"use strict";
// For each FIRST_URL_* this test does the following:
// 1. Navigate to FIRST_URL_*
// 2. Check if we are on a HTTPS-Only error page
// 3. Navigate to SECOND_URL
// 4. Navigate back
// 5. Check if we are on a HTTPS-Only error page
const FIRST_URL_SECURE =
"https://example.com";
const FIRST_URL_INSECURE_REDIRECT =
"http://example.com/browser/dom/security/test/https-only/file_redirect_to_insecure.sjs";
const FIRST_URL_INSECURE_NOCERT =
"http://nocert.example.com";
const SECOND_URL =
"https://example.org";
function waitForPage() {
return new Promise(resolve => {
BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser).then(resolve);
BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(resolve);
});
}
async
function verifyErrorPage(expectErrorPage =
true) {
await SpecialPowers.spawn(
gBrowser.selectedBrowser,
[expectErrorPage],
async
function (_expectErrorPage) {
let doc = content.document;
let innerHTML = doc.body.innerHTML;
let errorPageL10nId =
"about-httpsonly-title-alert";
is(
innerHTML.includes(errorPageL10nId) &&
doc.documentURI.startsWith(
"about:httpsonlyerror"),
_expectErrorPage,
"we should be on the https-only error page"
);
}
);
}
async
function runTest(
firstUrl,
expectErrorPageOnFirstVisit,
expectErrorPageOnSecondVisit
) {
let loaded = waitForPage();
info(
"Loading first page");
BrowserTestUtils.startLoadingURIString(gBrowser, firstUrl);
await loaded;
await verifyErrorPage(expectErrorPageOnFirstVisit);
loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
info(
"Navigating to second page");
await SpecialPowers.spawn(
gBrowser.selectedBrowser,
[SECOND_URL],
async url => (content.location.href = url)
);
await loaded;
// Go back one site by clicking the back button
loaded = BrowserTestUtils.waitForLocationChange(gBrowser);
info(
"Clicking back button");
let backButton = document.getElementById(
"back-button");
backButton.click();
await loaded;
await verifyErrorPage(expectErrorPageOnSecondVisit);
}
add_task(async
function () {
waitForExplicitFinish();
await SpecialPowers.pushPrefEnv({
set: [[
"dom.security.https_only_mode",
true]],
});
// We don't expect any HTTPS-Only error pages, on the first and second visit of this URL,
// since the URL is reachable via https.
await runTest(FIRST_URL_SECURE,
false,
false);
// Since trying to upgrade this url will result in being redirected again to the insecure
// site, we are not able to upgrade it and a HTTPS-Only error page is shown.
// This is happening both on the first and second visit.
await runTest(FIRST_URL_INSECURE_REDIRECT,
true,
true);
// Similar to the previous case, we can not upgrade this URL, since this time it has a
// invalid certificate. We would expect a HTTPS-Only error page on both vists, but it is only
// shown on the first one, on the second one we get an errror page about the invalid
// certificate instead (Bug 1848117).
await runTest(FIRST_URL_INSECURE_NOCERT,
true,
false);
finish();
});
