"use strict";

// For each FIRST_URL_* this test does the following:
// 1. Navigate to FIRST_URL_*
// 2. Check if we are on a HTTPS-Only error page
// 3. Navigate to SECOND_URL
// 4. Navigate back
// 5. Check if we are on a HTTPS-Only error page

const FIRST_URL_SECURE = "https://example.com";
const FIRST_URL_INSECURE_REDIRECT =
  "http://example.com/browser/dom/security/test/https-only/file_redirect_to_insecure.sjs";
const FIRST_URL_INSECURE_NOCERT = "http://nocert.example.com";
const SECOND_URL = "https://example.org";

function waitForPage() {
  return new Promise(resolve => {
    BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser).then(resolve);
    BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(resolve);
  });
}

async function verifyErrorPage(expectErrorPage = true) {
  await SpecialPowers.spawn(
    gBrowser.selectedBrowser,
    [expectErrorPage],
    async function (_expectErrorPage) {
      let doc = content.document;
      let innerHTML = doc.body.innerHTML;
      let errorPageL10nId = "about-httpsonly-title-alert";

      is(
        innerHTML.includes(errorPageL10nId) &&
          doc.documentURI.startsWith("about:httpsonlyerror"),
        _expectErrorPage,
        "we should be on the https-only error page"
      );
    }
  );
}

async function runTest(
  firstUrl,
  expectErrorPageOnFirstVisit,
  expectErrorPageOnSecondVisit
) {
  let loaded = waitForPage();
  info("Loading first page");
  BrowserTestUtils.startLoadingURIString(gBrowser, firstUrl);
  await loaded;
  await verifyErrorPage(expectErrorPageOnFirstVisit);

  loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
  info("Navigating to second page");
  await SpecialPowers.spawn(
    gBrowser.selectedBrowser,
    [SECOND_URL],
    async url => (content.location.href = url)
  );
  await loaded;

  // Go back one site by clicking the back button
  loaded = BrowserTestUtils.waitForLocationChange(gBrowser);
  info("Clicking back button");
  let backButton = document.getElementById("back-button");
  backButton.click();
  await loaded;
  await verifyErrorPage(expectErrorPageOnSecondVisit);
}

add_task(async function () {
  waitForExplicitFinish();

  await SpecialPowers.pushPrefEnv({
    set: [["dom.security.https_only_mode", true]],
  });

  // We don't expect any HTTPS-Only error pages, on the first and second visit of this URL,
  // since the URL is reachable via https.
  await runTest(FIRST_URL_SECURE, false, false);

  // Since trying to upgrade this url will result in being redirected again to the insecure
  // site, we are not able to upgrade it and a HTTPS-Only error page is shown.
  // This is happening both on the first and second visit.
  await runTest(FIRST_URL_INSECURE_REDIRECT, true, true);

  // Similar to the previous case, we can not upgrade this URL, since this time it has a
  // invalid certificate. We would expect a HTTPS-Only error page on both vists, but it is only
  // shown on the first one, on the second one we get an errror page about the invalid
  // certificate instead (Bug 1848117).
  await runTest(FIRST_URL_INSECURE_NOCERT, true, false);

  finish();
});