tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_bug_1725646.html (3090B)

      1 <!DOCTYPE html>
      2 
      3 <!--
      4  Description:
      5 
      6  1. We visit http://example.com/A
      7  2. HTTPS-First upgrades to https://example.com/A
      8  3. https://example.com/A redirects us to http://example.com/B, because we
      9     visit it via https
     10  4. HTTPS-First fails to upgrade to https://example.com/B as it gets redirected
     11     back to http, which means we set an HTTPS-Only/First exception for
     12     "http://example.com"
     13  5. http://example.com/B sends HTML informing the user that HTTPS is not
     14     supported, and redirecting the user back to http://example.com/A via
     15     window.location = "...".
     16  6. The load to http://example.com/A will not be upgraded again
     17  7. Subsequent visits of http://example.com/A will also not be upgraded
     18 -->
     19 
     20 <html>
     21  <head>
     22    <meta charset="utf-8" />
     23    <title>HTTPS-First-Mode - Simulate site similar to bom.gov.au</title>
     24    <script src="/tests/SimpleTest/SimpleTest.js"></script>
     25    <link rel="stylesheet" href="/tests/SimpleTest/test.css" />
     26  </head>
     27  <body>
     28    <script class="testbody" type="text/javascript">
     29      "use strict";
     30      /* eslint-disable @microsoft/sdl/no-insecure-url */
     31 
     32      const URL_A =
     33        "http://example.com/tests/dom/security/test/https-first/file_bug_1725646_a.sjs";
     34      const URL_B =
     35        "http://example.com/tests/dom/security/test/https-first/file_bug_1725646_b.sjs";
     36 
     37      SimpleTest.waitForExplicitFinish();
     38 
     39      let testWin;
     40      let messageNumber = 0;
     41 
     42      async function receiveMessage(event) {
     43        switch (messageNumber) {
     44          case 0:
     45            is(
     46              event.data.location,
     47              URL_B,
     48              "We should land on page B after being HTTP redirected"
     49            );
     50            break;
     51 
     52          case 1:
     53            is(
     54              event.data.location,
     55              URL_A,
     56              "We should land on page B after being redirected back through JS and not upgraded again"
     57            );
     58            ok(
     59              await SpecialPowers.testPermission(
     60                "https-only-load-insecure",
     61                SpecialPowers.Ci.nsIHttpsOnlyModePermission
     62                  .HTTPSFIRST_LOAD_INSECURE_ALLOW,
     63                URL_A
     64              ),
     65              "A temporary HTTPS-First exception should have been added for the site"
     66            );
     67            testWin.close();
     68            testWin = window.open(URL_A);
     69            break;
     70 
     71          case 2:
     72            is(event.data.location, URL_A, "We should directly land on page A");
     73            testWin.close();
     74            window.removeEventListener("message", this);
     75            await SpecialPowers.removePermission(
     76              "https-only-load-insecure",
     77              URL_A
     78            );
     79            SimpleTest.finish();
     80            break;
     81 
     82          default:
     83            throw Error("Received too many messages");
     84        }
     85        messageNumber++;
     86      }
     87 
     88      window.addEventListener("message", receiveMessage);
     89 
     90      SpecialPowers.pushPrefEnv({
     91        set: [["dom.security.https_first", true]],
     92      }).then(() => {
     93        testWin = window.open(URL_A);
     94      });
     95    </script>
     96  </body>
     97 </html>