зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1704843 - Part 2: Add a test to verify HSTS parameter includeSubDomains works correctly when network partitioning is enabled. r=ckerschb
Depends on D114614 Differential Revision: https://phabricator.services.mozilla.com/D114615
This commit is contained in:
Родитель
9f38d9d55b
Коммит
6e630edb09
|
@ -16,6 +16,14 @@ var secureImgURL =
|
|||
"https://example.com/browser/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.sjs?image";
|
||||
var unsecureImgURL =
|
||||
"http://example.com/browser/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.sjs?image";
|
||||
var secureIncludeSubURL =
|
||||
"https://example.com/browser/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.sjs?includeSub";
|
||||
var unsecureSubEmptyURL =
|
||||
"http://test1.example.com/browser/toolkit/components/antitracking/test/browser/empty.html";
|
||||
var secureSubEmptyURL =
|
||||
"https://test1.example.com/browser/toolkit/components/antitracking/test/browser/empty.html";
|
||||
var unsecureNoCertSubEmptyURL =
|
||||
"http://nocert.example.com/browser/toolkit/components/antitracking/test/browser/empty.html";
|
||||
|
||||
function cleanupHSTS(aPartitionEnabled, aUseSite) {
|
||||
// Ensure to remove example.com from the HSTS list.
|
||||
|
@ -201,3 +209,48 @@ add_task(async function test_subresource() {
|
|||
}
|
||||
}
|
||||
});
|
||||
|
||||
add_task(async function test_includeSubDomains() {
|
||||
for (let networkIsolation of [true, false]) {
|
||||
for (let partitionPerSite of [true, false]) {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [
|
||||
["privacy.partition.network_state", networkIsolation],
|
||||
["privacy.dynamic_firstparty.use_site", partitionPerSite],
|
||||
["security.mixed_content.upgrade_display_content", false],
|
||||
],
|
||||
});
|
||||
|
||||
let tab = (gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser));
|
||||
|
||||
// Load a secure page as first party to activate HSTS.
|
||||
await promiseTabLoadEvent(tab, secureIncludeSubURL, secureIncludeSubURL);
|
||||
|
||||
// Load a unsecure sub-domain page as first party to see if it's upgraded.
|
||||
await promiseTabLoadEvent(tab, unsecureSubEmptyURL, secureSubEmptyURL);
|
||||
|
||||
// Load a sub domain page which will trigger the cert error page.
|
||||
let certErrorLoaded = BrowserTestUtils.waitForErrorPage(
|
||||
tab.linkedBrowser
|
||||
);
|
||||
BrowserTestUtils.loadURI(tab.linkedBrowser, unsecureNoCertSubEmptyURL);
|
||||
await certErrorLoaded;
|
||||
|
||||
// Verify the error page has the 'badStsCert' in its query string
|
||||
await SpecialPowers.spawn(tab.linkedBrowser, [], () => {
|
||||
let searchParams = new content.URLSearchParams(
|
||||
content.document.documentURI
|
||||
);
|
||||
|
||||
is(
|
||||
searchParams.get("s"),
|
||||
"badStsCert",
|
||||
"The cert error page has 'badStsCert' set"
|
||||
);
|
||||
});
|
||||
|
||||
gBrowser.removeCurrentTab();
|
||||
cleanupHSTS(networkIsolation, partitionPerSite);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -10,7 +10,11 @@ const PAGE = "<!DOCTYPE html><html><body><p>HSTS page</p></body></html>";
|
|||
|
||||
function handleRequest(request, response) {
|
||||
response.setStatusLine(request.httpVersion, "200", "OK");
|
||||
response.setHeader("Strict-Transport-Security", "max-age=60");
|
||||
if (request.queryString == "includeSub") {
|
||||
response.setHeader("Strict-Transport-Security", "max-age=60; includeSubDomains");
|
||||
} else {
|
||||
response.setHeader("Strict-Transport-Security", "max-age=60");
|
||||
}
|
||||
|
||||
if (request.queryString == "image") {
|
||||
response.setHeader("Content-Type", "image/png", false);
|
||||
|
|
Загрузка…
Ссылка в новой задаче