Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

  • This test gets skipped with pattern: true
<meta charset="utf-8">
<title>HTTPS-First Mode - Resource Upgrade</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<h1>HTTPS-First Mode</h1>
<p>Upgrade Test for various resources</p>
<iframe style="width:100%;" id="testframe"></iframe>
<script class="testbody" type="text/javascript">
/* Description of the test:
* We load resources (img, script, sytle, etc) over *http* and
* make sure they do not get upgraded to *https* because
* https-first only applies to top-level requests.
* In detail:
* We perform an XHR request to the *.sjs file which is processed async on
* the server and waits till all the requests were processed by the server.
* Once the server received all the different requests, the server responds
* to the initial XHR request with an array of results which must match
* the expected results from each test, making sure that all requests
* received by the server (*.sjs) were actually *http* requests.
const { AppConstants } = SpecialPowers.ChromeUtils.import(
const splitRegex = /^(.*)-(.*)$/
const testConfig = {
topLevelScheme: "http://",
results: [
"iframe", "script", "img", "img-redir", "font", "xhr", "style",
"media", "object", "form", "nested-img","top-level"
function runTest() {
// sends an xhr request to the server which is processed async, which only
// returns after the server has received all the expected requests.
var myXHR = new XMLHttpRequest();"GET", "file_upgrade_insecure_server.sjs?queryresult");
myXHR.onload = function (e) {
var results = myXHR.responseText.split(",");
for (var index in results) {
myXHR.onerror = function (e) {
ok(false, "Could not query results from server (" + e.message + ")");
// give it some time and run the testpage
SimpleTest.executeSoon(() => {
var src = testConfig.topLevelScheme + "";
document.getElementById("testframe").src = src;
// a postMessage handler that is used by sandboxed iframes without
// 'allow-same-origin' to bubble up results back to this main page.
window.addEventListener("message", receiveMessage);
function receiveMessage(event) {
function finishTest() {
window.removeEventListener("message", receiveMessage);
function checkResult(response) {
// A response looks either like this "iframe-ok" or "[key]-[result]"
const [, key, result] = splitRegex.exec(response)
// try to find the expected result within the results array
var index = testConfig.results.indexOf(key);
// If the response is not even part of the results array, something is super wrong
if (index == -1) {
ok(false, `Unexpected response from server (${response})`);
// take the element out the array and continue till the results array is empty
if (index != -1) {
testConfig.results.splice(index, 1);
// Check if the result was okay or had an error
is(result, 'ok', `Upgrade all requests on toplevel http for '${key}' came back with: '${result}'`)
// If we're not expecting any more resulsts, finish the test
if (testConfig.results.length == 0) {
// Set preference and start test
SpecialPowers.pushPrefEnv({ set: [
["", true],
["security.mixed_content.block_active_content", false],
["security.mixed_content.block_display_content", false]
] }, runTest);