diff options
Diffstat (limited to 'browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js')
| -rw-r--r-- | browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js b/browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js new file mode 100644 index 0000000000..6ca9655406 --- /dev/null +++ b/browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js @@ -0,0 +1,69 @@ +/* + * Bug 1253771 - check mixed content blocking in combination with overriden certificates + */ + +"use strict"; + +const MIXED_CONTENT_URL = + getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://self-signed.example.com" + ) + "test-mixedcontent-securityerrors.html"; + +function getConnectionState() { + return document.getElementById("identity-popup").getAttribute("connection"); +} + +function getPopupContentVerifier() { + return document.getElementById("identity-popup-content-verifier"); +} + +function getIdentityIcon() { + return window.getComputedStyle(document.getElementById("identity-icon")) + .listStyleImage; +} + +function checkIdentityPopup(icon) { + gIdentityHandler.refreshIdentityPopup(); + is(getIdentityIcon(), `url("chrome://global/skin/icons/${icon}")`); + is(getConnectionState(), "secure-cert-user-overridden"); + isnot( + getPopupContentVerifier().style.display, + "none", + "Overridden certificate warning is shown" + ); + ok( + getPopupContentVerifier().textContent.includes("security exception"), + "Text shows overridden certificate warning." + ); +} + +add_task(async function () { + await BrowserTestUtils.openNewForegroundTab(gBrowser); + + // check that a warning is shown when loading a page with mixed content and an overridden certificate + await loadBadCertPage(MIXED_CONTENT_URL); + checkIdentityPopup("security-warning.svg"); + + // check that the crossed out icon is shown when disabling mixed content protection + gIdentityHandler.disableMixedContentProtection(); + await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + + checkIdentityPopup("security-broken.svg"); + + // check that a warning is shown even without mixed content + BrowserTestUtils.loadURIString( + gBrowser.selectedBrowser, + "https://self-signed.example.com" + ); + await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + checkIdentityPopup("security-warning.svg"); + + // remove cert exception + let certOverrideService = Cc[ + "@mozilla.org/security/certoverride;1" + ].getService(Ci.nsICertOverrideService); + certOverrideService.clearValidityOverride("self-signed.example.com", -1, {}); + + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); |