Bug 1672127 - Fix browser_fall_back_to_https.js to use actual host r=ckerschb

Adds secureonly.example.com:443 to server-locations.txt - this host is only available on HTTPS. Regenerates certs using `./mach python build/pgo/genpgocert.py` command. Sets network.dns.native-is-localhost pref in test so we don't trigger assertion. Differential Revision: https://phabricator.services.mozilla.com/D94005
2020-10-20 10:26:41 +00:00 · 2020-10-20 10:26:41 +00:00 · 75e57b5355
--- a/build/pgo/certs/cert9.db
+++ b/build/pgo/certs/cert9.db
--- a/build/pgo/certs/key4.db
+++ b/build/pgo/certs/key4.db
--- a/build/pgo/certs/mochitest.client
+++ b/build/pgo/certs/mochitest.client
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@ -128,6 +128,7 @@ https://no-subject-alt-name.example.com:443   cert=noSubjectAltName
 # Used for secure contexts on ip addresses, see bug 1616675. Note that
 # 127.0.0.1 prompts ssltunnel.cpp to do special-cases, so we use .2
 https://127.0.0.2:443                  privileged,ipV4Address
+https://secureonly.example.com:443

 # Prevent safebrowsing tests from hitting the network for its-a-trap.html and
 # its-an-attack.html.
--- a/docshell/test/browser/browser_fall_back_to_https.js
+++ b/docshell/test/browser/browser_fall_back_to_https.js
@ -12,9 +12,9 @@
 * fall-back and only fail if HTTPS connection fails.
 *
 * This tests that when a user enters "example.com", it attempts to load
- * http://example.com:80 (not rejected), and when trying 127.0.0.2
+ * http://example.com:80 (not rejected), and when trying secureonly.example.com
 * (which rejects connections on port 80), it fails then loads
- * https://127.0.0.2:443 instead.
+ * https://secureonly.example.com:443 instead.
 */

 const { UrlbarTestUtils } = ChromeUtils.import(
@ -28,9 +28,10 @@ const bug1002724_tests = [
    explanation: "Should load HTTP version of example.com",
  },
  {
-    original: "127.0.0.2",
-    expected: "https://127.0.0.2",
-    explanation: "Should reject 127.0.0.2 on HTTP but load the HTTPS version",
+    original: "secureonly.example.com",
+    expected: "https://secureonly.example.com",
+    explanation:
+      "Should reject secureonly.example.com on HTTP but load the HTTPS version",
  },
 ];

@ -57,7 +58,12 @@ async function test_one(test_obj) {
 add_task(async function test_bug1002724() {
  await SpecialPowers.pushPrefEnv(
    // Disable HSTS preload just in case.
-    { set: [["network.stricttransportsecurity.preloadlist", false]] }
+    {
+      set: [
+        ["network.stricttransportsecurity.preloadlist", false],
+        ["network.dns.native-is-localhost", true],
+      ],
+    }
  );

  for (let test of bug1002724_tests) {