browser_https_telemetry2.js (5954B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 // We explicitly need HTTP URLs in this test 7 /* eslint-disable @microsoft/sdl/no-insecure-url */ 8 9 requestLongerTimeout(2); 10 11 const TEST_PATH_HTTP = getRootDirectory(gTestPath).replace( 12 "chrome://mochitests/content", 13 "http://example.com" 14 ); 15 16 async function setPrefsAndResetFog( 17 aHTTPSOnlyPref, 18 aHTTPSFirstPref, 19 aSchemeLessPref 20 ) { 21 Services.fog.testResetFOG(); 22 23 await SpecialPowers.pushPrefEnv({ 24 set: [ 25 ["test.wait300msAfterTabSwitch", true], 26 ["dom.security.https_only_mode", aHTTPSOnlyPref], 27 ["dom.security.https_first", aHTTPSFirstPref], 28 ["dom.security.https_first_schemeless", aSchemeLessPref], 29 ], 30 }); 31 } 32 33 function verifyGleanValues(aDescription, aExpected) { 34 info(aDescription); 35 36 let notInitialized = aExpected.notInitialized || null; 37 let noUpgrade = aExpected.noUpgrade || null; 38 let alreadyHTTPS = aExpected.alreadyHTTPS || null; 39 let hsts = aExpected.hsts || null; 40 let httpsOnlyUpgrade = aExpected.httpsOnlyUpgrade || null; 41 let httpsOnlyUpgradeDowngrade = aExpected.httpsOnlyUpgradeDowngrade || null; 42 let httpsFirstUpgrade = aExpected.httpsFirstUpgrade || null; 43 let httpsFirstUpgradeDowngrade = aExpected.httpsFirstUpgradeDowngrade || null; 44 let httpsFirstSchemelessUpgrade = 45 aExpected.httpsFirstSchemelessUpgrade || null; 46 let httpsFirstSchemelessUpgradeDowngrade = 47 aExpected.httpsFirstSchemelessUpgradeDowngrade || null; 48 let cspUpgradeInsecureRequests = aExpected.cspUpgradeInsecureRequests || null; 49 let httpsRR = aExpected.httpsRR || null; 50 let webExtensionUpgrade = aExpected.webExtensionUpgrade || null; 51 let upgradeException = aExpected.upgradeException || null; 52 53 let glean = Glean.networking.httpToHttpsUpgradeReason; 54 is( 55 glean.not_initialized.testGetValue(), 56 notInitialized, 57 "verify not_initialized" 58 ); 59 is(glean.no_upgrade.testGetValue(), noUpgrade, "verify no_upgrade"); 60 is(glean.already_https.testGetValue(), alreadyHTTPS, "verify already_https"); 61 is(glean.hsts.testGetValue(), hsts, "verify hsts"); 62 is( 63 glean.https_only_upgrade.testGetValue(), 64 httpsOnlyUpgrade, 65 "verify https_only_upgrade" 66 ); 67 is( 68 glean.https_only_upgrade_downgrade.testGetValue(), 69 httpsOnlyUpgradeDowngrade, 70 "verify https_only_upgrade_downgrade" 71 ); 72 is( 73 glean.https_first_upgrade.testGetValue(), 74 httpsFirstUpgrade, 75 "verify https_first_upgrade" 76 ); 77 is( 78 glean.https_first_upgrade_downgrade.testGetValue(), 79 httpsFirstUpgradeDowngrade, 80 "verify https_first_upgrade_downgrade" 81 ); 82 is( 83 glean.https_first_schemeless_upgrade.testGetValue(), 84 httpsFirstSchemelessUpgrade, 85 "verify https_first_schemeless_upgrade" 86 ); 87 is( 88 glean.https_first_schemeless_upgrade_downgrade.testGetValue(), 89 httpsFirstSchemelessUpgradeDowngrade, 90 "verify https_first_schemeless_upgrade_downgrade" 91 ); 92 is( 93 glean.csp_uir.testGetValue(), 94 cspUpgradeInsecureRequests, 95 "verify csp_uir" 96 ); 97 is(glean.https_rr.testGetValue(), httpsRR, "verify https_rr"); 98 is( 99 glean.web_extension_upgrade.testGetValue(), 100 webExtensionUpgrade, 101 "verify web_extension_upgrade" 102 ); 103 is( 104 glean.upgrade_exception.testGetValue(), 105 upgradeException, 106 "verify upgrade_exception" 107 ); 108 } 109 110 async function runUpgradeTest(aURI, aDesc, aAssertURLStartsWith) { 111 await BrowserTestUtils.withNewTab("about:blank", async function (browser) { 112 const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true); 113 BrowserTestUtils.startLoadingURIString(browser, aURI); 114 await loaded; 115 116 await SpecialPowers.spawn( 117 browser, 118 [aDesc, aAssertURLStartsWith], 119 async function (aDesc, aAssertURLStartsWith) { 120 ok( 121 content.document.location.href.startsWith(aAssertURLStartsWith), 122 aDesc 123 ); 124 } 125 ); 126 await SpecialPowers.removePermission("https-only-load-insecure", aURI); 127 }); 128 } 129 130 add_task(async function () { 131 info("(1) verify view-source"); 132 133 await setPrefsAndResetFog( 134 false /* aHTTPSOnlyPref */, 135 false /* aHTTPSFirstPref */, 136 false /* aSchemeLessPref */ 137 ); 138 139 let random = Math.random(); 140 141 await runUpgradeTest( 142 "view-source:https://example.com?" + random, 143 "(1) verify view-source", 144 "view-source" 145 ); 146 verifyGleanValues("(1) verify view-source", { alreadyHTTPS: 1 }); 147 }); 148 149 add_task(async function () { 150 info("(2) verify about: pages"); 151 152 await setPrefsAndResetFog( 153 false /* aHTTPSOnlyPref */, 154 false /* aHTTPSFirstPref */, 155 false /* aSchemeLessPref */ 156 ); 157 158 // about:credits resolves to https://www.mozilla.org/credits/ 159 await runUpgradeTest("about:credits", "(2) verify about: pages", "https:"); 160 verifyGleanValues("(2) verify about: pages", { alreadyHTTPS: 1 }); 161 }); 162 163 add_task(async function () { 164 info("(3) verify top-level csp upgrade-insecure-requests"); 165 166 await setPrefsAndResetFog( 167 false /* aHTTPSOnlyPref */, 168 false /* aHTTPSFirstPref */, 169 false /* aSchemeLessPref */ 170 ); 171 172 let random = Math.random(); 173 174 await BrowserTestUtils.withNewTab( 175 TEST_PATH_HTTP + "file_https_telemetry_csp_uir.html?" + random, 176 async function (browser) { 177 let newTabPromise = BrowserTestUtils.waitForNewTab(gBrowser, null, true); 178 BrowserTestUtils.synthesizeMouse( 179 "#mylink", 180 2, 181 2, 182 { accelKey: true }, 183 browser 184 ); 185 let tab = await newTabPromise; 186 is( 187 tab.linkedBrowser.currentURI.scheme, 188 "https", 189 "Should have opened https page." 190 ); 191 BrowserTestUtils.removeTab(tab); 192 } 193 ); 194 195 // we record 2 loads: 196 // * the load for TEST_PATH_HTTP which results in "no_upgrade" 197 // * the link click where CSP UIR upgrades the load to https 198 verifyGleanValues("(3) verify top-level csp upgrade-insecure-requests", { 199 noUpgrade: 1, 200 cspUpgradeInsecureRequests: 1, 201 }); 202 });