tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_network_security-hsts.html (2553B)

      1 <!DOCTYPE HTML>
      2 <html lang="en">
      3 <head>
      4  <meta charset="utf8">
      5  <title>Test for the network actor (HSTS detection)</title>
      6  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
      7  <script type="text/javascript" src="common.js"></script>
      8  <!-- Any copyright is dedicated to the Public Domain.
      9     - http://creativecommons.org/publicdomain/zero/1.0/ -->
     10 </head>
     11 <body>
     12 <p>Test for the network actor (HSTS detection)</p>
     13 
     14 <iframe src="https://example.com/chrome/devtools/shared/webconsole/test/chrome/network_requests_iframe.html"></iframe>
     15 
     16 <script class="testbody" type="text/javascript">
     17 "use strict";
     18 
     19 SimpleTest.waitForExplicitFinish();
     20 
     21 const TEST_CASES = [
     22  {
     23    desc: "no HSTS",
     24    url: "https://example.com",
     25    usesHSTS: false,
     26  },
     27  {
     28    desc: "HSTS from this response",
     29    url: "https://example.com/"+
     30         "browser/browser/base/content/test/general/browser_star_hsts.sjs",
     31    usesHSTS: true,
     32  },
     33  {
     34    desc: "stored HSTS from previous response",
     35    url: "https://example.com/",
     36    usesHSTS: true,
     37  }
     38 ];
     39 
     40 async function startTest()
     41 {
     42  info("Test detection of HTTP Strict Transport Security.");
     43  for (const testCase of TEST_CASES) {
     44    await checkHSTS(testCase)
     45  }
     46 
     47  // Reset HSTS state.
     48  const gSSService = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
     49  const uri = Services.io.newURI(TEST_CASES[0].url);
     50  gSSService.resetState(uri);
     51 
     52  SimpleTest.finish();
     53 }
     54 
     55 async function checkHSTS({ url, usesHSTS}) {
     56  info("Testing HSTS for " + url);
     57  const commands = await createCommandsForTab();
     58  const resourceCommand = commands.resourceCommand;
     59 
     60  const resource = await new Promise(resolve => {
     61    resourceCommand
     62      .watchResources([resourceCommand.TYPES.NETWORK_EVENT], {
     63        onAvailable: () => {},
     64        onUpdated: resourceUpdate => {
     65          if (resourceUpdate[0].update.resourceUpdates.responseEndAvailable) {
     66            resolve(resourceUpdate[0].resource);
     67          }
     68        },
     69      })
     70      .then(() => {
     71        // Spawn the network requests after we started watching
     72        const iframe = document.querySelector("iframe").contentWindow;
     73        iframe.wrappedJSObject.makeXhrCallback("GET", url);
     74      });
     75  });
     76 
     77  const packet = await commands.client.request({ to: resource.actor, type: "getSecurityInfo" });
     78  is(
     79    packet.securityInfo.hsts,
     80    usesHSTS,
     81    "Strict Transport Security detected correctly for " + url
     82  );
     83  await commands.destroy();
     84 }
     85 
     86 addEventListener("load", startTest, { once: true });
     87 </script>
     88 </body>
     89 </html>