Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: http3 OR http2
- Manifest: dom/security/test/https-first/mochitest.toml
<!DOCTYPE html>
<!--
Description:
visit it via https
back to http, which means we set an HTTPS-Only/First exception for
window.location = "...".
-->
<html>
<head>
<meta charset="utf-8" />
<title>HTTPS-First-Mode - Simulate site similar to bom.gov.au</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script class="testbody" type="text/javascript">
"use strict";
/* eslint-disable @microsoft/sdl/no-insecure-url */
const URL_A =
const URL_B =
SimpleTest.waitForExplicitFinish();
let testWin;
let messageNumber = 0;
async function receiveMessage(event) {
switch (messageNumber) {
case 0:
is(
event.data.location,
URL_B,
"We should land on page B after being HTTP redirected"
);
break;
case 1:
is(
event.data.location,
URL_A,
"We should land on page B after being redirected back through JS and not upgraded again"
);
ok(
await SpecialPowers.testPermission(
"https-only-load-insecure",
SpecialPowers.Ci.nsIHttpsOnlyModePermission
.HTTPSFIRST_LOAD_INSECURE_ALLOW,
URL_A
),
"A temporary HTTPS-First exception should have been added for the site"
);
testWin.close();
testWin = window.open(URL_A);
break;
case 2:
is(event.data.location, URL_A, "We should directly land on page A");
testWin.close();
window.removeEventListener("message", this);
await SpecialPowers.removePermission(
"https-only-load-insecure",
URL_A
);
SimpleTest.finish();
break;
default:
throw Error("Received too many messages");
}
messageNumber++;
}
window.addEventListener("message", receiveMessage);
SpecialPowers.pushPrefEnv({
set: [["dom.security.https_first", true]],
}).then(() => {
testWin = window.open(URL_A);
});
</script>
</body>
</html>