diff options
Diffstat (limited to 'devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js')
-rw-r--r-- | devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js b/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js new file mode 100644 index 0000000000..3d8b4b3331 --- /dev/null +++ b/devtools/client/webconsole/test/browser/browser_webconsole_hsts_invalid-headers.js @@ -0,0 +1,104 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +// Tests that errors about invalid HSTS security headers are logged to the web console. + +"use strict"; + +const TEST_URI = + "data:text/html;charset=utf-8,<!DOCTYPE html>Web Console HSTS invalid header test"; +const SJS_URL = + "https://example.com/browser/devtools/client/webconsole/" + + "/test/browser/test_hsts-invalid-headers.sjs"; +const LEARN_MORE_URI = + "https://developer.mozilla.org/docs/Web/HTTP/Headers/" + + "Strict-Transport-Security" + + DOCS_GA_PARAMS; + +add_task(async function () { + const hud = await openNewTabAndConsole(TEST_URI); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?badSyntax", + name: "Could not parse header error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that could " + + "not be parsed successfully.", + }, + hud + ); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?noMaxAge", + name: "No max-age error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that did " + + "not include a \u2018max-age\u2019 directive.", + }, + hud + ); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?invalidIncludeSubDomains", + name: "Invalid includeSubDomains error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that " + + "included an invalid \u2018includeSubDomains\u2019 directive.", + }, + hud + ); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?invalidMaxAge", + name: "Invalid max-age error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that " + + "included an invalid \u2018max-age\u2019 directive.", + }, + hud + ); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?multipleIncludeSubDomains", + name: "Multiple includeSubDomains error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that " + + "included multiple \u2018includeSubDomains\u2019 directives.", + }, + hud + ); + + await navigateAndCheckWarningMessage( + { + url: SJS_URL + "?multipleMaxAge", + name: "Multiple max-age error displayed successfully", + text: + "Strict-Transport-Security: The site specified a header that " + + "included multiple \u2018max-age\u2019 directives.", + }, + hud + ); +}); + +async function navigateAndCheckWarningMessage({ url, name, text }, hud) { + await clearOutput(hud); + + const onMessage = waitForMessageByType(hud, text, ".warn"); + await navigateTo(url); + const { node } = await onMessage; + ok(node, name); + + const learnMoreNode = node.querySelector(".learn-more-link"); + ok(learnMoreNode, `There is a "Learn more" link`); + const navigationResponse = await simulateLinkClick(learnMoreNode); + is( + navigationResponse.link, + LEARN_MORE_URI, + "Click on the learn more link navigates the user to the expected url" + ); +} |