browser_schemeless.js (1864B)
1 /* Any copyright is dedicated to the Public Domain. 2 https://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 // Test that HTTPS-Only takes precedence over schemeless HTTPS-First by checking 7 // that the HTTPSFIRST_LOAD_INSECURE_ALLOW permission is only respected on 8 // schemeless inputs when HTTPS-Only is disabled. 9 10 ChromeUtils.defineLazyGetter(this, "UrlbarTestUtils", () => { 11 const { UrlbarTestUtils: module } = ChromeUtils.importESModule( 12 "resource://testing-common/UrlbarTestUtils.sys.mjs" 13 ); 14 module.init(this); 15 return module; 16 }); 17 18 function runTest(aExpectedScheme, aDesc) { 19 return BrowserTestUtils.withNewTab("about:blank", async function (browser) { 20 const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true); 21 await UrlbarTestUtils.promiseAutocompleteResultPopup({ 22 window, 23 value: "example.com", 24 }); 25 EventUtils.synthesizeKey("KEY_Enter"); 26 await loaded; 27 28 is(browser.currentURI.scheme, aExpectedScheme, aDesc); 29 }); 30 } 31 32 add_task(async function test_schemeless() { 33 Services.perms.addFromPrincipal( 34 Services.scriptSecurityManager.createContentPrincipalFromOrigin( 35 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 36 "http://example.com" 37 ), 38 "https-only-load-insecure", 39 Ci.nsIHttpsOnlyModePermission.HTTPSFIRST_LOAD_INSECURE_ALLOW 40 ); 41 42 await SpecialPowers.pushPrefEnv({ 43 set: [ 44 ["dom.security.https_first", true], 45 ["dom.security.https_first_schemeless", true], 46 ], 47 }); 48 49 await runTest( 50 "http", 51 "HTTPSFIRST_LOAD_INSECURE_ALLOW should apply if HTTPS-Only is disabled" 52 ); 53 54 await SpecialPowers.pushPrefEnv({ 55 set: [["dom.security.https_only_mode", true]], 56 }); 57 58 await runTest( 59 "https", 60 "HTTPSFIRST_LOAD_INSECURE_ALLOW should not apply if HTTPS-Only is enabled" 61 ); 62 63 Services.perms.removeAll(); 64 });