Bug 1781772 - Test redirect tainting with Https-only mode, r=tschuster

Differential Revision: https://phabricator.services.mozilla.com/D163695

dom/security/test/https-only/browser.ini

@@ -33,3 +33,5 @@ skip-if = (toolkit == 'android') # WebSocket tests are not supported on Android
 support-files =
   file_websocket_exceptions.html
   file_websocket_exceptions_iframe.html
+[browser_redirect_tainting.js]
+support-files = file_redirect_tainting.sjs

dom/security/test/https-only/browser_redirect_tainting.js

@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Test steps:
+// 1. Load file_redirect_tainting.sjs?html.
+// 2. The server returns an html which loads an image at http://example.net.
+// 3. The image request will be upgraded to HTTPS since HTTPS-only mode is on.
+// 4. In file_redirect_tainting.sjs, we set "Access-Control-Allow-Origin" to
+//    the value of the Origin header.
+// 5. If the vlaue does not match, the image won't be loaded.
+async function do_test() {
+  let requestUrl = `https://example.com/browser/dom/security/test/https-only/file_redirect_tainting.sjs?html`;
+
+  await BrowserTestUtils.withNewTab(
+    {
+      gBrowser,
+      url: requestUrl,
+      waitForLoad: true,
+    },
+    async function(browser) {
+      let imageLoaded = await SpecialPowers.spawn(browser, [], function() {
+        let image = content.document.getElementById("test_image");
+        return image && image.complete && image.naturalHeight !== 0;
+      });
+      await Assert.ok(imageLoaded, "test_image should be loaded");
+    }
+  );
+}
+
+add_task(async function test_https_only_redirect_tainting() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_only_mode", true]],
+  });
+
+  await do_test();
+
+  await SpecialPowers.popPrefEnv();
+});

dom/security/test/https-only/file_redirect_tainting.sjs

@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// small red image
+const IMG_BYTES = atob(
+  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+    "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
+);
+
+const body = `<!DOCTYPE html>
+<html lang="en">
+  <body>
+    <script>
+      let image = new Image();
+      image.crossOrigin = "anonymous";
+      image.src = "http://example.net/browser/dom/security/test/https-only/file_redirect_tainting.sjs?img";
+      image.id = "test_image";
+      document.body.appendChild(image);
+    </script>
+  </body>
+</html>`;
+
+function handleRequest(request, response) {
+  if (request.queryString === "html") {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "text/html");
+    response.write(body);
+    return;
+  }
+
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "image/png");
+  let origin = request.getHeader("Origin");
+  response.setHeader("Access-Control-Allow-Origin", origin);
+  response.write(IMG_BYTES);
+}