tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

https_upgrade.py (1526B)

      1 from urllib.parse import urlunsplit
      2 
      3 import pytest
      4 from tests.support.asserts import assert_error
      5 
      6 
      7 def navigate_to(session, url):
      8    return session.transport.send(
      9        "POST", "session/{session_id}/url".format(**vars(session)), {"url": url}
     10    )
     11 
     12 
     13 @pytest.fixture
     14 def http_with_https_port_url(server_config):
     15    """
     16    Creates an HTTP URL with a port for HTTPS that would trigger a HTTPS-First
     17    upgrade when entered in the url bar.
     18    """
     19 
     20    def _http_with_https_port_url(path, query="", fragment=""):
     21        domain = server_config["domains"][""][""]
     22        port = server_config["ports"]["https"][0]
     23        return urlunsplit(("http", f"{domain}:{port}", path, query, fragment))
     24 
     25    return _http_with_https_port_url
     26 
     27 
     28 @pytest.mark.capabilities({
     29    "pageLoadStrategy": "eager",
     30    "moz:firefoxOptions": {
     31        "prefs": {
     32            # Allow HTTPS upgrades for localhost and custom ports
     33            "dom.security.https_first_for_custom_ports": True,
     34            "dom.security.https_first_for_local_addresses": True,
     35            "dom.security.https_first_for_unknown_suffixes": True,
     36        },
     37    },
     38 })
     39 def test_no_https_first_upgrade(session, http_with_https_port_url):
     40    page = http_with_https_port_url("/webdriver/tests/support/html/default.html")
     41 
     42    # A navigation via the WebDriver API should not cause an HTTPS upgrade,
     43    # so it fails with a neterror page.
     44    response = navigate_to(session, page)
     45    assert_error(response, "unknown error")
     46 
     47    assert session.url.startswith("http://")