dom/security/test/mixedcontentblocker/test_redirect.html
author Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 02 Oct 2017 09:12:12 +0200
changeset 677799 37d18f6628dcecba2f3f59a3d853071b7ca799e0
child 719067 c5e3aeaa3c3cfeed01b3725cd6593deb1e691a70
permissions -rw-r--r--
Bug 1402363 - Test Mixed Content Redirect Blocking. r=tanvi, r=kate, a=ritu

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug1402363: Test mixed content redirects</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>

<body onload='startTest()'>
<iframe style="width:100%;height:300px;" id="testframe"></iframe>

<script class="testbody" type="text/javascript">

SimpleTest.waitForExplicitFinish();

const PATH = "https://example.com/tests/dom/security/test/mixedcontentblocker/";
let testcounter = 0;

window.addEventListener("message", receiveMessage);
function receiveMessage(event) {
  if (event.data === "https-to-https-loaded") {
    ok(true, "https to https fetch redirect should be allowed");
  }
  else if (event.data === "https-to-http-blocked") {
    ok(true, "https to http fetch redirect should be blocked");
  }
  else {
    ok(false, "sanity: we should never enter that branch (" + event.data + ")");
  }
  testcounter++;
  if (testcounter < 2) {
    return;
  }
  window.removeEventListener("message", receiveMessage);
  SimpleTest.finish();
}

function startTest() {
  SpecialPowers.pushPrefEnv({
  	'set': [["security.mixed_content.use_hsts", false],
            ["security.mixed_content.send_hsts_priming", false]]
  }, function () {
    let testframe = document.getElementById("testframe");
    testframe.src = PATH + "file_redirect.html";
  });
}

</script>
</body>
</html>