test_break_endless_upgrade_downgrade_loop.html (3527B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=1715253 5 Test that same origin redirect does not cause endless loop with https-first enabled 6 --> 7 8 <head> 9 <title>HTTPS-First-Mode - Break endless upgrade downgrade redirect loop</title> 10 <script src="/tests/SimpleTest/SimpleTest.js"></script> 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 12 </head> 13 14 <body> 15 <h1>HTTPS-First Mode</h1> 16 <p>Upgrade Test for insecure redirects.</p> 17 18 <script class="testbody" type="text/javascript"> 19 "use strict"; 20 21 SimpleTest.waitForExplicitFinish(); 22 23 let testQueries = [ 24 // Those are clear downgrades. Need to load http site 25 { query: "downgrade_redirect_meta", result: "http" }, 26 { query: "downgrade_redirect_js", result: "http" }, 27 { query: "downgrade_redirect_http=301", result: "http" }, 28 { query: "downgrade_redirect_http=302", result: "http" }, 29 { query: "downgrade_redirect_http=303", result: "http" }, 30 { query: "downgrade_redirect_http=307", result: "http" }, 31 // from here it isn't required to downgrade. Could be upgraded again 32 { query: "redirect_meta", result: "https" }, 33 { query: "redirect_js", result: "https" }, 34 { query: "redirect_http=301", result: "https" }, 35 { query: "redirect_http=302", result: "https" }, 36 { query: "redirect_http=303", result: "https" }, 37 { query: "redirect_http=307", result: "https" }, 38 ]; 39 let currentTest = 0; 40 // do each test two time. One time starting with https:// one time with http:// 41 let currentTestStartWithHttps = false; 42 let testWin; 43 window.addEventListener("message", receiveMessage); 44 45 // receive message from loaded site verifying the scheme of 46 // the loaded document. 47 async function receiveMessage(event) { 48 let currentTestParams = testQueries[Math.floor(currentTest / 2)]; 49 let expectedURI; 50 if(currentTestParams.result == "https") { 51 expectedURI = "https://example.com/tests/dom/security/test/https-first/file_downgrade_with_different_path.sjs?" + currentTestParams.query; 52 } else { 53 expectedURI = "http://example.com/tests/dom/security/test/https-first/file_break_endless_upgrade_downgrade_loop.sjs?" + currentTestParams.query; 54 } 55 is(`scheme-${currentTestParams.result}-${expectedURI}`, 56 event.data.result, 57 `${currentTest}: redirect results in '${currentTestParams.result}' for ${expectedURI}` 58 ); 59 testWin.close(); 60 await SpecialPowers.removePermission( 61 "https-only-load-insecure", 62 "http://example.com" 63 ); 64 // each test gets run starting with http:// and https://. Therefore *2 65 if (++currentTest < 2 * testQueries.length) { 66 // start next case 67 startTest(); 68 return; 69 } 70 // cleanup 71 window.removeEventListener("message", receiveMessage); 72 SimpleTest.finish(); 73 } 74 75 async function startTest() { 76 const currentTestParams = testQueries[Math.floor(currentTest / 2)]; 77 const scheme = currentTest % 2 == 0 ? "https" : "http"; 78 // Load an http:// window which gets upgraded to https:// 79 let uri = 80 `${scheme}://example.com/tests/dom/security/test/https-first/file_break_endless_upgrade_downgrade_loop.sjs?${currentTestParams.query}`; 81 testWin = window.open(uri); 82 } 83 84 // Set preference and start test 85 SpecialPowers.pushPrefEnv({ set: [ 86 ["dom.security.https_first", true], 87 ["security.mixed_content.block_active_content", false], 88 ["security.mixed_content.block_display_content", false], 89 ]}, startTest); 90 </script> 91 </body> 92 </html>