Adding upstream version 1:115.7.0.upstream/1%115.7.0 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 17:32:43 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 17:32:43 +0000
commit: 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
tree: a68f146d7fa01f0134297619fbe7e33db084e0aa /dom/security/test/https-first/browser_upgrade_onion.js
parent: Initial commit. (diff)
download: thunderbird-upstream.tar.xz
thunderbird-upstream.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/dom/security/test/https-first/browser_upgrade_onion.js b/dom/security/test/https-first/browser_upgrade_onion.js
new file mode 100644
index 0000000000..a6a6a85412
--- /dev/null
+++ b/dom/security/test/https-first/browser_upgrade_onion.js
@@ -0,0 +1,60 @@
+// This test ensures that various configurable upgrade exceptions work
+"use strict";
+
+async function runTest(desc, url, expectedURI) {
+  await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
+    let loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
+    BrowserTestUtils.loadURIString(browser, url);
+    await loaded;
+
+    await SpecialPowers.spawn(
+      browser,
+      [desc, expectedURI],
+      async function (desc, expectedURI) {
+        // XXX ckerschb: generally we use the documentURI, but our test infra
+        // can not handle .onion, hence we use the URI of the failed channel
+        // stored on the docshell to see if the scheme was upgraded to https.
+        let loadedURI = content.document.documentURI;
+        if (loadedURI.startsWith("about:neterror")) {
+          loadedURI = content.docShell.failedChannel.URI.spec;
+        }
+        is(loadedURI, expectedURI, desc);
+      }
+    );
+  });
+}
+
+// by default local addresses and .onion should *not* get upgraded
+add_task(async function () {
+  requestLongerTimeout(2);
+
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["dom.security.https_first", true],
+      ["dom.security.https_only_mode", false],
+      ["dom.security.https_only_mode.upgrade_local", false],
+      ["dom.security.https_only_mode.upgrade_onion", false],
+    ],
+  });
+
+  await runTest(
+    "Hosts ending with .onion should be be exempt from HTTPS-First upgrades by default",
+    "http://grocery.shopping.for.one.onion/",
+    "http://grocery.shopping.for.one.onion/"
+  );
+
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["dom.security.https_first", true],
+      ["dom.security.https_only_mode", false],
+      ["dom.security.https_only_mode.upgrade_local", false],
+      ["dom.security.https_only_mode.upgrade_onion", true],
+    ],
+  });
+
+  await runTest(
+    "Hosts ending with .onion should get upgraded when 'dom.security.https_only_mode.upgrade_onion' is set to true",
+    "http://grocery.shopping.for.one.onion/",
+    "https://grocery.shopping.for.one.onion/"
+  );
+});
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 17:32:43 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 17:32:43 +0000
commit	6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
tree	a68f146d7fa01f0134297619fbe7e33db084e0aa /dom/security/test/https-first/browser_upgrade_onion.js
parent	Initial commit. (diff)
download	thunderbird-upstream.tar.xz thunderbird-upstream.zip