summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/about/browser_aboutNetError.js
diff options
context:
space:
mode:
Diffstat (limited to 'browser/base/content/test/about/browser_aboutNetError.js')
-rw-r--r--browser/base/content/test/about/browser_aboutNetError.js244
1 files changed, 244 insertions, 0 deletions
diff --git a/browser/base/content/test/about/browser_aboutNetError.js b/browser/base/content/test/about/browser_aboutNetError.js
new file mode 100644
index 0000000000..76eb8ea1af
--- /dev/null
+++ b/browser/base/content/test/about/browser_aboutNetError.js
@@ -0,0 +1,244 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const SSL3_PAGE = "https://ssl3.example.com/";
+const TLS10_PAGE = "https://tls1.example.com/";
+const TLS12_PAGE = "https://tls12.example.com/";
+const TRIPLEDES_PAGE = "https://3des.example.com/";
+
+const lazy = {};
+
+XPCOMUtils.defineLazyServiceGetter(
+ lazy,
+ "gDNSOverride",
+ "@mozilla.org/network/native-dns-override;1",
+ "nsINativeDNSResolverOverride"
+);
+
+// This includes all the cipher suite prefs we have.
+function resetPrefs() {
+ Services.prefs.clearUserPref("security.tls.version.min");
+ Services.prefs.clearUserPref("security.tls.version.max");
+ Services.prefs.clearUserPref("security.tls.version.enable-deprecated");
+ Services.prefs.clearUserPref("browser.fixup.alternate.enabled");
+}
+
+add_task(async function resetToDefaultConfig() {
+ info(
+ "Change TLS config to cause page load to fail, check that reset button is shown and that it works"
+ );
+
+ // Set ourselves up for a TLS error.
+ Services.prefs.setIntPref("security.tls.version.min", 1); // TLS 1.0
+ Services.prefs.setIntPref("security.tls.version.max", 1);
+
+ let browser;
+ let pageLoaded;
+ await BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ () => {
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TLS12_PAGE);
+ browser = gBrowser.selectedBrowser;
+ pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
+ },
+ false
+ );
+
+ info("Loading and waiting for the net error");
+ await pageLoaded;
+
+ // Setup an observer for the target page.
+ const finalLoadComplete = BrowserTestUtils.browserLoaded(
+ browser,
+ false,
+ TLS12_PAGE
+ );
+
+ await SpecialPowers.spawn(browser, [], async function() {
+ const doc = content.document;
+ ok(
+ doc.documentURI.startsWith("about:neterror"),
+ "Should be showing error page"
+ );
+
+ const prefResetButton = doc.getElementById("prefResetButton");
+ await ContentTaskUtils.waitForCondition(
+ () => ContentTaskUtils.is_visible(prefResetButton),
+ "prefResetButton is visible"
+ );
+
+ if (!Services.focus.focusedElement == prefResetButton) {
+ await ContentTaskUtils.waitForEvent(prefResetButton, "focus");
+ }
+
+ Assert.ok(true, "prefResetButton has focus");
+
+ prefResetButton.click();
+ });
+
+ info("Waiting for the page to load after the click");
+ await finalLoadComplete;
+
+ resetPrefs();
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(async function checkLearnMoreLink() {
+ info("Load an unsupported TLS page and check for a learn more link");
+
+ // Set ourselves up for TLS error
+ Services.prefs.setIntPref("security.tls.version.min", 3);
+ Services.prefs.setIntPref("security.tls.version.max", 4);
+
+ let browser;
+ let pageLoaded;
+ await BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ () => {
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TLS10_PAGE);
+ browser = gBrowser.selectedBrowser;
+ pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
+ },
+ false
+ );
+
+ info("Loading and waiting for the net error");
+ await pageLoaded;
+
+ const baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL");
+
+ await SpecialPowers.spawn(browser, [baseURL], function(_baseURL) {
+ const doc = content.document;
+ ok(
+ doc.documentURI.startsWith("about:neterror"),
+ "Should be showing error page"
+ );
+
+ const tlsVersionNotice = doc.getElementById("tlsVersionNotice");
+ ok(
+ ContentTaskUtils.is_visible(tlsVersionNotice),
+ "TLS version notice is visible"
+ );
+
+ const learnMoreLink = doc.getElementById("learnMoreLink");
+ ok(
+ ContentTaskUtils.is_visible(learnMoreLink),
+ "Learn More link is visible"
+ );
+ is(learnMoreLink.getAttribute("href"), _baseURL + "connection-not-secure");
+
+ const titleEl = doc.querySelector(".title-text");
+ const actualDataL10nID = titleEl.getAttribute("data-l10n-id");
+ is(
+ actualDataL10nID,
+ "nssFailure2-title",
+ "Correct error page title is set"
+ );
+
+ const errorCodeEl = doc.querySelector("#errorShortDesc2");
+ const actualDataL10Args = errorCodeEl.getAttribute("data-l10n-args");
+ ok(
+ actualDataL10Args.includes("SSL_ERROR_PROTOCOL_VERSION_ALERT"),
+ "Correct error code is set"
+ );
+ });
+
+ resetPrefs();
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+// When a user tries going to a host without a suffix
+// and the term doesn't match a host and we are able to suggest a
+// valid correction, the page should show the correction.
+// e.g. http://example/example2 -> https://www.example.com/example2
+add_task(async function checkDomainCorrection() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["browser.fixup.alternate.enabled", false]],
+ });
+ lazy.gDNSOverride.addIPOverride("www.example.com", "::1");
+
+ info("Try loading a URI that should result in an error page");
+ BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ "http://example/example2/",
+ false
+ );
+
+ info("Loading and waiting for the net error");
+ let browser = gBrowser.selectedBrowser;
+ let pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
+ await pageLoaded;
+
+ const baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL");
+
+ await SpecialPowers.spawn(browser, [baseURL], async function(_baseURL) {
+ const doc = content.document;
+ ok(
+ doc.documentURI.startsWith("about:neterror"),
+ "Should be showing error page"
+ );
+
+ const errorNotice = doc.getElementById("errorShortDesc");
+ ok(ContentTaskUtils.is_visible(errorNotice), "Error text is visible");
+
+ // Wait for the domain suggestion to be resolved and for the text to update
+ let link;
+ await ContentTaskUtils.waitForCondition(() => {
+ link = errorNotice.querySelector("a");
+ return link && link.textContent != "";
+ }, "Helper link has been set");
+
+ is(
+ link.getAttribute("href"),
+ "https://www.example.com/example2/",
+ "Link was corrected"
+ );
+
+ const actualDataL10nID = link.getAttribute("data-l10n-name");
+ is(actualDataL10nID, "website", "Correct name is set");
+ });
+
+ lazy.gDNSOverride.clearHostOverride("www.example.com");
+ resetPrefs();
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+// Test that ciphersuites that use 3DES (namely, TLS_RSA_WITH_3DES_EDE_CBC_SHA)
+// can only be enabled when deprecated TLS is enabled.
+add_task(async function onlyAllow3DESWithDeprecatedTLS() {
+ // By default, connecting to a server that only uses 3DES should fail.
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url: "about:blank" },
+ async browser => {
+ BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
+ await BrowserTestUtils.waitForErrorPage(browser);
+ }
+ );
+
+ // Enabling deprecated TLS should also enable 3DES.
+ Services.prefs.setBoolPref("security.tls.version.enable-deprecated", true);
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url: "about:blank" },
+ async browser => {
+ BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
+ await BrowserTestUtils.browserLoaded(browser, false, TRIPLEDES_PAGE);
+ }
+ );
+
+ // 3DES can be disabled separately.
+ Services.prefs.setBoolPref(
+ "security.ssl3.deprecated.rsa_des_ede3_sha",
+ false
+ );
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url: "about:blank" },
+ async browser => {
+ BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
+ await BrowserTestUtils.waitForErrorPage(browser);
+ }
+ );
+
+ resetPrefs();
+});