tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_fall_back_to_https.js (2363B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 /*
      7 * This test is for bug 1002724.
      8 * https://bugzilla.mozilla.org/show_bug.cgi?id=1002724
      9 *
     10 * When a user enters a host name or IP address in the URL bar, "http" is
     11 * assumed.  If the host rejects connections on port 80, we try HTTPS as a
     12 * fall-back and only fail if HTTPS connection fails.
     13 *
     14 * This tests that when a user enters "example.com", it attempts to load
     15 * http://example.com:80 (not rejected), and when trying secureonly.example.com
     16 * (which rejects connections on port 80), it fails then loads
     17 * https://secureonly.example.com:443 instead.
     18 */
     19 
     20 const { UrlbarTestUtils } = ChromeUtils.importESModule(
     21  "resource://testing-common/UrlbarTestUtils.sys.mjs"
     22 );
     23 
     24 const bug1002724_tests = [
     25  {
     26    original: "example.com",
     27    // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     28    expected: "http://example.com",
     29    explanation: "Should load HTTP version of example.com",
     30  },
     31  {
     32    original: "secureonly.example.com",
     33    expected: "https://secureonly.example.com",
     34    explanation:
     35      "Should reject secureonly.example.com on HTTP but load the HTTPS version",
     36  },
     37 ];
     38 
     39 async function test_one(test_obj) {
     40  let tab = await BrowserTestUtils.openNewForegroundTab(
     41    gBrowser,
     42    "about:blank"
     43  );
     44  gURLBar.focus();
     45  gURLBar.value = test_obj.original;
     46 
     47  let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false);
     48  EventUtils.synthesizeKey("KEY_Enter");
     49  await loadPromise;
     50 
     51  ok(
     52    tab.linkedBrowser.currentURI.spec.startsWith(test_obj.expected),
     53    test_obj.explanation
     54  );
     55 
     56  BrowserTestUtils.removeTab(tab);
     57 }
     58 
     59 add_task(async function test_bug1002724() {
     60  await SpecialPowers.pushPrefEnv(
     61    // Disable HSTS preload just in case.
     62    {
     63      set: [
     64        ["network.stricttransportsecurity.preloadlist", false],
     65        ["network.dns.native-is-localhost", true],
     66        ["dom.security.https_first_schemeless", false],
     67      ],
     68    }
     69  );
     70 
     71  for (let test of bug1002724_tests) {
     72    await test_one(test);
     73  }
     74 
     75  // Test with HTTPS-First upgrading of schemeless enabled
     76  await SpecialPowers.pushPrefEnv({
     77    set: [["dom.security.https_first_schemeless", true]],
     78  });
     79 
     80  bug1002724_tests[0].expected = "https://example.com";
     81  await test_one(bug1002724_tests[0]);
     82 });