Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE
authorGeorg Koppen <gk@torproject.org>
Thu, 01 Mar 2018 10:13:22 +0100
changeset 444815 99507aa10a4ff6489f619ce7db143c7cab2f7272
parent 444814 1c3f6b9e4bf7de6f8abab900634e6ea59a14c9b3
child 444816 9683f24ff8ec5ba768c4a0a124d8439c228b2c8b
push id8
push userbugmail@asutherland.org
push dateSat, 11 Aug 2018 16:11:21 +0000
reviewersckerschb
bugs1382359
milestone60.0a1
Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE
browser/base/content/test/siteIdentity/browser.ini
browser/base/content/test/siteIdentity/browser_no_mcb_for_onions.js
browser/base/content/test/siteIdentity/test_no_mcb_for_onions.html
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
--- a/browser/base/content/test/siteIdentity/browser.ini
+++ b/browser/base/content/test/siteIdentity/browser.ini
@@ -92,11 +92,15 @@ support-files =
   test_no_mcb_on_http_site_font.css
   test_no_mcb_on_http_site_font2.html
   test_no_mcb_on_http_site_font2.css
 [browser_no_mcb_for_loopback.js]
 tags = mcb
 support-files =
   ../general/moz.png
   test_no_mcb_for_loopback.html
+[browser_no_mcb_for_onions.js]
+tags = mcb
+support-files =
+  test_no_mcb_for_onions.html
 [browser_check_identity_state.js]
 skip-if = true # temporarily disabled for bug 1193394
 
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/siteIdentity/browser_no_mcb_for_onions.js
@@ -0,0 +1,39 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// The test loads a HTTPS web page with active content from HTTP .onion URLs
+// and makes sure that the mixed content flags on the docshell are not set.
+//
+// Note that the URLs referenced within the test page intentionally use the
+// unassigned port 8 because we don't want to actually load anything, we just
+// want to check that the URLs are not blocked.
+
+const TEST_URL = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "https://example.com") + "test_no_mcb_for_onions.html";
+
+const PREF_BLOCK_DISPLAY = "security.mixed_content.block_display_content";
+const PREF_BLOCK_ACTIVE = "security.mixed_content.block_active_content";
+const PREF_ONION_WHITELIST = "dom.securecontext.whitelist_onions";
+
+add_task(async function allowOnionMixedContent() {
+  registerCleanupFunction(function() {
+    gBrowser.removeCurrentTab();
+  });
+
+  await SpecialPowers.pushPrefEnv({set: [[PREF_BLOCK_DISPLAY, true]]});
+  await SpecialPowers.pushPrefEnv({set: [[PREF_BLOCK_ACTIVE, true]]});
+  await SpecialPowers.pushPrefEnv({set: [[PREF_ONION_WHITELIST, true]]});
+
+  const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_URL);
+  const browser = gBrowser.getBrowserForTab(tab);
+
+  await ContentTask.spawn(browser, null, function() {
+    is(docShell.hasMixedDisplayContentBlocked, false, "hasMixedDisplayContentBlocked not set");
+    is(docShell.hasMixedActiveContentBlocked, false, "hasMixedActiveContentBlocked not set");
+  });
+
+  await assertMixedContentBlockingState(browser, {
+    activeBlocked: false,
+    activeLoaded: false,
+    passiveLoaded: false,
+ });
+});
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/siteIdentity/test_no_mcb_for_onions.html
@@ -0,0 +1,28 @@
+<!-- See browser_no_mcb_for_onions.js -->
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Bug 1382359</title>
+  </head>
+
+  <style>
+    @font-face {
+      src: url("http://123456789abcdef.onion:8/test.ttf");
+    }
+  </style>
+
+  <body>
+    <img src="http://123456789abcdef.onion:8/test.png">
+
+    <iframe src="http://123456789abcdef.onion:8/test.html"></iframe>
+  </body>
+
+  <script src="http://123456789abcdef.onion:8/test.js"></script>
+
+  <link href="http://123456789abcdef.onion:8/test.css" rel="stylesheet"></link>
+
+  <script>
+    fetch("http://123456789abcdef.onion:8");
+  </script>
+</html>
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -29,15 +29,23 @@ add_task(async function test_isOriginPot
     ["file:///", true],
     ["resource:///", true],
     ["moz-extension://", true],
     ["wss://example.com/", true],
     ["about:config", false],
     ["http://example.net/", true],
     ["ws://example.org/", true],
     ["chrome://example.net/content/messenger.xul", false],
+    ["http://1234567890abcdef.onion/", false],
   ]) {
     let uri = NetUtil.newURI(uriSpec);
     let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
     Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
                  expectedResult);
   }
+  // And now let's test whether .onion sites are properly treated when
+  // whitelisted, see bug 1382359.
+  prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
+  let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
+  let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
+  Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
+               true);
 });