the redirectchain and tries to pop an element + * which should result in an exception and not a crash. + * (2) checkLoadInfoWithTwoRedirects: + * perform two redirects and confirm that both redirect chains + * contain the redirected URIs. + * (3) checkLoadInfoWithInternalRedirects: + * perform two redirects including CSPs upgrade-insecure-requests + * so that the redirectchain which includes internal redirects differs. + * (4) checkLoadInfoWithInternalRedirectsAndFallback + * perform two redirects including CSPs upgrade-insecure-requests + * including a 404 repsonse and hence a fallback. + * (5) checkHTTPURITruncation + * perform a redirect to a URI with an HTTP scheme to check that unwanted + * URI components are removed before being added to the redirectchain. + * (6) checkHTTPSURITruncation + * perform a redirect to a URI with an HTTPS scheme to check that unwanted + * URI components are removed before being added to the redirectchain. + */ + +SimpleTest.waitForExplicitFinish(); + +// ************** HELPERS *************** + +function compareChains(aLoadInfo, aExpectedRedirectChain, aExpectedRedirectChainIncludingInternalRedirects) { + var redirectChain = aLoadInfo.redirectChain; + var redirectChainIncludingInternalRedirects = aLoadInfo.redirectChainIncludingInternalRedirects; + + is(redirectChain.length, + aExpectedRedirectChain.length, + "confirming length of redirectChain is " + aExpectedRedirectChain.length); + + is(redirectChainIncludingInternalRedirects.length, + aExpectedRedirectChainIncludingInternalRedirects.length, + "confirming length of redirectChainIncludingInternalRedirects is " + + aExpectedRedirectChainIncludingInternalRedirects.length); +} + +function compareTruncatedChains(redirectChain, aExpectedRedirectChain) { + is(redirectChain.length, + aExpectedRedirectChain.length, + "confirming length of redirectChain is " + aExpectedRedirectChain.length); + + for (var i = 0; i < redirectChain.length; i++) { + is(redirectChain[i], + aExpectedRedirectChain[i], + "redirect chain should match expected chain"); + } +} + + +// *************** TEST 1 *************** + +function checkLoadInfoWithoutRedirects() { + var myXHR = new XMLHttpRequest(); + myXHR.open("GET", "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-0"); + + myXHR.onload = function() { + var loadinfo = SpecialPowers.wrap(myXHR).channel.loadInfo; + var redirectChain = loadinfo.redirectChain; + var redirectChainIncludingInternalRedirects = loadinfo.redirectChainIncludingInternalRedirects; + + is(redirectChain.length, 0, "no redirect, length should be 0"); + is(redirectChainIncludingInternalRedirects.length, 0, "no redirect, length should be 0"); + is(myXHR.responseText, "checking redirectchain", "sanity check to make sure redirects succeeded"); + + // try to pop an element from redirectChain + try { + loadinfo.popRedirectedPrincipal(false); + ok(false, "should not be possible to pop from redirectChain"); + } + catch(e) { + ok(true, "popping element from empty redirectChain should throw"); + } + + // try to pop an element from redirectChainIncludingInternalRedirects + try { + loadinfo.popRedirectedPrincipal(true); + ok(false, "should not be possible to pop from redirectChainIncludingInternalRedirects"); + } + catch(e) { + ok(true, "popping element from empty redirectChainIncludingInternalRedirects should throw"); + } + // move on to the next test + checkLoadInfoWithTwoRedirects(); + } + myXHR.onerror = function() { + ok(false, "xhr problem within checkLoadInfoWithoutRedirect()"); + } + myXHR.send(); +} + +// *************** TEST 2 *************** + +function checkLoadInfoWithTwoRedirects() { + var myXHR = new XMLHttpRequest(); + myXHR.open("GET", "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-2"); + + const EXPECTED_REDIRECT_CHAIN = [ + "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs", + "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs" + ]; + + const EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS = EXPECTED_REDIRECT_CHAIN; + + // Referrer header will not change when redirect + const EXPECTED_REFERRER = + "http://mochi.test:8888/tests/netwerk/test/mochitests/test_loadinfo_redirectchain.html"; + const isAndroid = !!navigator.userAgent.includes("Android"); + const EXPECTED_REMOTE_IP = isAndroid ? "10.0.2.2" : "127.0.0.1"; + + myXHR.onload = function() { + is(myXHR.responseText, "checking redirectchain", "sanity check to make sure redirects succeeded"); + + var loadinfo = SpecialPowers.wrap(myXHR).channel.loadInfo; + + compareChains(loadinfo, EXPECTED_REDIRECT_CHAIN, EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS); + + for (var i = 0; i < loadinfo.redirectChain.length; i++) { + is(loadinfo.redirectChain[i].referrerURI.spec, EXPECTED_REFERRER, "referrer should match"); + is(loadinfo.redirectChain[i].remoteAddress, EXPECTED_REMOTE_IP, "remote address should match"); + } + + // move on to the next test + checkLoadInfoWithInternalRedirects(); + } + myXHR.onerror = function() { + ok(false, "xhr problem within checkLoadInfoWithTwoRedirects()"); + } + myXHR.send(); +} + +// *************** TEST 3 *************** + +function confirmCheckLoadInfoWithInternalRedirects(event) { + const EXPECTED_REDIRECT_CHAIN = [ + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-2", + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-1" + ]; + + const EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS = [ + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-2", + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-2", + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-1", + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-1", + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-0", + ]; + + var loadinfo = JSON.parse(event.data.loadinfo); + compareChains(loadinfo, EXPECTED_REDIRECT_CHAIN, EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS); + + // remove the postMessage listener and move on to the next test + window.removeEventListener("message", confirmCheckLoadInfoWithInternalRedirects); + checkLoadInfoWithInternalRedirectsAndFallback(); +} + +function checkLoadInfoWithInternalRedirects() { + // load the XHR request into an iframe so we can apply a CSP to the iframe + // a postMessage returns the result back to the main page. + window.addEventListener("message", confirmCheckLoadInfoWithInternalRedirects); + document.getElementById("testframe").src = + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?iframe-redir-https-2"; +} + +// *************** TEST 4 *************** + +function confirmCheckLoadInfoWithInternalRedirectsAndFallback(event) { + var EXPECTED_REDIRECT_CHAIN = [ + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-err-2", + ]; + + var EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS = [ + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-err-2", + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-err-2", + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-err-1", + ]; + + var loadinfo = JSON.parse(event.data.loadinfo); + compareChains(loadinfo, EXPECTED_REDIRECT_CHAIN, EXPECTED_REDIRECT_CHAIN_INCLUDING_INTERNAL_REDIRECTS); + + // remove the postMessage listener and finish test + window.removeEventListener("message", confirmCheckLoadInfoWithInternalRedirectsAndFallback); + checkHTTPURITruncation(); +} + +function checkLoadInfoWithInternalRedirectsAndFallback() { + // load the XHR request into an iframe so we can apply a CSP to the iframe + // a postMessage returns the result back to the main page. + window.addEventListener("message", confirmCheckLoadInfoWithInternalRedirectsAndFallback); + document.getElementById("testframe").src = + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?iframe-redir-err-2"; +} + +// *************** TEST 5 *************** + +function checkHTTPURITruncation() { + var myXHR = new XMLHttpRequest(); + myXHR.open("GET", "http://root:toor@mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-1#baz"); + + const EXPECTED_REDIRECT_CHAIN = [ + "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs", // redir-1 + ]; + + var loadinfo = SpecialPowers.wrap(myXHR).channel.loadInfo; + + myXHR.onload = function() { + var redirectChain = []; + + for (var i = 0; i < loadinfo.redirectChain.length; i++) { + redirectChain[i] = loadinfo.redirectChain[i].principal.asciiSpec; + } + + compareTruncatedChains(redirectChain, EXPECTED_REDIRECT_CHAIN); + + // move on to the next test + checkHTTPSURITruncation(); + } + myXHR.onerror = function(e) { + ok(false, "xhr problem within checkHTTPURITruncation()" + e); + } + myXHR.send(); +} + +// *************** TEST 6 *************** + +function confirmCheckHTTPSURITruncation(event) { + const EXPECTED_REDIRECT_CHAIN = [ + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs", // redir-https-2 + "https://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs", // redir-https-1 + ]; + + var loadinfo = JSON.parse(event.data.loadinfo); + compareTruncatedChains(loadinfo.redirectChain, EXPECTED_REDIRECT_CHAIN); + + // remove the postMessage listener and move on to the next test + window.removeEventListener("message", confirmCheckHTTPSURITruncation); + SimpleTest.finish(); +} + +function checkHTTPSURITruncation() { + // load the XHR request into an iframe so we can apply a CSP to the iframe + // a postMessage returns the result back to the main page. + window.addEventListener("message", confirmCheckHTTPSURITruncation); + document.getElementById("testframe").src = + "https://root:toor@example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?iframe-redir-https-2#baz"; +} + +// *************** START TESTS *************** + +checkLoadInfoWithoutRedirects(); + +</script> +</body> +</html> |