tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_hsts_upgrade_intercept.html (2460B)

      1 <!--
      2  Any copyright is dedicated to the Public Domain.
      3  http://creativecommons.org/publicdomain/zero/1.0/
      4 -->
      5 <!DOCTYPE HTML>
      6 <html>
      7 <head>
      8  <title>Test that an HSTS upgraded request can be intercepted by a service worker</title>
      9  <script src="/tests/SimpleTest/SimpleTest.js"></script>
     10  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
     11 </head>
     12 <body>
     13 <p id="display"></p>
     14 <div id="content">
     15 <iframe></iframe>
     16 </div>
     17 <pre id="test"></pre>
     18 <script class="testbody" type="text/javascript">
     19 
     20  var iframe;
     21  var framesLoaded = 0;
     22  function runTest() {
     23    iframe = document.querySelector("iframe");
     24    iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/register.html";
     25    window.onmessage = function(e) {
     26      if (e.data.status == "ok") {
     27        ok(e.data.result, e.data.message);
     28      } else if (e.data.status == "registrationdone") {
     29        iframe.src = "http://example.com/tests/dom/serviceworkers/test/fetch/hsts/index.html";
     30      } else if (e.data.status == "protocol") {
     31        is(e.data.data, "https:", "Correct protocol expected");
     32        ok(e.data.securityInfoPresent, "Security info present on intercepted value");
     33        switch (++framesLoaded) {
     34        case 1:
     35          iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/embedder.html";
     36          break;
     37        case 2:
     38          iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/image.html";
     39          break;
     40        }
     41      } else if (e.data.status == "image") {
     42        is(e.data.data, 40, "The image request was upgraded before interception");
     43        iframe.src = "https://example.com/tests/dom/serviceworkers/test/fetch/hsts/unregister.html";
     44      } else if (e.data.status == "unregistrationdone") {
     45        window.onmessage = null;
     46        SpecialPowers.cleanUpSTSData("http://example.com");
     47        SimpleTest.finish();
     48      }
     49    };
     50  }
     51 
     52  SimpleTest.waitForExplicitFinish();
     53  onload = function() {
     54    SpecialPowers.pushPrefEnv({"set": [
     55      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
     56      ["dom.serviceWorkers.enabled", true],
     57      ["dom.serviceWorkers.testing.enabled", true],
     58      // This is needed so that we can test upgrading a non-secure load inside an https iframe.
     59      ["security.mixed_content.block_active_content", false],
     60      ["security.mixed_content.block_display_content", false],
     61    ]}, runTest);
     62  };
     63 </script>
     64 </pre>
     65 </body>
     66 </html>