file_upgrade_insecure.html (3667B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title> 6 <!-- style --> 7 <link rel='stylesheet' type='text/css' href='http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?style' media='screen' /> 8 9 <!-- font --> 10 <style> 11 @font-face { 12 font-family: "foofont"; 13 src: url('http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?font'); 14 } 15 .div_foo { font-family: "foofont"; } 16 </style> 17 </head> 18 <body> 19 20 <!-- images: --> 21 <img src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?img"></img> 22 23 <!-- redirects: upgrade http:// to https:// redirect to http:// and then upgrade to https:// again --> 24 <img src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?redirect-image"></img> 25 26 <!-- script: --> 27 <script src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?script"></script> 28 29 <!-- media: --> 30 <audio src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?media"></audio> 31 32 <!-- objects: --> 33 <object width="10" height="10" data="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?object"></object> 34 35 <!-- font: (apply font loaded in header to div) --> 36 <div class="div_foo">foo</div> 37 38 <!-- iframe: (same origin) --> 39 <iframe src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?iframe"> 40 <!-- within that iframe we load an image over http and make sure the requested gets upgraded to https --> 41 </iframe> 42 43 <!-- xhr: --> 44 <script type="application/javascript"> 45 var myXHR = new XMLHttpRequest(); 46 myXHR.open("GET", "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?xhr"); 47 myXHR.send(null); 48 </script> 49 50 <!-- websockets: upgrade ws:// to wss://--> 51 <script type="application/javascript"> 52 // WebSocket tests are not supported on Android yet. Bug 1566168 53 const { AppConstants } = SpecialPowers.ChromeUtils.importESModule( 54 "resource://gre/modules/AppConstants.sys.mjs" 55 ); 56 if (AppConstants.platform !== "android") { 57 var mySocket = new WebSocket("ws://example.com/tests/dom/security/test/csp/file_upgrade_insecure"); 58 mySocket.onopen = function(e) { 59 if (mySocket.url.includes("wss://")) { 60 window.parent.postMessage({result: "websocket-ok"}, "*"); 61 } 62 else { 63 window.parent.postMessage({result: "websocket-error"}, "*"); 64 } 65 mySocket.close(); 66 }; 67 mySocket.onerror = function(e) { 68 // debug information for Bug 1316305 69 dump(" xxx mySocket.onerror: (mySocket): " + mySocket + "\n"); 70 dump(" xxx mySocket.onerror: (mySocket.url): " + mySocket.url + "\n"); 71 dump(" xxx mySocket.onerror: (e): " + e + "\n"); 72 dump(" xxx mySocket.onerror: (e.message): " + e.message + "\n"); 73 window.parent.postMessage({result: "websocket-unexpected-error"}, "*"); 74 }; 75 } 76 </script> 77 78 <!-- form action: (upgrade POST from http:// to https://) --> 79 <iframe name='formFrame' id='formFrame'></iframe> 80 <form target="formFrame" action="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?form" method="POST"> 81 <input name="foo" value="foo"> 82 <input type="submit" id="submitButton" formenctype='multipart/form-data' value="Submit form"> 83 </form> 84 <script type="text/javascript"> 85 var submitButton = document.getElementById('submitButton'); 86 submitButton.click(); 87 </script> 88 89 </body> 90 </html>