Bug 1198397 - Add a test for interception of requests upgraded through the CSP upgrade-insecure-requests directive; r=jdm

dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script>
+  window.onmessage = function(e) {
+    window.parent.postMessage(e.data, "*");
+    if (e.data.status == "protocol") {
+      document.querySelector("iframe").src = "image.html";
+    }
+  };
+</script>
+<iframe src="http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/index.html"></iframe>

dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html^headers^

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

dom/workers/test/serviceworkers/fetch/upgrade-insecure/image.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script>
+onload=function(){
+  var img = new Image();
+  img.src = "http://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/image-20px.png";
+  img.onload = function() {
+    window.parent.postMessage({status: "image", data: img.width}, "*");
+  };
+  img.onerror = function() {
+    window.parent.postMessage({status: "image", data: "error"}, "*");
+  };
+};
+</script>

dom/workers/test/serviceworkers/fetch/upgrade-insecure/realindex.html

@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+  window.parent.postMessage({status: "protocol", data: location.protocol}, "*");
+</script>

dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script>
+  function ok(v, msg) {
+    window.parent.postMessage({status: "ok", result: !!v, message: msg}, "*");
+  }
+
+  function done(reg) {
+    ok(reg.active, "The active worker should be available.");
+    window.parent.postMessage({status: "registrationdone"}, "*");
+  }
+
+  navigator.serviceWorker.ready.then(done);
+  navigator.serviceWorker.register("upgrade-insecure_test.js", {scope: "."});
+</script>

dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<script>
+  navigator.serviceWorker.getRegistration(".").then(function(registration) {
+    registration.unregister().then(function(success) {
+      if (success) {
+        window.parent.postMessage({status: "unregistrationdone"}, "*");
+      }
+    }, function(e) {
+      dump("Unregistering the SW failed with " + e + "\n");
+    });
+  });
+</script>

dom/workers/test/serviceworkers/fetch/upgrade-insecure/upgrade-insecure_test.js

@@ -0,0 +1,11 @@
+self.addEventListener("fetch", function(event) {
+  if (event.request.url.indexOf("index.html") >= 0) {
+    event.respondWith(fetch("realindex.html"));
+  } else if (event.request.url.indexOf("image-20px.png") >= 0) {
+    if (event.request.url.indexOf("https://") == 0) {
+      event.respondWith(fetch("image-40px.png"));
+    } else {
+      event.respondWith(Response.error());
+    }
+  }
+});

dom/workers/test/serviceworkers/mochitest.ini

@@ -85,6 +85,15 @@ support-files =
   fetch/sandbox/register.html
   fetch/sandbox/unregister.html
   fetch/sandbox/sandbox_test.js
+  fetch/upgrade-insecure/upgrade-insecure_test.js
+  fetch/upgrade-insecure/embedder.html
+  fetch/upgrade-insecure/embedder.html^headers^
+  fetch/upgrade-insecure/image.html
+  fetch/upgrade-insecure/image-20px.png
+  fetch/upgrade-insecure/image-40px.png
+  fetch/upgrade-insecure/realindex.html
+  fetch/upgrade-insecure/register.html
+  fetch/upgrade-insecure/unregister.html
   match_all_properties_worker.js
   match_all_clients/match_all_controlled.html
   test_serviceworker_interfaces.js
@@ -270,3 +279,5 @@ skip-if = toolkit == "android" || toolkit == "gonk"
 [test_unresolved_fetch_interception.html]
 [test_hsts_upgrade_intercept.html]
 skip-if = e10s # Bug 1214305
+[test_csp_upgrade-insecure_intercept.html]
+skip-if = e10s # Bug 1214305

dom/workers/test/serviceworkers/test_csp_upgrade-insecure_intercept.html

@@ -0,0 +1,56 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test that a CSP upgraded request can be intercepted by a service worker</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content">
+<iframe></iframe>
+</div>
+<pre id="test"></pre>
+<script class="testbody" type="text/javascript">
+
+  var iframe;
+  function runTest() {
+    iframe = document.querySelector("iframe");
+    iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html";
+    window.onmessage = function(e) {
+      if (e.data.status == "ok") {
+        ok(e.data.result, e.data.message);
+      } else if (e.data.status == "registrationdone") {
+        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html";
+      } else if (e.data.status == "protocol") {
+        is(e.data.data, "https:", "Correct protocol expected");
+      } else if (e.data.status == "image") {
+        is(e.data.data, 40, "The image request was upgraded before interception");
+        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html";
+      } else if (e.data.status == "unregistrationdone") {
+        window.onmessage = null;
+        SimpleTest.finish();
+      }
+    };
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  onload = function() {
+    SpecialPowers.pushPrefEnv({"set": [
+      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+      ["dom.serviceWorkers.enabled", true],
+      ["dom.serviceWorkers.testing.enabled", true],
+      ["dom.serviceWorkers.interception.enabled", true],
+      // This is needed so that we can test upgrading a non-secure load inside an https iframe.
+      ["security.mixed_content.block_active_content", false],
+      ["security.mixed_content.block_display_content", false],
+    ]}, runTest);
+  };
+</script>
+</pre>
+</body>
+</html>