Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 76 insertions, 0 deletions

diff --git a/dom/security/test/https-first/test_multiple_redirection.html b/dom/security/test/https-first/test_multiple_redirection.html
new file mode 100644
index 0000000000..d631f140e6
--- /dev/null
+++ b/dom/security/test/https-first/test_multiple_redirection.html
@@ -0,0 +1,76 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1721410
+Test multiple redirects using https-first and ensure the entire redirect chain is using https
+-->
+
+<head>
+  <title>HTTPS-First-Mode - Test for multiple redirections</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  SimpleTest.waitForExplicitFinish();
+
+  const testCase = [
+    // test 1: https-first upgrades http://example.com/test1 -> https://example.com/test1
+    //         that's redirect to https://example.com/.../redirect which then redirects
+    //         to http://example.com/../verify. Since the last redirect is http, and the
+    //         the redirection chain contains already example.com we expect https-first
+    //         to downgrade the request.
+    {name: "test last redirect HTTP", result: "scheme-http", query: "test1" },
+    // test 2: https-first upgrades http://example.com/test2 -> https://example.com/test2
+    //         that's redirect to https://example.com/.../redirect which then redirects
+    //         to https://example.com/../verify. Since the last redirect is https, we
+    //         expect to reach an https website.
+    {name: "test last redirect HTTPS", result: "scheme-https", query: "test2"},
+    // test 3: https-first upgrades http://example.com/test3 -> https://example.com/test3
+    //         that's redirect to https://example.com/.../hsts which then sets an hsts header
+    //         and redirects to http://example.com/../verify. Since an hsts header was set
+    //         we expect that to reach an https site
+    {name: "test last redirect HSTS", result: "scheme-https", query: "test3"},
+    // reset: reset hsts header for example.com
+    {name: "reset HSTS header", result: "scheme-https", query: "reset"},
+  ]
+  let currentTest = 0;
+  let testWin;
+  window.addEventListener("message", receiveMessage);
+
+  // receive message from loaded site verifying the scheme of
+  // the loaded document.
+  async function receiveMessage(event) {
+    let test = testCase[currentTest];
+      is(event.data.result,
+       test.result,
+       "same-origin redirect results in " + test.name
+    );
+    testWin.close();
+    if (++currentTest < testCase.length) {
+      startTest();
+      return;
+    }
+    window.removeEventListener("message", receiveMessage);
+    SimpleTest.finish();
+  }
+
+  async function startTest() {
+    const test = testCase[currentTest];
+    // Load an http:// window which gets upgraded to https://
+    let uri =
+      `http://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?${test.query}`;
+    testWin = window.open(uri);
+  }
+
+  // Set preference and start test
+  SpecialPowers.pushPrefEnv({ set: [
+    ["dom.security.https_first", true],
+  ]}, startTest);
+  </script>
+</body>
+</html>