Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: os == 'android' OR http3 OR http2
- Manifest: dom/security/test/https-only/mochitest.toml
<!DOCTYPE HTML>
<html>
<head>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script class="testbody" type="text/javascript">
"use strict";
/*
* Description of the test:
* We perform three tests where our upgrade/downgrade redirect loop detector should break the
* endless loop:
* Test 1: Meta Refresh
* Test 2: JS Redirect
* Test 3: 302 redirect
* Test 4: Redirect to different origin. No redirect loop should be detected
*/
SimpleTest.waitForExplicitFinish();
const HTTP_REQUEST_URL =
"http://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs";
const HTTPS_REQUEST_URL =
"https://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs";
const testQueries = [
// Test 1: Meta Refresh Redirect
{ scheme: "http", query: "test1", error: true },
{ scheme: "https", query: "test1", error: true },
// Test 2: JS win.location Redirect
{ scheme: "http", query: "test2", error: true },
{ scheme: "https", query: "test2", error: true },
// Test 3: 302 Redirect
{ scheme: "http", query: "test3", error: true },
{ scheme: "https", query: "test3", error: true },
// Test 4: 302 Redirect with a different path
{ scheme: "http", query: "test4", error: false },
{ scheme: "https", query: "test4", error: false },
];
let currentTest = 0;
// do each test two time. One time starting with https:// one time with http://
let testWin;
window.addEventListener("message", receiveMessageWhenLoaded);
function postMessageWhenLoaded() {
SimpleTest.waitForCondition(async () => {
return await SpecialPowers.spawn(testWin, [], () => {
let innerHTML = content.document.body.innerHTML;
return innerHTML == "OK :)"
|| innerHTML == "DO NOT DISPLAY THIS"
|| innerHTML.includes("about-httpsonly-title-alert");
}).catch(() => false);
},
() => window.postMessage("https-only-page-loaded", "*"),
"waiting for page load to complete"
);
}
async function receiveMessageWhenLoaded() {
const currentTestParams = testQueries[currentTest];
let testName = currentTestParams.scheme + ":" + currentTestParams.query
let innerHTML = await SpecialPowers.spawn(testWin, [], () => {
return content.document.body.innerHTML;
});
if(currentTestParams.error) {
ok(innerHTML.includes("about-httpsonly-title-alert"), testName + ": the error page should be shown");
} else {
is(innerHTML, "OK :)", testName + ": different path with https loaded ");
}
testWin.close();
if (++currentTest < testQueries.length) {
runNextTest();
return;
}
// no more tests to run -> cleanup
window.removeEventListener("https-only-page-load", receiveMessageWhenLoaded);
SimpleTest.finish();
}
async function runNextTest() {
const currentTestParams = testQueries[currentTest];
let uri = `${currentTestParams.scheme}://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs?${currentTestParams.query}`;
testWin = window.open(uri, "_blank");
postMessageWhenLoaded();
}
SpecialPowers.pushPrefEnv({ set: [
["dom.security.https_only_mode", true],
["dom.security.https_only_mode_break_upgrade_downgrade_endless_loop", true],
["dom.security.https_only_mode_ever_enabled", true], // clear this pref at the end
]}, runNextTest);
</script>
</body>
</html>