tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_webconsole_hsts_invalid-headers.js (3153B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 // Tests that errors about invalid HSTS security headers are logged to the web console.
      5 
      6 "use strict";
      7 
      8 const TEST_URI =
      9  "data:text/html;charset=utf-8,<!DOCTYPE html>Web Console HSTS invalid header test";
     10 const SJS_URL =
     11  "https://example.com/browser/devtools/client/webconsole/" +
     12  "/test/browser/test_hsts-invalid-headers.sjs";
     13 const LEARN_MORE_URI =
     14  "https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/" +
     15  "Strict-Transport-Security" +
     16  DOCS_GA_PARAMS;
     17 
     18 add_task(async function () {
     19  const hud = await openNewTabAndConsole(TEST_URI);
     20 
     21  await navigateAndCheckWarningMessage(
     22    {
     23      url: SJS_URL + "?badSyntax",
     24      name: "Could not parse header error displayed successfully",
     25      text:
     26        "Strict-Transport-Security: The site specified a header that could " +
     27        "not be parsed successfully.",
     28    },
     29    hud
     30  );
     31 
     32  await navigateAndCheckWarningMessage(
     33    {
     34      url: SJS_URL + "?noMaxAge",
     35      name: "No max-age error displayed successfully",
     36      text:
     37        "Strict-Transport-Security: The site specified a header that did " +
     38        "not include a \u2018max-age\u2019 directive.",
     39    },
     40    hud
     41  );
     42 
     43  await navigateAndCheckWarningMessage(
     44    {
     45      url: SJS_URL + "?invalidIncludeSubDomains",
     46      name: "Invalid includeSubDomains error displayed successfully",
     47      text:
     48        "Strict-Transport-Security: The site specified a header that " +
     49        "included an invalid \u2018includeSubDomains\u2019 directive.",
     50    },
     51    hud
     52  );
     53 
     54  await navigateAndCheckWarningMessage(
     55    {
     56      url: SJS_URL + "?invalidMaxAge",
     57      name: "Invalid max-age error displayed successfully",
     58      text:
     59        "Strict-Transport-Security: The site specified a header that " +
     60        "included an invalid \u2018max-age\u2019 directive.",
     61    },
     62    hud
     63  );
     64 
     65  await navigateAndCheckWarningMessage(
     66    {
     67      url: SJS_URL + "?multipleIncludeSubDomains",
     68      name: "Multiple includeSubDomains error displayed successfully",
     69      text:
     70        "Strict-Transport-Security: The site specified a header that " +
     71        "included multiple \u2018includeSubDomains\u2019 directives.",
     72    },
     73    hud
     74  );
     75 
     76  await navigateAndCheckWarningMessage(
     77    {
     78      url: SJS_URL + "?multipleMaxAge",
     79      name: "Multiple max-age error displayed successfully",
     80      text:
     81        "Strict-Transport-Security: The site specified a header that " +
     82        "included multiple \u2018max-age\u2019 directives.",
     83    },
     84    hud
     85  );
     86 });
     87 
     88 async function navigateAndCheckWarningMessage({ url, name, text }, hud) {
     89  await clearOutput(hud);
     90 
     91  const onMessage = waitForMessageByType(hud, text, ".warn");
     92  await navigateTo(url);
     93  const { node } = await onMessage;
     94  ok(node, name);
     95 
     96  const learnMoreNode = node.querySelector(".learn-more-link");
     97  ok(learnMoreNode, `There is a "Learn more" link`);
     98  const navigationResponse = await simulateLinkClick(learnMoreNode);
     99  is(
    100    navigationResponse.link,
    101    LEARN_MORE_URI,
    102    "Click on the learn more link navigates the user to the expected url"
    103  );
    104 }