dom/security/test/csp/file_upgrade_insecure.html
author Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 22 Mar 2017 13:04:02 +0100
changeset 348953 85e011992bf81c3c1c3d05614a44d14033d6bf4c
parent 347486 61774c8f5fd39c63b5ee4b8535ad6e7767c19ec8
child 482829 c06eb27d0c6473f15811c51a4dc686aa45a34b0b
permissions -rw-r--r--
Bug 1316305 - Explicilty call .close() for websocket in test. r=baku

<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>
  <!-- style -->
  <link rel='stylesheet' type='text/css' href='http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?style' media='screen' />

  <!-- font -->
  <style>
    @font-face {
      font-family: "foofont";
      src: url('http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?font');
    }
    .div_foo { font-family: "foofont"; }
  </style>
</head>
<body>

  <!-- images: -->
  <img src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?img"></img>

  <!-- redirects: upgrade http:// to https:// redirect to http:// and then upgrade to https:// again -->
  <img src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?redirect-image"></img>

  <!-- script: -->
  <script src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?script"></script>

  <!-- media: -->
  <audio src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?media"></audio>

  <!-- objects: -->
  <object width="10" height="10" data="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?object"></object>

  <!-- font: (apply font loaded in header to div) -->
  <div class="div_foo">foo</div>

  <!-- iframe: (same origin) -->
  <iframe src="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?iframe">
    <!-- within that iframe we load an image over http and make sure the requested gets upgraded to https -->
  </iframe>

  <!-- xhr: -->
  <script type="application/javascript">
    var myXHR = new XMLHttpRequest();
    myXHR.open("GET", "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?xhr");
    myXHR.send(null);
  </script>

  <!-- websockets: upgrade ws:// to wss://-->
  <script type="application/javascript">
    var mySocket = new WebSocket("ws://example.com/tests/dom/security/test/csp/file_upgrade_insecure");
    mySocket.onopen = function(e) {
      if (mySocket.url.includes("wss://")) {
        window.parent.postMessage({result: "websocket-ok"}, "*");
      }
      else {
        window.parent.postMessage({result: "websocket-error"}, "*");
      }
      mySocket.close();
    };
    mySocket.onerror = function(e) {
      // debug information for Bug 1316305
      dump("  xxx mySocket.onerror: (mySocket): " + mySocket + "\n");
      dump("  xxx mySocket.onerror: (mySocket.url): " + mySocket.url + "\n");
      dump("  xxx mySocket.onerror: (e): " + e + "\n");
      dump("  xxx mySocket.onerror: (e.message): " + e.message + "\n");
      window.parent.postMessage({result: "websocket-unexpected-error"}, "*");
    };
  </script>

  <!-- form action: (upgrade POST from http:// to https://) -->
  <iframe name='formFrame' id='formFrame'></iframe>
  <form target="formFrame" action="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_server.sjs?form" method="POST">
    <input name="foo" value="foo">
    <input type="submit" id="submitButton" formenctype='multipart/form-data' value="Submit form">
  </form>
  <script type="text/javascript">
    var submitButton = document.getElementById('submitButton');
    submitButton.click();
  </script>

</body>
</html>