summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/test_form_submission.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/https-first/test_form_submission.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/https-first/test_form_submission.html')
-rw-r--r--dom/security/test/https-first/test_form_submission.html122
1 files changed, 122 insertions, 0 deletions
diff --git a/dom/security/test/https-first/test_form_submission.html b/dom/security/test/https-first/test_form_submission.html
new file mode 100644
index 0000000000..a68c3501c6
--- /dev/null
+++ b/dom/security/test/https-first/test_form_submission.html
@@ -0,0 +1,122 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1720103 - Https-first: Do not upgrade form submissions (for now)</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+<script class="testbody" type="text/javascript">
+/*
+ * Description of the test:
+ * We test https-first behaviour with forms.
+ * We perform each test with once with same origin and the second time
+ * with a cross origin. We perform two GET form requests and two POST
+ * form requests.
+ * In more detail:
+ *
+ * 1. Test: Request that gets upgraded to https, GET form submission.
+ *
+ * 2. Test: Request that gets upgraded to https, that upgraded request
+ * gets timed out, so https-first send an http request, GET form submission.
+ *
+ * 3. Test: request that gets upgraded to https, and sends a POST form
+ * to http://example.com.
+ *
+ * 4. Test: Request where the https upgrade get timed out -> http, and sends a POST form
+ * to http://example.com,
+ *
+ */
+SimpleTest.waitForExplicitFinish();
+window.addEventListener("message", receiveMessage);
+
+const SAME_ORIGIN = "http://example.com/tests/dom/security/test/https-first/file_form_submission.sjs";
+const CROSS_ORIGIN = SAME_ORIGIN.replace(".com", ".org");
+const Tests = [{
+ // 1. Test GET, gets upgraded
+ query: "?test=1",
+ scheme: "https:",
+ method: "GET",
+ value: "test=success",
+},
+{
+ // 2. Test GET, initial request will be downgraded
+ query:"?test=2",
+ scheme: "http:",
+ method: "GET",
+ value: "test=success"
+},
+{ // 3. Test POST formular, gets upgraded
+ query: "?test=3",
+ scheme: "http:",
+ method: "POST",
+ value: "test=success"
+},
+{ // 4. Test POST formular, request will be downgraded
+ query: "?test=4",
+ scheme: "http:",
+ method: "POST",
+ value: "test=success"
+},
+];
+let currentTest;
+let counter = 0;
+let testWin;
+let sameOrigin = true;
+
+// Verify that top-level request got the expected scheme and reached the correct location.
+async function receiveMessage(event){
+ let data = event.data;
+ let origin = sameOrigin? SAME_ORIGIN : CROSS_ORIGIN
+ const expectedLocation = origin.replace("http:", currentTest.scheme);
+ // If GET request check that form was transfered by url
+ if (currentTest.method === "GET") {
+ is(data.location, expectedLocation + currentTest.query,
+ "Reached the correct location for " + currentTest.query );
+ } else {
+ // Since the form is always send to example.com we expect it here as location
+ is(data.location.includes(SAME_ORIGIN.replace("http:", currentTest.scheme)), true,
+ "Reached the correct location for " + currentTest.query );
+ }
+ is(data.scheme, currentTest.scheme,`${currentTest.query} upgraded or downgraded to ` + currentTest.scheme);
+ // Check that the form value is correct
+ is(data.form, currentTest.value, "Form was transfered");
+ testWin.close();
+ // Flip origin flag
+ sameOrigin ^= true;
+ // Only go to next test if already sent same and cross origin request for current test
+ if (sameOrigin) {
+ counter++;
+ }
+ // Check if we have test left, if not finish the testing
+ if (counter >= Tests.length) {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ return;
+ }
+ // If we didn't reached the end yet, run next test
+ runTest();
+}
+
+function runTest() {
+ currentTest = Tests[counter];
+ // If sameOrigin flag is set make a origin request, else a cross origin request
+ if (sameOrigin) {
+ testWin= window.open(SAME_ORIGIN + currentTest.query, "_blank");
+ } else {
+ testWin= window.open(CROSS_ORIGIN + currentTest.query, "_blank");
+ }
+}
+
+// Set prefs and start test
+SpecialPowers.pushPrefEnv({ set: [
+ ["dom.security.https_first", true],
+ ["security.warn_submit_secure_to_insecure", false]
+ ]}, runTest);
+
+
+</script>
+</body>
+</html>