tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_sss_resetState.js (3106B)

      1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 // This Source Code Form is subject to the terms of the Mozilla Public
      3 // License, v. 2.0. If a copy of the MPL was not distributed with this
      4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
      5 
      6 "use strict";
      7 
      8 // Tests that resetting HSTS state in the way the "forget about this site"
      9 // functionality does works as expected for preloaded and non-preloaded sites.
     10 
     11 do_get_profile();
     12 
     13 var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
     14  Ci.nsISiteSecurityService
     15 );
     16 
     17 function test_removeState(originAttributes) {
     18  info(`running test_removeState(originAttributes=${originAttributes})`);
     19  // Simulate visiting a non-preloaded site by processing an HSTS header check
     20  // that the HSTS bit gets set, simulate "forget about this site" (call
     21  // removeState), and then check that the HSTS bit isn't set.
     22  let notPreloadedURI = Services.io.newURI("https://not-preloaded.example.com");
     23  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
     24  gSSService.processHeader(notPreloadedURI, "max-age=1000;", originAttributes);
     25  ok(gSSService.isSecureURI(notPreloadedURI, originAttributes));
     26  gSSService.resetState(notPreloadedURI, originAttributes);
     27  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
     28 
     29  // Simulate visiting a non-preloaded site that unsets HSTS by processing
     30  // an HSTS header with "max-age=0", check that the HSTS bit isn't
     31  // set, simulate "forget about this site" (call removeState), and then check
     32  // that the HSTS bit isn't set.
     33  gSSService.processHeader(notPreloadedURI, "max-age=0;", originAttributes);
     34  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
     35  gSSService.resetState(notPreloadedURI, originAttributes);
     36  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
     37 
     38  // Simulate visiting a preloaded site by processing an HSTS header, check
     39  // that the HSTS bit is still set, simulate "forget about this site"
     40  // (call removeState), and then check that the HSTS bit is still set.
     41  let preloadedHost = "includesubdomains.preloaded.test";
     42  let preloadedURI = Services.io.newURI(`https://${preloadedHost}`);
     43  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
     44  gSSService.processHeader(preloadedURI, "max-age=1000;", originAttributes);
     45  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
     46  gSSService.resetState(preloadedURI, originAttributes);
     47  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
     48 
     49  // Simulate visiting a preloaded site that unsets HSTS by processing an
     50  // HSTS header with "max-age=0", check that the HSTS bit is what we
     51  // expect (see below), simulate "forget about this site" (call removeState),
     52  // and then check that the HSTS bit is set.
     53  gSSService.processHeader(preloadedURI, "max-age=0;", originAttributes);
     54  ok(!gSSService.isSecureURI(preloadedURI, originAttributes));
     55  gSSService.resetState(preloadedURI, originAttributes);
     56  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
     57 }
     58 
     59 function run_test() {
     60  test_removeState({});
     61  test_removeState({ privateBrowsingId: 1 });
     62 }