tor-browser

test_bug466080.html (5436B)

---

<!DOCTYPE HTML>
<html>
<head>
 <title>Test bug 466080</title>
 <script src="/tests/SimpleTest/SimpleTest.js"></script>        
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe id="frame1"
       src="https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs">

This iframe should load the resource via the src-attribute from
a secure server which requires a client-cert. Doing this is
supposed to work, but further below in the test we try to load
the resource from the same url using a XHR, which should not work.

TODO : What if we change 'src' from JS? Would/should it load?

</iframe>

<script class="testbody" type="text/javascript">

"use strict";

onWindowLoad();

let alltests = [

// load resource from a relative url - this should work
 { url:"bug466080.sjs",
   status_check:"==200",
   error:"XHR from relative URL"},

// TODO - load the resource from a relative url via https..?

// load a non-existing resource - should get "404 Not Found"
 { url:"bug466080-does-not.exist",
   status_check:"==404",
   error:"XHR loading non-existing resource"},

// load resource from cross-site non-secure server
 { url:"http://test1.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR from cross-site plaintext server"},

// load resource from cross-site secure server - should work since no credentials are needed
 { url:"https://test1.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR from cross-site secure server"},

// load resource from cross-site secure server - should work since the server just requests certs
 { url:"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR from cross-site secure server requesting certificate"},

// load resource from cross-site secure server - should NOT work since the server requires cert
// note that this is the url which is used in the iframe.src above
 { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"!=200",
   error:"XHR from cross-site secure server requiring certificate"},

// repeat previous,  - should NOT work
 { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR w/ credentials from cross-site secure server requiring certificate",
   withCredentials:"true"},
   
// repeat previous, but with credentials - should work
 { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR w/ credentials from cross-site secure server requiring certificate",
   withCredentials:"true"},

// repeat previous, withCredentials but using a weird method to force preflight
// should NOT work since our preflight is anonymous and will fail with our simple server
 { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"!=200",
   error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
   withCredentials:"true",
   method:"XMETHOD"},

// repeat previous, withCredentials but using a weird method to force preflight
// Set network.cors_preflight.allow_client_cert pref, that will allow cers on an
// anonymous connection.
// This should work since our preflight will work now.
 { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
   status_check:"==200",
   error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
   withCredentials:"true",
   method:"XMETHOD",
   enableCertOnPreflight: true},

 { cleanEnableCertOnPreflight: true},
];

async function onWindowLoad() {
   // First, check that resource was loaded into the iframe
   // This check in fact depends on bug #444165... :)
   await new Promise(resolve => {
       document.getElementById("frame1").onload = () => { resolve(); };
   });

   async function runTest(test) {
       if (test.cleanEnableCertOnPreflight) {
           await SpecialPowers.pushPrefEnv({"set": [["network.cors_preflight.allow_client_cert", false]]});
           if (!alltests.length) {
               SimpleTest.finish();
           } else {
               runTest(alltests.shift());
           }
       } else {
           if (test.enableCertOnPreflight != null) {
               await SpecialPowers.pushPrefEnv({"set": [["network.cors_preflight.allow_client_cert", true]]});
           }
           var xhr =  new XMLHttpRequest();

           var method = "GET";
           if (test.method != null) { method = test.method; }
           xhr.open(method, test.url);

           xhr.withCredentials = test.withCredentials;

           SpecialPowers.wrap(xhr).setRequestHeader("Connection", "Keep-Alive", false);

           try {
               xhr.send();
           } catch(e) {
           }

           xhr.onloadend = function() {
               // eslint-disable-next-line no-eval
               var success = eval(xhr.status + test.status_check);
               ok(success, test.error);

               if (!alltests.length) {
                   SimpleTest.finish();
               } else {
                   runTest(alltests.shift());
               }
           };
       }
   }

   runTest(alltests.shift());
}

SimpleTest.waitForExplicitFinish();

</script>
</body>
</html>