browser_webconsole_block_mixedcontent_securityerrors.js

Enable keyboard shortcuts

/* Any copyright is dedicated to the Public Domain.

 * http://creativecommons.org/publicdomain/zero/1.0/ */

// The test loads a web page with mixed active and display content

// on it while the "block mixed content" settings are _on_.

// It then checks that the blocked mixed content warning messages

// are logged to the console and have the correct "Learn More"

// url appended to them. After the first test finishes, it invokes

// a second test that overrides the mixed content blocker settings

// by clicking on the doorhanger shield and validates that the

// appropriate messages are logged to console.

// Bug 875456 - Log mixed content messages from the Mixed Content

// Blocker to the Security Pane in the Web Console.

"use strict";

const TEST_URI =

  "https://example.com/browser/devtools/client/webconsole/" +

  "test/browser/test-mixedcontent-securityerrors.html";

const LEARN_MORE_URI =

  "https://developer.mozilla.org/docs/Web/Security/Mixed_content" +

  DOCS_GA_PARAMS;

const blockedActiveContentText =

  "Blocked loading mixed active content \u201chttp://example.com/\u201d";

const blockedDisplayContentText =

  "Blocked loading mixed display content " +

  "\u201chttp://example.com/tests/image/test/mochitest/blue.png\u201d";

const activeContentText =

  "Loading mixed (insecure) active content " +

  "\u201chttp://example.com/\u201d on a secure page";

const displayContentText =

  "Loading mixed (insecure) display content " +

  "\u201chttp://example.com/tests/image/test/mochitest/blue.png\u201d on a " +

  "secure page";

add_task(async function () {

  await pushPrefEnv();

  const hud = await openNewTabAndConsole(TEST_URI);

  const waitForErrorMessage = text =>

    waitFor(() => findErrorMessage(hud, text), undefined, 100);

  const onBlockedIframe = waitForErrorMessage(blockedActiveContentText);

  const onBlockedImage = waitForErrorMessage(blockedDisplayContentText);

  await onBlockedImage;

  ok(true, "Blocked mixed display content error message is visible");

  const blockedMixedActiveContentMessage = await onBlockedIframe;

  ok(true, "Blocked mixed active content error message is visible");

  info("Clicking on the Learn More link");

  let learnMoreLink =

    blockedMixedActiveContentMessage.querySelector(".learn-more-link");

  let response = await simulateLinkClick(learnMoreLink);

is(

    response.link,

    LEARN_MORE_URI,

    `Clicking the provided link opens ${response.link}`

);

  info("Test disabling mixed content protection");

  const { gIdentityHandler } = gBrowser.ownerGlobal;

ok(

    gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),

    "Mixed Active Content state appeared on identity box"

);

  // Disabe mixed content protection.

  gIdentityHandler.disableMixedContentProtection();

  const waitForWarningMessage = text =>

    waitFor(() => findWarningMessage(hud, text), undefined, 100);

  const onMixedActiveContent = waitForWarningMessage(activeContentText);

  const onMixedDisplayContent = waitForWarningMessage(displayContentText);

  await onMixedDisplayContent;

  ok(true, "Mixed display content warning message is visible");

  const mixedActiveContentMessage = await onMixedActiveContent;

  ok(true, "Mixed active content warning message is visible");

  info("Clicking on the Learn More link");

  learnMoreLink = mixedActiveContentMessage.querySelector(".learn-more-link");

  response = await simulateLinkClick(learnMoreLink);

is(

    response.link,

    LEARN_MORE_URI,

    `Clicking the provided link opens ${response.link}`

);

  gIdentityHandler.enableMixedContentProtectionNoReload();

});

function pushPrefEnv() {

  const prefs = [

    ["security.mixed_content.block_active_content", true],

    ["security.mixed_content.block_display_content", true],

    ["security.mixed_content.upgrade_display_content", false],

];

  return Promise.all(prefs.map(([pref, value]) => pushPref(pref, value)));