From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../https-only/browser_websocket_exceptions.js | 68 ++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 dom/security/test/https-only/browser_websocket_exceptions.js (limited to 'dom/security/test/https-only/browser_websocket_exceptions.js') diff --git a/dom/security/test/https-only/browser_websocket_exceptions.js b/dom/security/test/https-only/browser_websocket_exceptions.js new file mode 100644 index 0000000000..a6e5336c63 --- /dev/null +++ b/dom/security/test/https-only/browser_websocket_exceptions.js @@ -0,0 +1,68 @@ +"use strict"; + +const TEST_PATH_HTTP = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "http://localhost:9898" +); + +let WEBSOCKET_DOC_URL = `${TEST_PATH_HTTP}file_websocket_exceptions.html`; + +add_task(async function () { + // Here is a sequence of how this test works: + // 1. Dynamically inject a localhost iframe + // 2. Add an exemption for localhost + // 3. Fire up Websocket + // Generally local IP addresses are exempt from https-only, but if we do not add + // an exemption for localhost, then the TriggeringPrincipal of the WebSocket is + // `not` exempt and we would upgrade ws to wss. + + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.security.https_only_mode", true], + ["network.proxy.allow_hijacking_localhost", true], + ], + }); + + await BrowserTestUtils.withNewTab("about:blank", async function (browser) { + let loaded = BrowserTestUtils.browserLoaded(browser); + + BrowserTestUtils.startLoadingURIString(browser, WEBSOCKET_DOC_URL); + await loaded; + + await SpecialPowers.spawn(browser, [], async function () { + // Part 1: + let myIframe = content.document.createElement("iframe"); + content.document.body.appendChild(myIframe); + myIframe.src = + "http://localhost:9898/browser/dom/security/test/https-only/file_websocket_exceptions_iframe.html"; + + myIframe.onload = async function () { + // Part 2: + await SpecialPowers.pushPermissions([ + { + type: "https-only-load-insecure", + allow: true, + context: "http://localhost:9898", + }, + ]); + // Part 3. + myIframe.contentWindow.postMessage({ myMessage: "runWebSocket" }, "*"); + }; + + const promise = new Promise(resolve => { + content.addEventListener("WebSocketEnded", resolve, { + once: true, + }); + }); + + const { detail } = await promise; + + is(detail.state, "onopen", "sanity: websocket loaded"); + ok( + detail.url.startsWith("ws://example.com/tests"), + "exempt websocket should not be upgraded to wss://" + ); + }); + }); + await SpecialPowers.popPermissions(); +}); -- cgit v1.2.3