зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1747673 - HTTPS First fallback to http for non-standard 5xx status code responses. r=ckerschb,kershaw
Differential Revision: https://phabricator.services.mozilla.com/D135214
This commit is contained in:
Родитель
69a30b6cc7
Коммит
f85f79ecf5
|
@ -472,7 +472,7 @@ nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(nsIChannel* aChannel,
|
|||
// corresponding NS_ERROR_*.
|
||||
// To do so we convert the response status to an nsresult error
|
||||
// Every NS_OK that is NOT an 4xx or 5xx error code won't get downgraded.
|
||||
if (responseStatus >= 400 && responseStatus < 512) {
|
||||
if (responseStatus >= 400 && responseStatus < 600) {
|
||||
// HttpProxyResponseToErrorCode() maps 400 and 404 on
|
||||
// the same error as a 500 status which would lead to no downgrade
|
||||
// later on. For that reason we explicit filter for 400 and 404 status
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
// Custom *.sjs file specifically for the needs of Bug 1709552
|
||||
"use strict";
|
||||
|
||||
const RESPONSE_SUCCESS = `
|
||||
<html>
|
||||
<body>
|
||||
send message, downgraded
|
||||
<script type="application/javascript">
|
||||
let scheme = document.location.protocol;
|
||||
window.opener.postMessage({result: 'downgraded', scheme: scheme}, '*');
|
||||
</script>
|
||||
</body>
|
||||
</html>`;
|
||||
|
||||
const RESPONSE_UNEXPECTED = `
|
||||
<html>
|
||||
<body>
|
||||
send message, error
|
||||
<script type="application/javascript">
|
||||
let scheme = document.location.protocol;
|
||||
window.opener.postMessage({result: 'Error', scheme: scheme}, '*');
|
||||
</script>
|
||||
</body>
|
||||
</html>`;
|
||||
|
||||
function handleRequest(request, response) {
|
||||
// avoid confusing cache behaviour
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
|
||||
let query = request.queryString;
|
||||
// if the scheme is not https and it is the initial request
|
||||
// then we rather fall through and display unexpected content
|
||||
if (request.scheme === "https") {
|
||||
if (query === "test1a") {
|
||||
response.setStatusLine("1.1", 501, "Not Implemented");
|
||||
response.write("Not Implemented\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if (query === "test2a") {
|
||||
response.setStatusLine("1.1", 504, "Gateway Timeout");
|
||||
response.write("Gateway Timeout\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if (query === "test3a") {
|
||||
response.setStatusLine("1.1", 521, "Web Server Is Down");
|
||||
response.write("Web Server Is Down\n");
|
||||
return;
|
||||
}
|
||||
if (query === "test4a") {
|
||||
response.setStatusLine("1.1", 530, "Railgun Error");
|
||||
response.write("Railgun Error\n");
|
||||
return;
|
||||
}
|
||||
if (query === "test5a") {
|
||||
response.setStatusLine("1.1", 560, "Unauthorized");
|
||||
response.write("Unauthorized\n");
|
||||
return;
|
||||
}
|
||||
|
||||
// We should never arrive here, just in case send something unexpected
|
||||
response.write(RESPONSE_UNEXPECTED);
|
||||
return;
|
||||
}
|
||||
|
||||
// We should arrive here when the redirection was downraded successful
|
||||
response.write(RESPONSE_SUCCESS);
|
||||
}
|
|
@ -39,3 +39,5 @@ support-files =
|
|||
file_bad_cert.sjs
|
||||
[test_downgrade_request_upgrade_request.html]
|
||||
support-files = file_downgrade_request_upgrade_request.sjs
|
||||
[test_downgrade_500_responses.html]
|
||||
support-files = file_downgrade_500_responses.sjs
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1747673 : HTTPS First fallback to http for non-standard 5xx status code responses</title>
|
||||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
"use strict";
|
||||
/*
|
||||
* Description of the test:
|
||||
* Perform five tests where https-first receives an
|
||||
* 5xx status code (standard and non-standard 5xx status) if request is send to site by https.
|
||||
* Expected behaviour: https-first fallbacks to http after receiving 5xx error.
|
||||
* Test 1: 501 Response
|
||||
* Test 2: 504 Response
|
||||
* Test 3: 521 Response
|
||||
* Test 4: 530 Response
|
||||
* Test 5: 560 Response
|
||||
*/
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
const REQUEST_URL =
|
||||
"http://example.com/tests/dom/security/test/https-first/file_downgrade_500_responses.sjs";
|
||||
|
||||
const redirectQueries = ["?test1a", "?test2a","?test3a", "?test4a", "?test5a"];
|
||||
let currentTest = 0;
|
||||
let testWin;
|
||||
let currentQuery;
|
||||
window.addEventListener("message", receiveMessage);
|
||||
|
||||
// Receive message and verify that it is from an http site.
|
||||
// When the message is 'downgraded' then it was send by an http site
|
||||
// and the redirection worked.
|
||||
async function receiveMessage(event) {
|
||||
let data = event.data;
|
||||
currentQuery = redirectQueries[currentTest];
|
||||
ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery);
|
||||
is(data.scheme, "http:", "scheme is 'http' for " + currentQuery );
|
||||
testWin.close();
|
||||
if (++currentTest < redirectQueries.length) {
|
||||
runTest();
|
||||
return;
|
||||
}
|
||||
window.removeEventListener("message", receiveMessage);
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
async function runTest() {
|
||||
currentQuery = redirectQueries[currentTest];
|
||||
testWin = window.open(REQUEST_URL + currentQuery, "_blank");
|
||||
}
|
||||
|
||||
SpecialPowers.pushPrefEnv({ set: [
|
||||
["dom.security.https_first", true]
|
||||
]}, runTest);
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче