summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/test_resource_upgrade.html
blob: 275a6a23af2a828e59b7702361a87e67db61beda (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<!DOCTYPE HTML>
<html>

<head>
  <meta charset="utf-8">
  <title>HTTPS-First Mode - Resource Upgrade</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>

<body>
  <h1>HTTPS-First Mode</h1>
  <p>Upgrade Test for various resources</p>
  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1704454">Bug 1704454/a>
  <iframe style="width:100%;" id="testframe"></iframe>

  <script class="testbody" type="text/javascript">
    /* Description of the test:
     * We load resources (img, script, sytle, etc) over *http* and
     * make sure they do not get upgraded to *https* because
     * https-first only applies to top-level requests.
     *
     * In detail:
     * We perform an XHR request to the *.sjs file which is processed async on
     * the server and waits till all the requests were processed by the server.
     * Once the server received all the different requests, the server responds
     * to the initial XHR request with an array of results which must match
     * the expected results from each test, making sure that all requests
     * received by the server (*.sjs) were actually *http* requests.
     */

    const splitRegex = /^(.*)-(.*)$/
    const testConfig = {
      topLevelScheme: "http://",
      results: [
        "iframe", "script", "img", "img-redir", "font", "xhr", "style",
        "media", "object", "form", "nested-img","top-level"
      ]
    }


    function runTest() {
      // sends an xhr request to the server which is processed async, which only
      // returns after the server has received all the expected requests.
      var myXHR = new XMLHttpRequest();
      myXHR.open("GET", "file_upgrade_insecure_server.sjs?queryresult");
      myXHR.onload = function () {
        var results = myXHR.responseText.split(",");
        for (var index in results) {
          checkResult(results[index]);
        }
      }
      myXHR.onerror = function (e) {
        ok(false, "Could not query results from server (" + e.message + ")");
        finishTest();
      }
      myXHR.send();

      // give it some time and run the testpage
      SimpleTest.executeSoon(() => {
        var src = testConfig.topLevelScheme + "example.com/tests/dom/security/test/https-first/file_upgrade_insecure.html";
        document.getElementById("testframe").src = src;
      });
    }

    // a postMessage handler that is used by sandboxed iframes without
    // 'allow-same-origin' to bubble up results back to this main page.
    window.addEventListener("message", receiveMessage);
    function receiveMessage(event) {
      checkResult(event.data.result);
    }

    function finishTest() {
      window.removeEventListener("message", receiveMessage);
      SimpleTest.finish();
    }

    function checkResult(response) {
      // A response looks either like this "iframe-ok" or "[key]-[result]"
      const [, key, result] = splitRegex.exec(response)
      // try to find the expected result within the results array
      var index = testConfig.results.indexOf(key);

      // If the response is not even part of the results array, something is super wrong
      if (index == -1) {
        ok(false, `Unexpected response from server (${response})`);
        finishTest();
      }

      // take the element out the array and continue till the results array is empty
      if (index != -1) {
        testConfig.results.splice(index, 1);
      }

      // Check if the result was okay or had an error
      is(result, 'ok', `Upgrade all requests on toplevel http for '${key}' came back with: '${result}'`)

      // If we're not expecting any more resulsts, finish the test
      if (!testConfig.results.length) {
        finishTest();
      }
    }

    SimpleTest.waitForExplicitFinish();
    // Set preference and start test
    SpecialPowers.pushPrefEnv({ set: [
      ["dom.security.https_first", true],
      ["security.mixed_content.block_active_content", false],
      ["security.mixed_content.block_display_content", false]
    ] }, runTest);

  </script>
</body>

</html>