<!-- Any copyright is dedicated to the Public Domain. http://creativecommons.org/publicdomain/zero/1.0/ --> <!DOCTYPE HTML> <html> <head> <title>Test that an HSTS upgraded request can be intercepted by a service worker</title> <script src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> </head> <body> <p id="display"></p> <div id="content"> <iframe></iframe> </div> <pre id="test"></pre> <script class="testbody" type="text/javascript"> var iframe; var framesLoaded = 0; function runTest() { iframe = document.querySelector("iframe"); iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/register.html"; window.onmessage = function(e) { if (e.data.status == "ok") { ok(e.data.result, e.data.message); } else if (e.data.status == "registrationdone") { iframe.src = "http://example.com/tests/dom/serviceworkers/test/fetch/hsts/index.html"; } else if (e.data.status == "protocol") { is(e.data.data, "https:", "Correct protocol expected"); ok(e.data.securityInfoPresent, "Security info present on intercepted value"); switch (++framesLoaded) { case 1: iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/embedder.html"; break; case 2: iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/image.html"; break; } } else if (e.data.status == "image") { is(e.data.data, 40, "The image request was upgraded before interception"); iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/unregister.html"; } else if (e.data.status == "unregistrationdone") { window.onmessage = null; SpecialPowers.cleanUpSTSData("http://example.com"); SimpleTest.finish(); } }; } SimpleTest.waitForExplicitFinish(); onload = function() { SpecialPowers.pushPrefEnv({"set": [ ["dom.serviceWorkers.exemptFromPerDomainMax", true], ["dom.serviceWorkers.enabled", true], ["dom.serviceWorkers.testing.enabled", true], // This is needed so that we can test upgrading a non-secure load inside an https iframe. ["security.mixed_content.block_active_content", false], ["security.mixed_content.block_display_content", false], ]}, runTest); }; </script> </pre> </body> </html>