test_upgrade_insecure_navigation.html (3148B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1271173 - Missing spec on Upgrade Insecure Requests(Navigational Upgrades) </title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe style="width:100%;" id="testframe"></iframe> 11 <iframe style="width:100%;" id="sandboxedtestframe" 12 sandbox="allow-scripts allow-top-navigation allow-same-origin allow-pointer-lock allow-popups"></iframe> 13 14 <script class="testbody" type="text/javascript"> 15 /* 16 * Description of the test: 17 * We load a page into an iframe that performs a navigational request. 18 * We make sure that upgrade-insecure-requests applies and the page 19 * gets upgraded to https if same origin. 20 * Please note that uir only applies to sandboxed iframes if 21 * the value 'allow-same-origin' is specified. 22 */ 23 24 SimpleTest.waitForExplicitFinish(); 25 26 var tests = [ 27 { 28 csp: "upgrade-insecure-requests;", 29 result: "https", 30 origin: "http://example.com", 31 desc: "upgrade-insecure-requests same origin should upgrade" 32 }, 33 { 34 csp: "", 35 result: "http", 36 origin: "http://example.com", 37 desc: "No upgrade-insecure-requests same origin should not upgrade" 38 }, 39 { 40 csp: "upgrade-insecure-requests;", 41 result: "http", 42 origin: "http://mochi.test:8888", 43 desc: "upgrade-insecure-requests cross origin should not upgrade" 44 }, 45 { 46 csp: "", 47 result: "http", 48 origin: "http://mochi.test:8888", 49 desc: "No upgrade-insecure-requests cross origin should not upgrade" 50 }, 51 ]; 52 53 // initializing to -1 so we start at index 0 when we start the test 54 var counter = -1; 55 56 function finishTest() { 57 window.removeEventListener("message", receiveMessage); 58 SimpleTest.finish(); 59 } 60 61 var subtests = 0; 62 63 window.addEventListener("message", receiveMessage); 64 function receiveMessage(event) { 65 var result = event.data.result; 66 // query the scheme from the URL before comparing the result 67 var scheme = result.substring(0, result.indexOf(":")); 68 is(scheme, tests[counter].result, tests[counter].desc); 69 70 // @hardcoded 4: 71 // each test run contains of two subtests (frame and top-level) 72 // and we load each test into a regular iframe and into a 73 // sandboxed iframe. only move on to the next test once all 74 // four results from the subtests have bubbled up. 75 subtests++; 76 if (subtests != 4) { 77 return; 78 } 79 subtests = 0; 80 loadNextTest(); 81 } 82 83 function loadNextTest() { 84 counter++; 85 if (counter == tests.length) { 86 finishTest(); 87 return; 88 } 89 90 var src = tests[counter].origin; 91 src += "/tests/dom/security/test/csp/file_upgrade_insecure_navigation.sjs"; 92 src += "?csp=" + escape(tests[counter].csp); 93 src += "&action=perform_navigation"; 94 document.getElementById("testframe").src = src; 95 document.getElementById("sandboxedtestframe").src = src; 96 } 97 // Don't upgrade to https to test that upgrade-insecure-requests acts correctly 98 // start running the tests 99 SpecialPowers.pushPrefEnv({ 100 set: [["dom.security.https_first", false]] 101 }, loadNextTest); 102 103 </script> 104 </body> 105 </html>