tor-browser

test_downgrade_bad_responses.html (1931B)

---

<!DOCTYPE HTML>
<html>
<head>
<title>Bug 1709552 : HTTPS-First: Add downgrade tests for bad responses to https request </title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

<script class="testbody" type="text/javascript">
"use strict";
/*
* Description of the test:
* We perform five tests where we expect https-first to detect
* that the target site only supports http
* Test 1: 400 Response
* Test 2: 401 Response
* Test 3: 403 Response
* Test 4: 416 Response
* Test 5: 418 Response
* Test 6: Timeout
*/

SimpleTest.waitForExplicitFinish();

const REQUEST_URL =
 "http://example.com/tests/dom/security/test/https-first/file_downgrade_bad_responses.sjs";

const redirectQueries = ["?test1a", "?test2a","?test3a", "?test4a", "?test5a", "?test6a"];
let currentTest = 0;
let testWin;
let currentQuery;
window.addEventListener("message", receiveMessage);

// Receive message and verify that it is from an http site.
// When the message is 'downgraded' then it was send by an http site
// and the redirection worked.
async function receiveMessage(event) {
 let data = event.data;
 currentQuery = redirectQueries[currentTest];
 ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery);
 ok(data.scheme === "http", "scheme is 'http' for " + currentQuery );
 testWin.close();
 await SpecialPowers.removePermission(
   "https-only-load-insecure",
   REQUEST_URL
 );
 if (++currentTest < redirectQueries.length) {
   runTest();
   return;
 }
 window.removeEventListener("message", receiveMessage);
 SimpleTest.finish();
}

async function runTest() {
 currentQuery = redirectQueries[currentTest];
 testWin = window.open(REQUEST_URL + currentQuery, "_blank");
}

SpecialPowers.pushPrefEnv({ set: [
   ["dom.security.https_first", true]
 ]}, runTest);

</script>
</body>
</html>