tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_https_rr_no_downgrade.js (2989B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      4 */
      5 "use strict";
      6 
      7 const TEST_PATH_HTTP = getRootDirectory(gTestPath).replace(
      8  "chrome://mochitests/content",
      9  "http://example.com"
     10 );
     11 
     12 const TIMEOUT_PAGE_URI_HTTP = TEST_PATH_HTTP + "file_https_rr_no_downgrade.sjs";
     13 
     14 async function runPrefTest(aURI, aDesc, aSecure) {
     15  let assertURLStartsWith = aSecure ? "https://" : "http://";
     16  await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
     17    const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
     18    BrowserTestUtils.startLoadingURIString(browser, aURI);
     19    await loaded;
     20 
     21    await ContentTask.spawn(
     22      browser,
     23      { aDesc, assertURLStartsWith },
     24      function ({ aDesc, assertURLStartsWith }) {
     25        dump(`The URL we ended up at: ${content.document.location.href}\n`);
     26        ok(
     27          content.document.location.href.startsWith(assertURLStartsWith),
     28          aDesc
     29        );
     30      }
     31    );
     32 
     33    await SpecialPowers.removePermission("https-only-load-insecure", aURI);
     34  });
     35 }
     36 
     37 add_task(async function () {
     38  requestLongerTimeout(2);
     39 
     40  await SpecialPowers.pushPrefEnv({
     41    set: [
     42      ["network.dns.mock_HTTPS_RR_domain", "example.org"],
     43      ["network.dns.force_use_https_rr", true],
     44      ["dom.security.https_only_fire_http_request_background_timer_ms", 600],
     45    ],
     46  });
     47 
     48  Services.fog.testResetFOG();
     49  await runPrefTest(
     50    TIMEOUT_PAGE_URI_HTTP,
     51    "On a timeout we should downgrade.",
     52    false // secure?
     53  );
     54 
     55  let glean = Glean.networking.httpToHttpsUpgradeReason;
     56  is(glean.https_first_upgrade.testGetValue(), 1, "Should upgrade");
     57  is(glean.https_first_upgrade_downgrade.testGetValue(), 1, "Timerdowngrade.");
     58 
     59  Services.fog.testResetFOG();
     60  await runPrefTest(
     61    TIMEOUT_PAGE_URI_HTTP.replace("example.com", "example.org"),
     62    "For example.org we pretend to have an HTTPS RR and don't downgrade.",
     63    true // secure?
     64  );
     65  is(glean.https_first_upgrade.testGetValue(), 1, "Should upgrade");
     66  // The following doesn't work because we do not register the downgrade if
     67  // the follow up connection is upgraded by HTTPS RR. So this succeeds with
     68  // or without the fix for bug 1906590.
     69  is(glean.https_first_upgrade_downgrade.testGetValue(), null, "No downgrade");
     70  // The following doesn't work because our telemetry thinks that HTTPS RR
     71  // didn't cause the upgrade. Which is somewhat true. It just may have
     72  // prevented the downgrade, though. This also is the same with and without the
     73  // fix for bug 1906590.
     74  //is(glean.https_rr.testGetValue(), 1, "verify https_rr");
     75  is(glean.https_rr.testGetValue(), null, "verify https_rr");
     76  // If a downgrade happens a new connection is started which is exempt from
     77  // upgrades because of the downgrade!
     78  is(glean.upgrade_exception.testGetValue(), null, "verify upgrade_exception");
     79 });