<!
DOCTYPE HTML>
<
html>
<
head>
<
meta charset=
"utf-8">
<
title>HTTPS-Only Mode - Resource Upgrade</
title>
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
<
script src=
"/tests/SimpleTest/SimpleTest.js"></
script>
<
link rel=
"stylesheet" type=
"text/css" href=
"/tests/SimpleTest/test.css" />
</
head>
<
body>
<
h1>HTTPS-Only Mode</
h1>
<p>Upgrade Test for various resources</p>
<a href=
"https://bugzilla.mozilla.org/show_bug.cgi?id=1613063">Bug 1613063</a>
<
iframe style=
"width:100%;" id=
"testframe"></
iframe>
<
script class=
"testbody" type=
"text/javascript">
/* Description of the test:
* We load resources (
img,
script, sytle, etc) over *http* and make sure
* that all the resources get upgraded to use >> https << when the
* preference
"dom.security.https_only_mode" is set to true. We further
* test that subresources within nested contexts (iframes) get upgraded
* and also test the handling of server side redirects.
*
* In detail:
* We perform an XHR request to the *.sjs file which is processed async on
* the server and waits till all the requests were processed by the server.
* Once the server received all the different requests, the server responds
* to the initial XHR request with an array of results which must match
* the expected results from each test, making sure that all requests
* received by the server (*.sjs) were actually *https* requests.
*/
const { AppConstants } = SpecialPowers.ChromeUtils.importESModule(
"resource://gre/modules/AppConstants.sys.mjs"
);
const splitRegex = /^(.*)-(.*)$/
const testConfig = {
topLevelScheme:
"http://",
results: [
"iframe",
"script",
"img",
"img-redir",
"font",
"xhr",
"style",
"media",
"object",
"form",
"nested-img"
]
}
// TODO: WebSocket tests are not supported on Android Yet. Bug 1566168.
if (AppConstants.platform !==
"android") {
testConfig.results.push(
"websocket");
}
function runTest() {
// sends an xhr request to the server which is processed async, which only
// returns after the server has received all the expected requests.
var myXHR = new XMLHttpRequest();
myXHR.open(
"GET",
"file_upgrade_insecure_server.sjs?queryresult");
myXHR.onload = function () {
var results = myXHR.responseText.split(
",");
for (
var index in results) {
checkResult(results[index]);
}
}
myXHR.onerror = function (e) {
ok(false,
"Could not query results from server (" + e.message +
")");
finishTest();
}
myXHR.send();
// give it some
time and run the testpage
SimpleTest.executeSoon(() => {
var src = testConfig.topLevelScheme +
"example.com/tests/dom/security/test/https-only/file_upgrade_insecure.html";
document.getElementById(
"testframe").src = src;
});
}
// a postMessage handler that is used by sandboxed iframes without
//
'allow-same-origin' to bubble up results back to this main page.
window.addEventListener(
"message", receiveMessage);
function receiveMessage(event) {
checkResult(event.data.result);
}
function finishTest() {
window.removeEventListener(
"message", receiveMessage);
SimpleTest.finish();
}
function checkResult(response) {
// A response looks either like this
"iframe-ok" or
"[key]-[result]"
const [, key, result] = splitRegex.exec(response)
// try to find the expected result within the results array
var index = testConfig.results.indexOf(key);
// If the response is not even part of the results array, something is super wrong
if (index == -1) {
ok(false, `Unexpected response from server (${response})`);
finishTest();
}
// take the element out the array and continue till the results array is empty
if (index != -1) {
testConfig.results.splice(index, 1);
}
// Check if the result was okay or had an error
is(result,
'ok', `Upgrade all requests on toplevel http for
'${key}' came back with:
'${result}'`)
// If we
're not expecting any more resulsts, finish the test
if (!testConfig.results.length) {
finishTest();
}
}
SimpleTest.waitForExplicitFinish();
// Set preference and start test
SpecialPowers.pushPrefEnv({ set: [[
"dom.security.https_only_mode", true]] }, runTest)
;
</script>
</body>
</html>
