test_break_endless_upgrade_downgrade_loop.html (3552B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1691888: Break endless upgrade downgrade loops when using https-only</title> 5 <script src="/tests/SimpleTest/SimpleTest.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 </head> 8 <body> 9 10 <script class="testbody" type="text/javascript"> 11 "use strict"; 12 /* 13 * Description of the test: 14 * We perform three tests where our upgrade/downgrade redirect loop detector should break the 15 * endless loop: 16 * Test 1: Meta Refresh 17 * Test 2: JS Redirect 18 * Test 3: 302 redirect 19 * Test 4: Redirect to different origin. No redirect loop should be detected 20 */ 21 22 SimpleTest.waitForExplicitFinish(); 23 24 const HTTP_REQUEST_URL = 25 "http://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs"; 26 const HTTPS_REQUEST_URL = 27 "https://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs"; 28 29 const testQueries = [ 30 // Test 1: Meta Refresh Redirect 31 { scheme: "http", query: "test1", error: true }, 32 { scheme: "https", query: "test1", error: true }, 33 // Test 2: JS win.location Redirect 34 { scheme: "http", query: "test2", error: true }, 35 { scheme: "https", query: "test2", error: true }, 36 // Test 3: 302 Redirect 37 { scheme: "http", query: "test3", error: true }, 38 { scheme: "https", query: "test3", error: true }, 39 // Test 4: 302 Redirect with a different path 40 { scheme: "http", query: "test4", error: false }, 41 { scheme: "https", query: "test4", error: false }, 42 ]; 43 44 let currentTest = 0; 45 // do each test two time. One time starting with https:// one time with http:// 46 let testWin; 47 window.addEventListener("message", receiveMessageWhenLoaded); 48 49 function postMessageWhenLoaded() { 50 SimpleTest.waitForCondition(async () => { 51 return await SpecialPowers.spawn(testWin, [], () => { 52 let innerHTML = content.document.body.innerHTML; 53 return innerHTML == "OK :)" 54 || innerHTML == "DO NOT DISPLAY THIS" 55 || innerHTML.includes("about-httpsonly-title-alert"); 56 }).catch(() => false); 57 }, 58 () => window.postMessage("https-only-page-loaded", "*"), 59 "waiting for page load to complete" 60 ); 61 } 62 63 async function receiveMessageWhenLoaded() { 64 const currentTestParams = testQueries[currentTest]; 65 let testName = currentTestParams.scheme + ":" + currentTestParams.query 66 67 let innerHTML = await SpecialPowers.spawn(testWin, [], () => { 68 return content.document.body.innerHTML; 69 }); 70 if(currentTestParams.error) { 71 ok(innerHTML.includes("about-httpsonly-title-alert"), testName + ": the error page should be shown"); 72 } else { 73 is(innerHTML, "OK :)", testName + ": different path with https loaded "); 74 } 75 testWin.close(); 76 77 if (++currentTest < testQueries.length) { 78 runNextTest(); 79 return; 80 } 81 // no more tests to run -> cleanup 82 window.removeEventListener("https-only-page-load", receiveMessageWhenLoaded); 83 SimpleTest.finish(); 84 } 85 86 async function runNextTest() { 87 const currentTestParams = testQueries[currentTest]; 88 let uri = `${currentTestParams.scheme}://example.com/tests/dom/security/test/https-only/file_break_endless_upgrade_downgrade_loop.sjs?${currentTestParams.query}`; 89 testWin = window.open(uri, "_blank"); 90 postMessageWhenLoaded(); 91 } 92 93 SpecialPowers.pushPrefEnv({ set: [ 94 ["dom.security.https_only_mode", true], 95 ["dom.security.https_only_mode_break_upgrade_downgrade_endless_loop", true], 96 ["dom.security.https_only_mode_ever_enabled", true], // clear this pref at the end 97 ]}, runNextTest); 98 99 </script> 100 </body> 101 </html>