diff options
Diffstat (limited to 'devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js')
-rw-r--r-- | devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js b/devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js new file mode 100644 index 0000000000..2dcffdfcf3 --- /dev/null +++ b/devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js @@ -0,0 +1,106 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +// The test loads a web page with mixed active and display content +// on it while the "block mixed content" settings are _on_. +// It then checks that the blocked mixed content warning messages +// are logged to the console and have the correct "Learn More" +// url appended to them. After the first test finishes, it invokes +// a second test that overrides the mixed content blocker settings +// by clicking on the doorhanger shield and validates that the +// appropriate messages are logged to console. +// Bug 875456 - Log mixed content messages from the Mixed Content +// Blocker to the Security Pane in the Web Console. + +"use strict"; + +const TEST_URI = + "https://example.com/browser/devtools/client/webconsole/" + + "test/browser/test-mixedcontent-securityerrors.html"; +const LEARN_MORE_URI = + "https://developer.mozilla.org/docs/Web/Security/Mixed_content" + + DOCS_GA_PARAMS; + +const blockedActiveContentText = + "Blocked loading mixed active content \u201chttp://example.com/\u201d"; +const blockedDisplayContentText = + "Blocked loading mixed display content " + + "\u201chttp://example.com/tests/image/test/mochitest/blue.png\u201d"; +const activeContentText = + "Loading mixed (insecure) active content " + + "\u201chttp://example.com/\u201d on a secure page"; +const displayContentText = + "Loading mixed (insecure) display content " + + "\u201chttp://example.com/tests/image/test/mochitest/blue.png\u201d on a " + + "secure page"; + +add_task(async function () { + await pushPrefEnv(); + + const hud = await openNewTabAndConsole(TEST_URI); + + const waitForErrorMessage = text => + waitFor(() => findErrorMessage(hud, text), undefined, 100); + + const onBlockedIframe = waitForErrorMessage(blockedActiveContentText); + const onBlockedImage = waitForErrorMessage(blockedDisplayContentText); + + await onBlockedImage; + ok(true, "Blocked mixed display content error message is visible"); + + const blockedMixedActiveContentMessage = await onBlockedIframe; + ok(true, "Blocked mixed active content error message is visible"); + + info("Clicking on the Learn More link"); + let learnMoreLink = + blockedMixedActiveContentMessage.querySelector(".learn-more-link"); + let response = await simulateLinkClick(learnMoreLink); + is( + response.link, + LEARN_MORE_URI, + `Clicking the provided link opens ${response.link}` + ); + + info("Test disabling mixed content protection"); + + const { gIdentityHandler } = gBrowser.ownerGlobal; + ok( + gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"), + "Mixed Active Content state appeared on identity box" + ); + // Disabe mixed content protection. + gIdentityHandler.disableMixedContentProtection(); + + const waitForWarningMessage = text => + waitFor(() => findWarningMessage(hud, text), undefined, 100); + + const onMixedActiveContent = waitForWarningMessage(activeContentText); + const onMixedDisplayContent = waitForWarningMessage(displayContentText); + + await onMixedDisplayContent; + ok(true, "Mixed display content warning message is visible"); + + const mixedActiveContentMessage = await onMixedActiveContent; + ok(true, "Mixed active content warning message is visible"); + + info("Clicking on the Learn More link"); + learnMoreLink = mixedActiveContentMessage.querySelector(".learn-more-link"); + response = await simulateLinkClick(learnMoreLink); + is( + response.link, + LEARN_MORE_URI, + `Clicking the provided link opens ${response.link}` + ); + + gIdentityHandler.enableMixedContentProtectionNoReload(); +}); + +function pushPrefEnv() { + const prefs = [ + ["security.mixed_content.block_active_content", true], + ["security.mixed_content.block_display_content", true], + ["security.mixed_content.upgrade_display_content", false], + ]; + + return Promise.all(prefs.map(([pref, value]) => pushPref(pref, value))); +} |