browser_upgrade_onion.js (2068B)
1 // This test ensures that various configurable upgrade exceptions work 2 "use strict"; 3 4 async function runTest(desc, url, expectedURI) { 5 await BrowserTestUtils.withNewTab("about:blank", async function (browser) { 6 let loaded = BrowserTestUtils.browserLoaded(browser, false, null, true); 7 BrowserTestUtils.startLoadingURIString(browser, url); 8 await loaded; 9 10 await SpecialPowers.spawn( 11 browser, 12 [desc, expectedURI], 13 async function (desc, expectedURI) { 14 // XXX ckerschb: generally we use the documentURI, but our test infra 15 // can not handle .onion, hence we use the URI of the failed channel 16 // stored on the docshell to see if the scheme was upgraded to https. 17 let loadedURI = content.document.documentURI; 18 if (loadedURI.startsWith("about:neterror")) { 19 loadedURI = content.docShell.failedChannel.URI.spec; 20 } 21 is(loadedURI, expectedURI, desc); 22 } 23 ); 24 }); 25 } 26 27 // by default local addresses and .onion should *not* get upgraded 28 add_task(async function () { 29 requestLongerTimeout(2); 30 31 await SpecialPowers.pushPrefEnv({ 32 set: [ 33 ["dom.security.https_first", true], 34 ["dom.security.https_only_mode", false], 35 ["dom.security.https_only_mode.upgrade_local", false], 36 ["dom.security.https_only_mode.upgrade_onion", false], 37 ], 38 }); 39 40 await runTest( 41 "Hosts ending with .onion should be be exempt from HTTPS-First upgrades by default", 42 "http://grocery.shopping.for.one.onion/", 43 "http://grocery.shopping.for.one.onion/" 44 ); 45 46 await SpecialPowers.pushPrefEnv({ 47 set: [ 48 ["dom.security.https_first", true], 49 ["dom.security.https_only_mode", false], 50 ["dom.security.https_only_mode.upgrade_local", false], 51 ["dom.security.https_only_mode.upgrade_onion", true], 52 ], 53 }); 54 55 await runTest( 56 "Hosts ending with .onion should get upgraded when 'dom.security.https_only_mode.upgrade_onion' is set to true", 57 "http://grocery.shopping.for.one.onion/", 58 "https://grocery.shopping.for.one.onion/" 59 ); 60 });