tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_resource_upgrade.html (4519B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 
      4 <head>
      5  <meta charset="utf-8">
      6  <title>HTTPS-Only Mode - Resource Upgrade</title>
      7  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      8  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      9  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
     10 </head>
     11 
     12 <body>
     13  <h1>HTTPS-Only Mode</h1>
     14  <p>Upgrade Test for various resources</p>
     15  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1613063">Bug 1613063</a>
     16  <iframe style="width:100%;" id="testframe"></iframe>
     17 
     18  <script class="testbody" type="text/javascript">
     19    /* Description of the test:
     20     * We load resources (img, script, sytle, etc) over *http* and make sure
     21     * that all the resources get upgraded to use >> https << when the
     22     * preference "dom.security.https_only_mode" is set to true. We further
     23     * test that subresources within nested contexts (iframes) get upgraded
     24     * and also test the handling of server side redirects.
     25     *
     26     * In detail:
     27     * We perform an XHR request to the *.sjs file which is processed async on
     28     * the server and waits till all the requests were processed by the server.
     29     * Once the server received all the different requests, the server responds
     30     * to the initial XHR request with an array of results which must match
     31     * the expected results from each test, making sure that all requests
     32     * received by the server (*.sjs) were actually *https* requests.
     33     */
     34 
     35    const { AppConstants } = SpecialPowers.ChromeUtils.importESModule(
     36      "resource://gre/modules/AppConstants.sys.mjs"
     37    );
     38    const splitRegex = /^(.*)-(.*)$/
     39    const testConfig = {
     40      topLevelScheme: "http://",
     41      results: [
     42        "iframe", "script", "img", "img-redir", "font", "xhr", "style",
     43        "media", "object", "form", "nested-img"
     44      ]
     45    }
     46    // TODO: WebSocket tests are not supported on Android Yet. Bug 1566168.
     47    if (AppConstants.platform !== "android") {
     48      testConfig.results.push("websocket");
     49    }
     50 
     51 
     52    function runTest() {
     53      // sends an xhr request to the server which is processed async, which only
     54      // returns after the server has received all the expected requests.
     55      var myXHR = new XMLHttpRequest();
     56      myXHR.open("GET", "file_upgrade_insecure_server.sjs?queryresult");
     57      myXHR.onload = function () {
     58        var results = myXHR.responseText.split(",");
     59        for (var index in results) {
     60          checkResult(results[index]);
     61        }
     62      }
     63      myXHR.onerror = function (e) {
     64        ok(false, "Could not query results from server (" + e.message + ")");
     65        finishTest();
     66      }
     67      myXHR.send();
     68 
     69      // give it some time and run the testpage
     70      SimpleTest.executeSoon(() => {
     71        var src = testConfig.topLevelScheme + "example.com/tests/dom/security/test/https-only/file_upgrade_insecure.html";
     72        document.getElementById("testframe").src = src;
     73      });
     74    }
     75 
     76    // a postMessage handler that is used by sandboxed iframes without
     77    // 'allow-same-origin' to bubble up results back to this main page.
     78    window.addEventListener("message", receiveMessage);
     79    function receiveMessage(event) {
     80      checkResult(event.data.result);
     81    }
     82 
     83    function finishTest() {
     84      window.removeEventListener("message", receiveMessage);
     85      SimpleTest.finish();
     86    }
     87 
     88    function checkResult(response) {
     89      // A response looks either like this "iframe-ok" or "[key]-[result]"
     90      const [, key, result] = splitRegex.exec(response)
     91      // try to find the expected result within the results array
     92      var index = testConfig.results.indexOf(key);
     93 
     94      // If the response is not even part of the results array, something is super wrong
     95      if (index == -1) {
     96        ok(false, `Unexpected response from server (${response})`);
     97        finishTest();
     98      }
     99 
    100      // take the element out the array and continue till the results array is empty
    101      if (index != -1) {
    102        testConfig.results.splice(index, 1);
    103      }
    104 
    105      // Check if the result was okay or had an error
    106      is(result, 'ok', `Upgrade all requests on toplevel http for '${key}' came back with: '${result}'`)
    107 
    108      // If we're not expecting any more resulsts, finish the test
    109      if (!testConfig.results.length) {
    110        finishTest();
    111      }
    112    }
    113 
    114    SimpleTest.waitForExplicitFinish();
    115 
    116    // Set preference and start test
    117    SpecialPowers.pushPrefEnv({ set: [["dom.security.https_only_mode", true]] }, runTest);
    118 
    119  </script>
    120 </body>
    121 
    122 </html>