Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field (r=rbarnes)
☠☠ backed out by 6866466b1d71 ☠ ☠
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Mon, 29 Feb 2016 08:46:48 -0800
changeset 322455 06a4d2d48fb2
parent 322454 846e31fe5eb2
child 322456 65a12991543f
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1243586
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field (r=rbarnes)
dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
dom/security/test/unit/xpcshell.ini
new file mode 100644
--- /dev/null
+++ b/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
@@ -0,0 +1,98 @@
+var Cu = Components.utils;
+var Ci = Components.interfaces;
+
+Cu.import("resource://testing-common/httpd.js");
+Cu.import("resource://gre/modules/NetUtil.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "URL", function() {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver =  null;
+var channel = null;
+var curTest = null;
+var testpath = "/footpath";
+
+var tests = [
+  {
+    description: "should not set request header for TYPE_OTHER",
+    expectingHeader: false,
+    contentType: Ci.nsIContentPolicy.TYPE_OTHER
+  },
+  {
+    description: "should set request header for TYPE_DOCUMENT",
+    expectingHeader: true,
+    contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT
+  },
+  {
+    description: "should set request header for TYPE_SUBDOCUMENT",
+    expectingHeader: true,
+    contentType: Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
+  },
+  {
+    description: "should not set request header for TYPE_IMG",
+    expectingHeader: false,
+    contentType: Ci.nsIContentPolicy.TYPE_IMG
+  },
+];
+
+function ChannelListener() {
+}
+
+ChannelListener.prototype = {
+  onStartRequest: function(request, context) { },
+  onDataAvailable: function(request, context, stream, offset, count) {
+    do_throw("Should not get any data!");
+  },
+  onStopRequest: function(request, context, status) {
+    var upgrade_insecure_header = false;
+    try {
+      if (request.getRequestHeader("Upgrade-Insecure-Requests")) {
+        upgrade_insecure_header = true;
+      }
+    }
+    catch (e) {
+      // exception is thrown if header is not available on the request
+    }
+    // debug
+    // dump("executing test: " + curTest.description);
+    do_check_eq(upgrade_insecure_header, curTest.expectingHeader)
+    run_next_test();
+  },
+};
+
+function setupChannel(aContentType) {
+  var chan = NetUtil.newChannel({
+    uri: URL + testpath,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: aContentType
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.requestMethod = "GET";
+  return chan;
+}
+
+function serverHandler(metadata, response) {
+  // no need to perform anything here
+}
+
+function run_next_test() {
+  curTest = tests.shift();
+  if (!curTest) {
+    httpserver.stop(do_test_finished);
+    return;
+  }
+  channel = setupChannel(curTest.contentType);
+  channel.asyncOpen(new ChannelListener(), null);
+}
+
+function run_test() {
+  // set up the test environment
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.start(-1);
+
+  run_next_test();
+  do_test_pending();
+}
--- a/dom/security/test/unit/xpcshell.ini
+++ b/dom/security/test/unit/xpcshell.ini
@@ -1,8 +1,9 @@
 [DEFAULT]
 head =
 tail =
 skip-if = toolkit == 'gonk'
 
 [test_csp_reports.js]
 skip-if = buildapp == 'mulet'
 [test_isURIPotentiallyTrustworthy.js]
+[test_csp_upgrade_insecure_request_header.js]