browser_mixed_content_console.js (3561B)
1 // Bug 1713593: HTTPS-First: Add test for mixed content blocker. 2 "use strict"; 3 4 const testPath = getRootDirectory(gTestPath).replace( 5 "chrome://mochitests/content", 6 "http://example.com" 7 ); 8 9 const UPGRADE_DISPLAY_CONTENT = 10 "security.mixed_content.upgrade_display_content"; 11 12 let threeMessagesArrived = 0; 13 let messageImageSeen = false; 14 15 const kTestURI = testPath + "file_mixed_content_console.html"; 16 17 add_task(async function () { 18 // A longer timeout is necessary for this test than the plain mochitests 19 // due to opening a new tab with the web console. 20 requestLongerTimeout(4); 21 22 // Enable HTTPS-First Mode and register console-listener 23 await SpecialPowers.pushPrefEnv({ 24 set: [["dom.security.https_first", true]], 25 }); 26 Services.console.registerListener(on_console_message); 27 BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, kTestURI); 28 29 await BrowserTestUtils.waitForCondition(() => threeMessagesArrived === 3); 30 31 Services.console.unregisterListener(on_console_message); 32 }); 33 34 function on_console_message(msgObj) { 35 const message = msgObj.message; 36 37 // The first console message is: 38 // "HTTPS-First Mode: Upgrading insecure request 39 // ‘http://example.com/browser/dom/security/test/https-first/file_mixed_content_console.html’ to use ‘https’" 40 if (message.includes("HTTPS-First Mode: Upgrading insecure request")) { 41 ok(message.includes("Upgrading insecure request"), "request got upgraded"); 42 ok( 43 message.includes( 44 "“http://example.com/browser/dom/security/test/https-first/file_mixed_content_console.html” to use “https”." 45 ), 46 "correct top-level request" 47 ); 48 threeMessagesArrived++; 49 } 50 // If security.mixed_content.upgrade_display_content is enabled: 51 // The second console message is about upgrading the insecure image 52 else if ( 53 Services.prefs.getBoolPref(UPGRADE_DISPLAY_CONTENT) && 54 message.includes("Mixed Content: Upgrading") 55 ) { 56 ok( 57 message.includes("insecure display request"), 58 "display content got load" 59 ); 60 ok( 61 message.includes( 62 "‘http://example.com/browser/dom/security/test/https-first/auto_upgrading_identity.png’ to use ‘https’" 63 ), 64 "img loaded secure" 65 ); 66 threeMessagesArrived++; 67 messageImageSeen = true; 68 } 69 // Else: 70 // The second console message is about blocking the image: 71 // Message: "Loading mixed (insecure) display content 72 // “http://example.com/browser/dom/security/test/https-first/auto_upgrading_identity.png” on a secure page". 73 // Since the message is send twice, prevent reading the image message two times 74 else if (message.includes("Loading mixed") && !messageImageSeen) { 75 ok( 76 message.includes("Loading mixed (insecure) display content"), 77 "display content got load" 78 ); 79 ok( 80 message.includes( 81 "“http://example.com/browser/dom/security/test/https-first/auto_upgrading_identity.png” on a secure page" 82 ), 83 "img loaded insecure" 84 ); 85 threeMessagesArrived++; 86 messageImageSeen = true; 87 } 88 // The third message is: 89 // "Blocked loading mixed active content 90 // "http://example.com/browser/dom/security/test/https-first/barfoo"" 91 else if (message.includes("Blocked loading")) { 92 ok( 93 message.includes("Blocked loading mixed active content"), 94 "script got blocked" 95 ); 96 ok( 97 message.includes( 98 "http://example.com/browser/dom/security/test/https-first/barfoo" 99 ), 100 "the right script got blocked" 101 ); 102 threeMessagesArrived++; 103 } 104 }