summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/browser_download_attribute.js
blob: ea4558cc843d68e6e09018542875c64f52ddcd2b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
"use strict";

// Create a uri for an http site
//(in that case a site without cert such that https-first isn't upgrading it)
const insecureTestPath = getRootDirectory(gTestPath).replace(
  "chrome://mochitests/content",
  "http://nocert.example.com"
);
const insecureTestURI = insecureTestPath + "file_download_attribute.html";

function promisePanelOpened() {
  if (DownloadsPanel.panel && DownloadsPanel.panel.state == "open") {
    return Promise.resolve();
  }
  return BrowserTestUtils.waitForEvent(DownloadsPanel.panel, "popupshown");
}

const CONSOLE_UPGRADE_TRY_MESSAGE = "Upgrading insecure request";
const CONSOLE_ERROR_MESSAGE = "Downgrading to “http” again";
const DOWNLOAD_PAGE_URL =
  "nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.html";
const DOWNLOAD_LINK_URL =
  "nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.sjs";

// Verifys that https-first tried to upgrade the download
// - and that the upgrade attempt failed.
// We will receive 4 messages. Two for upgrading and downgrading
// the download page and another two for upgrading and downgrading
// the download.
let msgCounter = 0;
function shouldConsoleTryUpgradeAndError() {
  // Waits until CONSOLE_ERROR_MESSAGE was logged.
  // Checks if download was tried via http://
  return new Promise(resolve => {
    function listener(msgObj) {
      let text = msgObj.message;
      // Verify upgrade messages
      if (
        text.includes(CONSOLE_UPGRADE_TRY_MESSAGE) &&
        text.includes("http://")
      ) {
        if (msgCounter == 0) {
          ok(
            text.includes(DOWNLOAD_PAGE_URL),
            "Tries to upgrade nocert example to https"
          );
        } else {
          ok(
            text.includes(DOWNLOAD_LINK_URL),
            "Tries to upgrade download to https"
          );
        }
        msgCounter++;
      }
      // Verify downgrade messages
      if (text.includes(CONSOLE_ERROR_MESSAGE) && msgCounter > 0) {
        if (msgCounter == 1) {
          ok(
            text.includes("https://" + DOWNLOAD_PAGE_URL),
            "Downgrades nocert example to http"
          );
          msgCounter++;
        } else {
          ok(
            text.includes("https://" + DOWNLOAD_LINK_URL),
            "Downgrades download to http"
          );
          Services.console.unregisterListener(listener);
          resolve();
        }
      }
    }
    Services.console.registerListener(listener);
  });
}

// Test https-first download of an html file from an http site.
// Test description:
// 1. https-first tries to upgrade site to https
// 2. upgrade fails because site has no certificate
// 3. https-first downgrades to http and starts download via http
// 4. Successfully completes download
add_task(async function test_with_downloads_pref_enabled() {
  await SpecialPowers.pushPrefEnv({
    set: [["dom.security.https_first", true]],
  });
  let checkPromise = shouldConsoleTryUpgradeAndError();
  let downloadsPanelPromise = promisePanelOpened();
  let downloadsPromise = Downloads.getList(Downloads.PUBLIC);

  BrowserTestUtils.startLoadingURIString(gBrowser, insecureTestURI);
  // wait for downloadsPanel to open before continuing with test
  await downloadsPanelPromise;
  let downloadList = await downloadsPromise;
  await checkPromise;
  is(DownloadsPanel.isPanelShowing, true, "DownloadsPanel should be open.");
  is(
    downloadList._downloads.length,
    1,
    "File should be successfully downloaded."
  );

  let [download] = downloadList._downloads;
  is(download.contentType, "text/html", "File contentType should be correct.");
  // ensure https-first didn't upgrade the scheme.
  is(
    download.source.url,
    insecureTestPath + "file_download_attribute.sjs",
    "Scheme should be http."
  );

  info("cleaning up downloads");
  try {
    if (Services.appinfo.OS === "WINNT") {
      // We need to make the file writable to delete it on Windows.
      await IOUtils.setPermissions(download.target.path, 0o600);
    }
    await IOUtils.remove(download.target.path);
  } catch (error) {
    info("The file " + download.target.path + " is not removed, " + error);
  }

  await downloadList.remove(download);
  await download.finalize();
});