browser_net_security-state.js

Enable keyboard shortcuts

/* Any copyright is dedicated to the Public Domain.

   http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

/**

 * Test that correct security state indicator appears depending on the security

 * state.

*/

add_task(async function () {

  // This test explicitly asserts some insecure domains.

  await pushPref("dom.security.https_first", false);

  const EXPECTED_SECURITY_STATES = {

    "test1.example.com": "security-state-insecure",

    "example.com": "security-state-secure",

    "nocert.example.com": "security-state-broken",

    localhost: "security-state-secure",

};

  const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {

    requestCount: 1,

});

  const { document, store, windowRequire } = monitor.panelWin;

  const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");

  store.dispatch(Actions.batchEnable(false));

  await performRequests();

  for (const subitemNode of Array.from(

    document.querySelectorAll(".requests-list-column.requests-list-domain")

  )) {

    // Skip header

    const icon = subitemNode.querySelector(".requests-security-state-icon");

    if (!icon) {

      continue;

    const domain = subitemNode.textContent;

    info("Found a request to " + domain);

    const classes = icon.classList;

    const expectedClass = EXPECTED_SECURITY_STATES[domain];

    info("Classes of security state icon are: " + classes);

    info("Security state icon is expected to contain class: " + expectedClass);

ok(

      classes.contains(expectedClass),

      "Icon contained the correct class name."

);

  return teardown(monitor);

/**

   * A helper that performs requests to

   *  - https://nocert.example.com (broken)

   *  - https://example.com (secure)

   *  - http://test1.example.com (insecure)

   *  - http://localhost (local)

   * and waits until NetworkMonitor has handled all packets sent by the server.

*/

  async function performRequests() {

    function executeRequests(count, url) {

      return SpecialPowers.spawn(

        tab.linkedBrowser,

        [{ count, url }],

        async function (args) {

          content.wrappedJSObject.performRequests(args.count, args.url);

);

    let done = waitForNetworkEvents(monitor, 1);

    info("Requesting a resource that has a certificate problem.");

    await executeRequests(1, "https://nocert.example.com");

    // Wait for the request to complete before firing another request. Otherwise

    // the request with security issues interfere with waitForNetworkEvents.

    info("Waiting for request to complete.");

    await done;

    // Next perform a request over HTTP. If done the other way around the latter

    // occasionally hangs waiting for event timings that don't seem to appear...

    done = waitForNetworkEvents(monitor, 1);

    info("Requesting a resource over HTTP.");

    await executeRequests(1, "http://test1.example.com" + CORS_SJS_PATH);

    await done;

    done = waitForNetworkEvents(monitor, 1);

    info("Requesting a resource over HTTPS.");

    await executeRequests(1, "https://example.com" + CORS_SJS_PATH);

    await done;

    done = waitForNetworkEvents(monitor, 1);

    info("Requesting a resource over HTTP to localhost.");

    await executeRequests(1, "http://localhost" + CORS_SJS_PATH);

    await done;

    const expectedCount = Object.keys(EXPECTED_SECURITY_STATES).length;

is(

      store.getState().requests.requests.length,

      expectedCount,

      expectedCount + " events logged."

);

});