Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

Test that bad cert sites won't get upgraded by https-first
<title>HTTPS-FirstMode - Bad Certificates</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<h1>HTTPS-First Mode</h1>
<p>Test: Downgrade bad certificates without warning page </p>
<script class="testbody" type="text/javascript">
"use strict";
* We perform the following tests:
* 1. Request which is a site without a certificate
* 2. Request a site with self-signed cert (
* 3. Request a site with an untrusted cert (
* 4. Request a site with an expired cert
* 5. Request a site with an untrusted and expired cert
* 6. Request a site with no subject alternative dns name matching
* Expected result: Https-first tries to upgrade each request. Receives for each one an SSL_ERROR_*
* and downgrades back to http.
const badCertificates = ["nocert","self-signed", "untrusted","expired","untrusted-expired", "no-subject-alt-name"];
let currentTest = 0;
let testWin;
window.addEventListener("message", receiveMessage);
// Receive message and verify that it is from an http site.
// Verify that we got the correct message and an http scheme
async function receiveMessage(event) {
let data =;
let currentBadCert = badCertificates[currentTest];
ok(data.result === "downgraded", "Downgraded request " + currentBadCert);
ok(data.scheme === "http:", "Received 'http' for " + currentBadCert);
if (++currentTest < badCertificates.length) {
window.removeEventListener("message", receiveMessage);
async function startTest() {
const currentCode = badCertificates[currentTest];
// make a request to a subdomain of with a bad certificate
testWin =`http://${currentCode}`);
// Set preference and start test
SpecialPowers.pushPrefEnv({ set: [
["", true],
]}, startTest);