tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_navigation.js (3142B)

      1 "use strict";
      2 
      3 // For each FIRST_URL_* this test does the following:
      4 // 1. Navigate to FIRST_URL_*
      5 // 2. Check if we are on a HTTPS-Only error page
      6 // 3. Navigate to SECOND_URL
      7 // 4. Navigate back
      8 // 5. Check if we are on a HTTPS-Only error page
      9 
     10 const FIRST_URL_SECURE = "https://example.com";
     11 const FIRST_URL_INSECURE_REDIRECT =
     12  "http://example.com/browser/dom/security/test/https-only/file_redirect_to_insecure.sjs";
     13 const FIRST_URL_INSECURE_NOCERT = "http://nocert.example.com";
     14 const SECOND_URL = "https://example.org";
     15 
     16 function waitForPage() {
     17  return new Promise(resolve => {
     18    BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser).then(resolve);
     19    BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(resolve);
     20  });
     21 }
     22 
     23 async function verifyErrorPage(expectErrorPage = true) {
     24  await SpecialPowers.spawn(
     25    gBrowser.selectedBrowser,
     26    [expectErrorPage],
     27    async function (_expectErrorPage) {
     28      let doc = content.document;
     29      let innerHTML = doc.body.innerHTML;
     30      let errorPageL10nId = "about-httpsonly-title-alert";
     31 
     32      is(
     33        innerHTML.includes(errorPageL10nId) &&
     34          doc.documentURI.startsWith("about:httpsonlyerror"),
     35        _expectErrorPage,
     36        "we should be on the https-only error page"
     37      );
     38    }
     39  );
     40 }
     41 
     42 async function runTest(
     43  firstUrl,
     44  expectErrorPageOnFirstVisit,
     45  expectErrorPageOnSecondVisit
     46 ) {
     47  let loaded = waitForPage();
     48  info("Loading first page");
     49  BrowserTestUtils.startLoadingURIString(gBrowser, firstUrl);
     50  await loaded;
     51  await verifyErrorPage(expectErrorPageOnFirstVisit);
     52 
     53  loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
     54  info("Navigating to second page");
     55  await SpecialPowers.spawn(
     56    gBrowser.selectedBrowser,
     57    [SECOND_URL],
     58    async url => (content.location.href = url)
     59  );
     60  await loaded;
     61 
     62  // Go back one site by clicking the back button
     63  loaded = BrowserTestUtils.waitForLocationChange(gBrowser);
     64  info("Clicking back button");
     65  let backButton = document.getElementById("back-button");
     66  backButton.click();
     67  await loaded;
     68  await verifyErrorPage(expectErrorPageOnSecondVisit);
     69 }
     70 
     71 add_task(async function () {
     72  waitForExplicitFinish();
     73 
     74  await SpecialPowers.pushPrefEnv({
     75    set: [["dom.security.https_only_mode", true]],
     76  });
     77 
     78  // We don't expect any HTTPS-Only error pages, on the first and second visit of this URL,
     79  // since the URL is reachable via https.
     80  await runTest(FIRST_URL_SECURE, false, false);
     81 
     82  // Since trying to upgrade this url will result in being redirected again to the insecure
     83  // site, we are not able to upgrade it and a HTTPS-Only error page is shown.
     84  // This is happening both on the first and second visit.
     85  await runTest(FIRST_URL_INSECURE_REDIRECT, true, true);
     86 
     87  // Similar to the previous case, we can not upgrade this URL, since this time it has a
     88  // invalid certificate. We would expect a HTTPS-Only error page on both vists, but it is only
     89  // shown on the first one, on the second one we get an errror page about the invalid
     90  // certificate instead (Bug 1848117).
     91  await runTest(FIRST_URL_INSECURE_NOCERT, true, false);
     92 
     93  finish();
     94 });