test_http_background_auth_request.html (3693B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1665062 - HTTPS-Only: Do not cancel channel if auth is in progress</title> 5 <script src="/tests/SimpleTest/SimpleTest.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 </head> 8 <body> 9 10 <script class="testbody" type="text/javascript"> 11 12 /* 13 * Description of the test: 14 * We send a top-level request which results in a '401 - Unauthorized' and ensure that the 15 * http background request does not accidentally treat that request as a potential timeout. 16 * We make sure that ther HTTPS-Only Mode Error Page does *NOT* show up. 17 */ 18 19 const { AppConstants } = SpecialPowers.ChromeUtils.importESModule( 20 "resource://gre/modules/AppConstants.sys.mjs" 21 ); 22 23 SimpleTest.waitForExplicitFinish(); 24 SimpleTest.requestFlakyTimeout("When Auth is in progress, HTTPS-Only page should not show up"); 25 SimpleTest.requestLongerTimeout(10); 26 27 const EXPECTED_KICK_OFF_REQUEST = 28 "http://test1.example.com/tests/dom/security/test/https-only/file_http_background_auth_request.sjs?foo"; 29 const EXPECTED_UPGRADE_REQUEST = EXPECTED_KICK_OFF_REQUEST.replace("http://", "https://"); 30 let EXPECTED_BG_REQUEST = "http://test1.example.com/"; 31 let requestCounter = 0; 32 33 function examiner() { 34 SpecialPowers.addObserver(this, "specialpowers-http-notify-request"); 35 } 36 examiner.prototype = { 37 observe(subject, topic, data) { 38 if (topic !== "specialpowers-http-notify-request") { 39 return; 40 } 41 42 // On Android we have other requests appear here as well. Let's make 43 // sure we only evaluate requests triggered by the test. 44 if (!data.startsWith("http://test1.example.com") && 45 !data.startsWith("https://test1.example.com")) { 46 return; 47 } 48 ++requestCounter; 49 if (requestCounter == 1) { 50 is(data, EXPECTED_KICK_OFF_REQUEST, "kick off request needs to be http"); 51 return; 52 } 53 if (requestCounter == 2) { 54 is(data, EXPECTED_UPGRADE_REQUEST, "upgraded request needs to be https"); 55 return; 56 } 57 if (requestCounter == 3) { 58 is(data, EXPECTED_BG_REQUEST, "background request needs to be http and no sensitive info"); 59 return; 60 } 61 ok(false, "we should never get here, but just in case"); 62 }, 63 remove() { 64 SpecialPowers.removeObserver(this, "specialpowers-http-notify-request"); 65 } 66 } 67 window.AuthBackgroundRequestExaminer = new examiner(); 68 69 // https-only top-level background request occurs after 3 seconds, hence 70 // we use 4 seconds to make sure the background request did not happen. 71 function resolveAfter4Seconds() { 72 return new Promise(resolve => { 73 setTimeout(() => { 74 resolve(); 75 }, 4000); 76 }); 77 } 78 79 async function runTests() { 80 await SpecialPowers.pushPrefEnv({ set: [ 81 ["dom.security.https_only_mode", true], 82 ["dom.security.https_only_mode_send_http_background_request", true], 83 ]}); 84 85 let testWin = window.open(EXPECTED_KICK_OFF_REQUEST, "_blank"); 86 87 // Give the Auth Process and background request some time before moving on. 88 await resolveAfter4Seconds(); 89 90 if (AppConstants.platform !== "android") { 91 is(requestCounter, 3, "three requests total (kickoff, upgraded, background)"); 92 } else { 93 // On Android, the auth request resolves and hence the background request 94 // is not even kicked off - nevertheless, the error page should not appear! 95 is(requestCounter, 2, "two requests total (kickoff, upgraded)"); 96 } 97 98 await SpecialPowers.spawn(testWin, [], () => { 99 let innerHTML = content.document.body.innerHTML; 100 is(innerHTML, "", "expection page should not be displayed"); 101 }); 102 103 testWin.close(); 104 105 window.AuthBackgroundRequestExaminer.remove(); 106 SimpleTest.finish(); 107 } 108 109 runTests(); 110 111 </script> 112 </body> 113 </html>