diff options
Diffstat (limited to 'browser/base/content/test/about/browser_aboutNetError.js')
| -rw-r--r-- | browser/base/content/test/about/browser_aboutNetError.js | 245 |
1 files changed, 245 insertions, 0 deletions
diff --git a/browser/base/content/test/about/browser_aboutNetError.js b/browser/base/content/test/about/browser_aboutNetError.js new file mode 100644 index 0000000000..0f98413f33 --- /dev/null +++ b/browser/base/content/test/about/browser_aboutNetError.js @@ -0,0 +1,245 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const SSL3_PAGE = "https://ssl3.example.com/"; +const TLS10_PAGE = "https://tls1.example.com/"; +const TLS12_PAGE = "https://tls12.example.com/"; +const TRIPLEDES_PAGE = "https://3des.example.com/"; + +const lazy = {}; + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "gDNSOverride", + "@mozilla.org/network/native-dns-override;1", + "nsINativeDNSResolverOverride" +); + +// This includes all the cipher suite prefs we have. +function resetPrefs() { + Services.prefs.clearUserPref("security.tls.version.min"); + Services.prefs.clearUserPref("security.tls.version.max"); + Services.prefs.clearUserPref("security.tls.version.enable-deprecated"); + Services.prefs.clearUserPref("browser.fixup.alternate.enabled"); +} + +add_task(async function resetToDefaultConfig() { + info( + "Change TLS config to cause page load to fail, check that reset button is shown and that it works" + ); + + // Set ourselves up for a TLS error. + Services.prefs.setIntPref("security.tls.version.min", 1); // TLS 1.0 + Services.prefs.setIntPref("security.tls.version.max", 1); + + let browser; + let pageLoaded; + await BrowserTestUtils.openNewForegroundTab( + gBrowser, + () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TLS12_PAGE); + browser = gBrowser.selectedBrowser; + pageLoaded = BrowserTestUtils.waitForErrorPage(browser); + }, + false + ); + + info("Loading and waiting for the net error"); + await pageLoaded; + + // Setup an observer for the target page. + const finalLoadComplete = BrowserTestUtils.browserLoaded( + browser, + false, + TLS12_PAGE + ); + + await SpecialPowers.spawn(browser, [], async function () { + const doc = content.document; + ok( + doc.documentURI.startsWith("about:neterror"), + "Should be showing error page" + ); + + const prefResetButton = doc.getElementById("prefResetButton"); + await ContentTaskUtils.waitForCondition( + () => ContentTaskUtils.is_visible(prefResetButton), + "prefResetButton is visible" + ); + + if (!Services.focus.focusedElement == prefResetButton) { + await ContentTaskUtils.waitForEvent(prefResetButton, "focus"); + } + + Assert.ok(true, "prefResetButton has focus"); + + prefResetButton.click(); + }); + + info("Waiting for the page to load after the click"); + await finalLoadComplete; + + resetPrefs(); + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); + +add_task(async function checkLearnMoreLink() { + info("Load an unsupported TLS page and check for a learn more link"); + + // Set ourselves up for TLS error + Services.prefs.setIntPref("security.tls.version.min", 3); + Services.prefs.setIntPref("security.tls.version.max", 4); + + let browser; + let pageLoaded; + await BrowserTestUtils.openNewForegroundTab( + gBrowser, + () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, TLS10_PAGE); + browser = gBrowser.selectedBrowser; + pageLoaded = BrowserTestUtils.waitForErrorPage(browser); + }, + false + ); + + info("Loading and waiting for the net error"); + await pageLoaded; + + const baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL"); + + await SpecialPowers.spawn(browser, [baseURL], function (_baseURL) { + const doc = content.document; + ok( + doc.documentURI.startsWith("about:neterror"), + "Should be showing error page" + ); + + const tlsVersionNotice = doc.getElementById("tlsVersionNotice"); + ok( + ContentTaskUtils.is_visible(tlsVersionNotice), + "TLS version notice is visible" + ); + + const learnMoreLink = doc.getElementById("learnMoreLink"); + ok( + ContentTaskUtils.is_visible(learnMoreLink), + "Learn More link is visible" + ); + is(learnMoreLink.getAttribute("href"), _baseURL + "connection-not-secure"); + + const titleEl = doc.querySelector(".title-text"); + const actualDataL10nID = titleEl.getAttribute("data-l10n-id"); + is( + actualDataL10nID, + "nssFailure2-title", + "Correct error page title is set" + ); + + const errorCodeEl = doc.querySelector("#errorShortDesc2"); + const actualDataL10Args = errorCodeEl.getAttribute("data-l10n-args"); + ok( + actualDataL10Args.includes("SSL_ERROR_PROTOCOL_VERSION_ALERT"), + "Correct error code is set" + ); + }); + + resetPrefs(); + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); + +// When a user tries going to a host without a suffix +// and the term doesn't match a host and we are able to suggest a +// valid correction, the page should show the correction. +// e.g. http://example/example2 -> https://www.example.com/example2 +add_task(async function checkDomainCorrection() { + await SpecialPowers.pushPrefEnv({ + set: [["browser.fixup.alternate.enabled", false]], + }); + lazy.gDNSOverride.addIPOverride("www.example.com", "::1"); + + info("Try loading a URI that should result in an error page"); + BrowserTestUtils.openNewForegroundTab( + gBrowser, + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + "http://example/example2/", + false + ); + + info("Loading and waiting for the net error"); + let browser = gBrowser.selectedBrowser; + let pageLoaded = BrowserTestUtils.waitForErrorPage(browser); + await pageLoaded; + + const baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL"); + + await SpecialPowers.spawn(browser, [baseURL], async function (_baseURL) { + const doc = content.document; + ok( + doc.documentURI.startsWith("about:neterror"), + "Should be showing error page" + ); + + const errorNotice = doc.getElementById("errorShortDesc"); + ok(ContentTaskUtils.is_visible(errorNotice), "Error text is visible"); + + // Wait for the domain suggestion to be resolved and for the text to update + let link; + await ContentTaskUtils.waitForCondition(() => { + link = errorNotice.querySelector("a"); + return link && link.textContent != ""; + }, "Helper link has been set"); + + is( + link.getAttribute("href"), + "https://www.example.com/example2/", + "Link was corrected" + ); + + const actualDataL10nID = link.getAttribute("data-l10n-name"); + is(actualDataL10nID, "website", "Correct name is set"); + }); + + lazy.gDNSOverride.clearHostOverride("www.example.com"); + resetPrefs(); + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); + +// Test that ciphersuites that use 3DES (namely, TLS_RSA_WITH_3DES_EDE_CBC_SHA) +// can only be enabled when deprecated TLS is enabled. +add_task(async function onlyAllow3DESWithDeprecatedTLS() { + // By default, connecting to a server that only uses 3DES should fail. + await BrowserTestUtils.withNewTab( + { gBrowser, url: "about:blank" }, + async browser => { + BrowserTestUtils.loadURIString(browser, TRIPLEDES_PAGE); + await BrowserTestUtils.waitForErrorPage(browser); + } + ); + + // Enabling deprecated TLS should also enable 3DES. + Services.prefs.setBoolPref("security.tls.version.enable-deprecated", true); + await BrowserTestUtils.withNewTab( + { gBrowser, url: "about:blank" }, + async browser => { + BrowserTestUtils.loadURIString(browser, TRIPLEDES_PAGE); + await BrowserTestUtils.browserLoaded(browser, false, TRIPLEDES_PAGE); + } + ); + + // 3DES can be disabled separately. + Services.prefs.setBoolPref( + "security.ssl3.deprecated.rsa_des_ede3_sha", + false + ); + await BrowserTestUtils.withNewTab( + { gBrowser, url: "about:blank" }, + async browser => { + BrowserTestUtils.loadURIString(browser, TRIPLEDES_PAGE); + await BrowserTestUtils.waitForErrorPage(browser); + } + ); + + resetPrefs(); +}); |