зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1702001
Https-only mode does not reload pages after clicking "Continue to HTTP Site", when url contains navigation r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D110395
This commit is contained in:
Родитель
c0ba36dc12
Коммит
75c83b4a52
|
@ -8826,15 +8826,17 @@ bool nsDocShell::IsSameDocumentNavigation(nsDocShellLoadState* aLoadState,
|
|||
// HTTPS-Only Mode is enabled and the two URIs are same-origin (modulo the
|
||||
// fact that the new URI is currently http), then set mSameExceptHashes to
|
||||
// true and only perform a fragment navigation.
|
||||
nsCOMPtr<nsIChannel> docChannel = GetCurrentDocChannel();
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
if (docChannel) {
|
||||
loadInfo = docChannel->LoadInfo();
|
||||
}
|
||||
if (!aState.mSameExceptHashes &&
|
||||
nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(
|
||||
currentExposableURI, aLoadState->URI(), loadInfo)) {
|
||||
aState.mSameExceptHashes = true;
|
||||
if (!aState.mSameExceptHashes) {
|
||||
nsCOMPtr<nsIChannel> docChannel = GetCurrentDocChannel();
|
||||
if (docChannel) {
|
||||
nsCOMPtr<nsILoadInfo> docLoadInfo = docChannel->LoadInfo();
|
||||
if (!docLoadInfo->GetLoadErrorPage()) {
|
||||
if (nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(
|
||||
currentExposableURI, aLoadState->URI(), docLoadInfo)) {
|
||||
aState.mSameExceptHashes = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -112,7 +112,7 @@ class nsHTTPSOnlyUtils {
|
|||
|
||||
/**
|
||||
* Checks if two URIs are same origin modulo the difference that
|
||||
* aHTTPSchemeURI uses and http scheme.
|
||||
* aHTTPSchemeURI uses an http scheme.
|
||||
* @param aHTTPSSchemeURI nsIURI using scheme of https
|
||||
* @param aOtherURI nsIURI using scheme of http
|
||||
* @param aLoadInfo nsILoadInfo of the request
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1702001
|
||||
|
||||
// An onload postmessage to window opener
|
||||
const ON_LOAD = `
|
||||
<html>
|
||||
<body>
|
||||
send onload message...
|
||||
<script type="application/javascript">
|
||||
window.opener.postMessage({result: 'you entered the http page'}, '*');
|
||||
</script>
|
||||
</body>
|
||||
</html>`;
|
||||
|
||||
// When an https request is sent, cause a timeout so that the https-only error
|
||||
// page is displayed.
|
||||
function handleRequest(request, response) {
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
if (request.scheme === "https") {
|
||||
// Simulating a timeout by processing the https request
|
||||
// async and *never* return anything!
|
||||
response.processAsync();
|
||||
return;
|
||||
}
|
||||
if (request.scheme === "http") {
|
||||
response.write(ON_LOAD);
|
||||
}
|
||||
}
|
|
@ -24,3 +24,6 @@ support-files = file_user_suggestion_box.sjs
|
|||
skip-if = toolkit == 'android' # no https-only errorpage support in android
|
||||
[test_fragment.html]
|
||||
support-files = file_fragment.html
|
||||
[test_insecure_reload.html]
|
||||
support-files = file_insecure_reload.sjs
|
||||
skip-if = toolkit == 'android' # no https-only errorpage support in android
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1702001: Https-only mode does not reload pages after clicking "Continue to HTTP Site", when url contains navigation </title>
|
||||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
"use strict";
|
||||
/*
|
||||
* Description of the test:
|
||||
*
|
||||
* Load a page including a fragment portion which does not support https and make
|
||||
* sure that exempting the page from https-only-mode does not result in a fragment
|
||||
* navigation.
|
||||
*/
|
||||
|
||||
|
||||
function resolveAfter6Seconds() {
|
||||
return new Promise(resolve => {
|
||||
setTimeout(() => {
|
||||
resolve();
|
||||
}, 6000);
|
||||
});
|
||||
}
|
||||
|
||||
SimpleTest.requestFlakyTimeout("We need to wait for the HTTPS-Only error page to appear");
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
let winTest = null;
|
||||
let TEST_URL = "http://example.com/tests/dom/security/test/https-only/file_insecure_reload.sjs#nav";
|
||||
|
||||
// verify that https-only page appeared
|
||||
async function verifyErrorPage() {
|
||||
let errorPageL10nId = "about-httpsonly-title-alert";
|
||||
let body = content.document.body;
|
||||
let innerHTML = content.document.body.innerHTML;
|
||||
ok(innerHTML.includes(errorPageL10nId), "the error page should be shown for ");
|
||||
let button = content.document.getElementById("openInsecure");
|
||||
// Click "Continue to HTTP Site"
|
||||
ok(button, "button exist");
|
||||
if(button) {
|
||||
button.click();
|
||||
}
|
||||
}
|
||||
// verify that you entered the page and are not still displaying
|
||||
// the https-only error page
|
||||
async function receiveMessage(event) {
|
||||
// read event
|
||||
let result = event.data.result;
|
||||
is(result, "you entered the http page", "The requested page should be shown");
|
||||
window.removeEventListener("message",receiveMessage);
|
||||
winTest.close();
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
|
||||
async function runTest() {
|
||||
//Test: With https-only mode activated
|
||||
await SpecialPowers.pushPrefEnv({ set: [
|
||||
["dom.security.https_only_mode", true],
|
||||
]});
|
||||
winTest = window.open(TEST_URL);
|
||||
await resolveAfter6Seconds();
|
||||
await SpecialPowers.spawn(winTest,[],verifyErrorPage);
|
||||
}
|
||||
window.addEventListener("message", receiveMessage);
|
||||
runTest();
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче