1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
"use strict";
// For each FIRST_URL_* this test does the following:
// 1. Navigate to FIRST_URL_*
// 2. Check if we are on a HTTPS-Only error page
// 3. Navigate to SECOND_URL
// 4. Navigate back
// 5. Check if we are on a HTTPS-Only error page
const FIRST_URL_SECURE = "https://example.com";
const FIRST_URL_INSECURE_REDIRECT =
"http://example.com/browser/dom/security/test/https-only/file_redirect_to_insecure.sjs";
const FIRST_URL_INSECURE_NOCERT = "http://nocert.example.com";
const SECOND_URL = "https://example.org";
function waitForPage() {
return new Promise(resolve => {
BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser).then(resolve);
BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(resolve);
});
}
async function verifyErrorPage(expectErrorPage = true) {
await SpecialPowers.spawn(
gBrowser.selectedBrowser,
[expectErrorPage],
async function (_expectErrorPage) {
let doc = content.document;
let innerHTML = doc.body.innerHTML;
let errorPageL10nId = "about-httpsonly-title-alert";
is(
innerHTML.includes(errorPageL10nId) &&
doc.documentURI.startsWith("about:httpsonlyerror"),
_expectErrorPage,
"we should be on the https-only error page"
);
}
);
}
async function runTest(
firstUrl,
expectErrorPageOnFirstVisit,
expectErrorPageOnSecondVisit
) {
let loaded = waitForPage();
info("Loading first page");
BrowserTestUtils.startLoadingURIString(gBrowser, firstUrl);
await loaded;
await verifyErrorPage(expectErrorPageOnFirstVisit);
loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
info("Navigating to second page");
await SpecialPowers.spawn(
gBrowser.selectedBrowser,
[SECOND_URL],
async url => (content.location.href = url)
);
await loaded;
// Go back one site by clicking the back button
loaded = BrowserTestUtils.waitForLocationChange(gBrowser);
info("Clicking back button");
let backButton = document.getElementById("back-button");
backButton.click();
await loaded;
await verifyErrorPage(expectErrorPageOnSecondVisit);
}
add_task(async function () {
waitForExplicitFinish();
await SpecialPowers.pushPrefEnv({
set: [["dom.security.https_only_mode", true]],
});
// We don't expect any HTTPS-Only error pages, on the first and second visit of this URL,
// since the URL is reachable via https.
await runTest(FIRST_URL_SECURE, false, false);
// Since trying to upgrade this url will result in being redirected again to the insecure
// site, we are not able to upgrade it and a HTTPS-Only error page is shown.
// This is happening both on the first and second visit.
await runTest(FIRST_URL_INSECURE_REDIRECT, true, true);
// Similar to the previous case, we can not upgrade this URL, since this time it has a
// invalid certificate. We would expect a HTTPS-Only error page on both vists, but it is only
// shown on the first one, on the second one we get an errror page about the invalid
// certificate instead (Bug 1848117).
await runTest(FIRST_URL_INSECURE_NOCERT, true, false);
finish();
});
|